[webkit-reviews] review granted: [Bug 81948] XSS Auditor bypass via script tag src=data:, URLS. : [Attachment 133379] Patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 22 16:46:17 PDT 2012
Adam Barth <abarth at webkit.org> has granted Thomas Sepez <tsepez at chromium.org>'s
request for review:
Bug 81948: XSS Auditor bypass via script tag src=data:, URLS.
https://bugs.webkit.org/show_bug.cgi?id=81948
Attachment 133379: Patch.
https://bugs.webkit.org/attachment.cgi?id=133379&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=133379&action=review
> Source/WebCore/html/parser/XSSAuditor.cpp:521
> + bool commaSeen;
This is a personal preference, but I think it's better to initialize scalars
when they're declared (and then to have an empty first-clause in the for
statement).
> Source/WebCore/html/parser/XSSAuditor.cpp:530
> if (decodedSnippet[currentLength] == '?' ||
decodedSnippet[currentLength] == '#'
At this point, I would store decodedSnippet[currentLength] in a local variable.
More information about the webkit-reviews
mailing list