[webkit-reviews] review denied: [Bug 111253] XSSAuditor has a subtle race condition when used with the threaded HTML parser : [Attachment 191112] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 2 12:48:13 PST 2013
Eric Seidel <eric at webkit.org> has denied Adam Barth <abarth at webkit.org>'s
request for review:
Bug 111253: XSSAuditor has a subtle race condition when used with the threaded
HTML parser
https://bugs.webkit.org/show_bug.cgi?id=111253
Attachment 191112: Patch
https://bugs.webkit.org/attachment.cgi?id=191112&action=review
------- Additional Comments from Eric Seidel <eric at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=191112&action=review
> Source/WebCore/html/parser/XSSAuditor.cpp:124
> + const String& attrName = name.namespaceURI() ==
XLinkNames::xlinkNamespaceURI ? "xlink:" + name.localName().string() :
name.localName().string();
The temporary string created by "xlink:" + name.localName().string() goes away
at the end of this line. :) This code will crash.
More information about the webkit-reviews
mailing list