[Webkit-unassigned] [Bug 35373] XSSAuditor is super super super slow
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 25 00:24:34 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=35373
--- Comment #5 from Adam Barth <abarth at webkit.org> 2010-02-25 00:24:34 PST ---
> They don't make sense to me - why would the XSSAuditor have to check anything
> coming out of the HTMLTokenizer? This is HTML served up by the server, not
> coming from any user-controlled data.
The XSS auditor is checking whether the event handlers are present in the post
request. If they are, it gets suspicious that there might be a reflected XSS
attack.
I need to spend some time with this in the debugger to see how we can speed
this up. In the worse case, we might need to build some sort of index over the
post data to make substring queries faster.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list