[Webkit-unassigned] [Bug 47397] TextResourceDecoder::checkForHeadCharset can look way past the limit.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 8 15:07:23 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=47397
--- Comment #3 from Dmitry Titov <dimich at chromium.org> 2010-10-08 15:07:23 PST ---
I agree having a lot of text in the body w/o any other tags is a fringe case, I only hit it trying to write a test for another issue.
However, looking at this code in a debugger, I found that there is another scenario when it behaves not as intended:
<script> if (foo < bar) bar = foo; </script>
<body> ... more stuff, including other tags but not <script>
This causes the checkForHeadCharset to think it never leaves head section, since when it find "<" in JS it starts looking for the closing ">" of what it thinks is a tag. So it skips "</script" and happily continues with enclosingTagName being "script" and no chances of resetting this state.
This seems to be a more probable case, and it will cause the whole page to accumulate before starting to parse it.
I'm still not sure what kind of test I can create for this, which would not rely on a timeout.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list