[Webkit-unassigned] [Bug 47397] TextResourceDecoder::checkForHeadCharset can look way past the limit.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 8 15:07:23 PDT 2010


https://bugs.webkit.org/show_bug.cgi?id=47397





--- Comment #3 from Dmitry Titov <dimich at chromium.org>  2010-10-08 15:07:23 PST ---
I agree having a lot of text in the body w/o any other tags is a fringe case, I only hit it trying to write a test for another issue.

However, looking at this code in a debugger, I found that there is another scenario when it behaves not as intended:

<script> if (foo < bar) bar = foo; </script>
<body> ... more stuff, including other tags but not <script>

This causes the checkForHeadCharset to think it never leaves head section, since when it find "<" in JS it starts looking for the closing ">" of what it thinks is a tag. So it skips "</script" and happily continues with enclosingTagName being "script" and no chances of resetting this state.

This seems to be a more probable case, and it will cause the whole page to accumulate before starting to parse it.

I'm still not sure what kind of test I can create for this, which would not rely on a timeout.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list