[Webkit-unassigned] [Bug 53405] XSS Auditor is spinning inside decodeURLEscapeSequences() if there are percent signs in large posted data
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 3 11:32:08 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=53405
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #81086|review? |review+
Flag| |
--- Comment #6 from Alexey Proskuryakov <ap at webkit.org> 2011-02-03 11:32:08 PST ---
(From update of attachment 81086)
Nice!
The logic remains slightly twisted in that the second sequence in "%FF%zz" will be checked twice. It's not important in practice, but makes the code harder to follow.
-
+
I don't care personally, but we usually prefer no trailing whitespace.
It's obviously hard to make a regression test for this, but since major URL code rewrite is not off the table, a test would be nice.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list