[Webkit-unassigned] [Bug 65542] Need support for dirname attribute
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 3 10:27:49 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=65542
Darin Adler <darin at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #113458|review?, commit-queue? |review-, commit-queue-
Flag| |
--- Comment #20 from Darin Adler <darin at apple.com> 2011-11-03 10:27:47 PST ---
(From update of attachment 113458)
View in context: https://bugs.webkit.org/attachment.cgi?id=113458&action=review
> Source/WebCore/html/HTMLTextAreaElement.cpp:178
> + if (fastHasAttribute(dirnameAttr))
> + encoding.appendData(fastGetAttribute(dirnameAttr), directionForFormData());
This is less efficient than it could be. The right way to write it is:
const AtomicString& dirname = fastGetAttribute(dirnameAttr);
if (!dirname.isNull())
encoding.appendData(dirname, directionForFormData());
> Source/WebCore/html/HTMLTextFormControlElement.cpp:576
> + const Element* element = this;
> + while (element) {
This should be written as a for loop, not a while loop.
> Source/WebCore/html/HTMLTextFormControlElement.cpp:578
> + if (element->fastHasAttribute(dirAttr)) {
> + AtomicString dirAttributeValue(element->fastGetAttribute(dirAttr));
Not as efficient as it could be. Should be written like this:
const AtomicString& dirAttributeValue = element->fastGetAttribute(dirAttr);
if (dirAttributeValue.isNull())
continue;
...
Note that we use “early continue” style instead of nesting the entire loop in an if statement.
> Source/WebCore/html/HTMLTextFormControlElement.cpp:584
> + TextDirection textDirection = static_cast<const HTMLElement*>(element)->directionalityIfhasDirAutoAttribute(isAuto);
This cast to an HTMLElement can be a bad cast. Webpages can put an HTML element inside a non-HTML element, such as an SVG element. If we want to assume it’s an HTMLElement we need to actually check isHTMLElement. A bad cast can cause crashes, in some cases crashes that are exploitable security vulnerabilities.
> Source/WebCore/html/TextFieldInputType.cpp:375
> + if (element()->fastHasAttribute(dirnameAttr))
> + list.appendData(element()->fastGetAttribute(dirnameAttr), element()->directionForFormData());
Same point about a more efficient idiom as I mentioned above.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list