[Webkit-unassigned] [Bug 65542] Need support for dirname attribute

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 3 10:27:49 PDT 2011


https://bugs.webkit.org/show_bug.cgi?id=65542


Darin Adler <darin at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #113458|review?, commit-queue?      |review-, commit-queue-
               Flag|                            |




--- Comment #20 from Darin Adler <darin at apple.com>  2011-11-03 10:27:47 PST ---
(From update of attachment 113458)
View in context: https://bugs.webkit.org/attachment.cgi?id=113458&action=review

> Source/WebCore/html/HTMLTextAreaElement.cpp:178
> +    if (fastHasAttribute(dirnameAttr))
> +        encoding.appendData(fastGetAttribute(dirnameAttr), directionForFormData());

This is less efficient than it could be. The right way to write it is:

    const AtomicString& dirname = fastGetAttribute(dirnameAttr);
    if (!dirname.isNull())
        encoding.appendData(dirname, directionForFormData());

> Source/WebCore/html/HTMLTextFormControlElement.cpp:576
> +    const Element* element = this;
> +    while (element) {

This should be written as a for loop, not a while loop.

> Source/WebCore/html/HTMLTextFormControlElement.cpp:578
> +        if (element->fastHasAttribute(dirAttr)) {
> +            AtomicString dirAttributeValue(element->fastGetAttribute(dirAttr));

Not as efficient as it could be. Should be written like this:

    const AtomicString& dirAttributeValue = element->fastGetAttribute(dirAttr);
    if (dirAttributeValue.isNull())
        continue;
    ...

Note that we use “early continue” style instead of nesting the entire loop in an if statement.

> Source/WebCore/html/HTMLTextFormControlElement.cpp:584
> +                TextDirection textDirection = static_cast<const HTMLElement*>(element)->directionalityIfhasDirAutoAttribute(isAuto);

This cast to an HTMLElement can be a bad cast. Webpages can put an HTML element inside a non-HTML element, such as an SVG element. If we want to assume it’s an HTMLElement we need to actually check isHTMLElement. A bad cast can cause crashes, in some cases crashes that are exploitable security vulnerabilities.

> Source/WebCore/html/TextFieldInputType.cpp:375
> +    if (element()->fastHasAttribute(dirnameAttr))
> +        list.appendData(element()->fastGetAttribute(dirnameAttr), element()->directionForFormData());

Same point about a more efficient idiom as I mentioned above.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list