[Webkit-unassigned] [Bug 66588] XSS filter bypass via non-standard URL encoding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 3 21:59:44 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66588
--- Comment #6 from Daniel Bates <dbates at webkit.org> 2011-09-03 21:59:44 PST ---
(In reply to comment #2)
> (From update of attachment 106094 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=106094&action=review
>
> > Source/WebCore/html/parser/XSSAuditor.cpp:119
> > +static inline String decodeFancyUnicodeEscapeSequences(const String& string)
>
> Love the name.
Although we understand the meaning of "fancy", I suggest we rename this function to decode16BitUnicodeEscapeSequences() as suggested by Thomas Sepez because this name better conveys the fanciness of these Unicode escape sequences.
>
> > Source/WebCore/platform/text/DecodeEscapeSequences.h:38
> > +static inline int hexDigitValue(UChar c)
>
> Supposedly including static functions in a header makes the linker sad. I think this function is in ASCIIType anyway.
Will remove.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list