[Webkit-unassigned] [Bug 111264] New: XSSAuditor::eraseDangerousAttributesIfInjected shouldn't malloc for each attribute.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Mar 3 01:02:35 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=111264
Summary: XSSAuditor::eraseDangerousAttributesIfInjected
shouldn't malloc for each attribute.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mkwst at chromium.org
CC: eric at webkit.org, abarth at webkit.org
Depends on: 111249
As noted in bug 111071 and https://bugs.webkit.org/show_bug.cgi?id=111249#c4, we're doing more work than we should in XSSAuditor::eraseDangerousAttributesIfInjected. We end up mallocing for every attribute in the document, which isn't awesome.
I took a quick pass at dropping the String() call by simplifying the logic of the check, which gets 90% of the way there. Unfortunately, 'protocolIsJavaScript()' ends up doing some important work down in platform-specific code (url_util::FindAndCompareScheme) to strip out control characters that are ignored in the context of an HTML document. It's a bit ugly.
I'll upload the patch I was playing with, if only as an example of how not to go about dropping this constructor. :)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list