[Webkit-unassigned] [Bug 111264] New: XSSAuditor::eraseDangerousAttributesIfInjected shouldn't malloc for each attribute.

Sun Mar 3 01:02:35 PST 2013

https://bugs.webkit.org/show_bug.cgi?id=111264

           Summary: XSSAuditor::eraseDangerousAttributesIfInjected
                    shouldn't malloc for each attribute.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mkwst at chromium.org
                CC: eric at webkit.org, abarth at webkit.org
        Depends on: 111249

As noted in bug 111071 and https://bugs.webkit.org/show_bug.cgi?id=111249#c4, we're doing more work than we should in XSSAuditor::eraseDangerousAttributesIfInjected. We end up mallocing for every attribute in the document, which isn't awesome.

I took a quick pass at dropping the String() call by simplifying the logic of the check, which gets 90% of the way there. Unfortunately, 'protocolIsJavaScript()' ends up doing some important work down in platform-specific code (url_util::FindAndCompareScheme) to strip out control characters that are ignored in the context of an HTML document. It's a bit ugly.

I'll upload the patch I was playing with, if only as an example of how not to go about dropping this constructor. :)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.