[Webkit-unassigned] [Bug 190947] Post too much text to iFrame could crash webkit
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 6 13:08:59 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=190947
--- Comment #3 from Chris Dumez <cdumez at apple.com> ---
Looking at a trace of the WebContent process shortly before the crash we can see it spends a lot of time under:
Sample Count, Samples %, CPU %, Symbol
936, 21.8%, 3.4%, WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (in WebCore)
936, 21.8%, 3.4%, WebCore::XSSAuditor::init(WebCore::Document*, WebCore::XSSAuditorDelegate*) (in WebCore)
606, 14.1%, 2.2%, WebCore::SuffixTree<WebCore::ASCIICodebook>::build(WTF::String const&) (in WebCore)
If I disable XSSAuditor (which is a needed for security) via WebPreferences, the example in question no longer jetsams.
I therefore believe it is caused by the XSSAuditor somehow.
I have no reason to believe this is a reason regression.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181106/1b38f367/attachment.html>
More information about the webkit-unassigned
mailing list