[Webkit-unassigned] [Bug 190947] Post too much text to iFrame could crash webkit
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 6 13:23:30 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=190947
--- Comment #6 from Chris Dumez <cdumez at apple.com> ---
m_decodedHTTPBodySuffixTree seems to be used as an optimization inside XSSAuditor::isContainedInRequest(). If m_decodedHTTPBodySuffixTree is not initialized then we end up doing the search like so:
m_decodedHTTPBody.containsIgnoringASCIICase(decodedSnippet)
I have verified that if we do not initialize m_decodedHTTPBodySuffixTree then its does not jetsam.
So the issue seems to be that m_decodedHTTPBodySuffixTree may end up being extremely big and cause jetsams (not to mention that constructing it can be very slow).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181106/7cd961a3/attachment-0001.html>
More information about the webkit-unassigned
mailing list