Changeset 141686 in webkit
- Timestamp:
- Feb 2, 2013 12:25:21 AM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r141684 r141686 1 2013-02-02 Tony Gentilcore <tonyg@chromium.org> 2 3 Continue making XSSAuditor thread safe: Remove unsafe AtomicString compares 4 https://bugs.webkit.org/show_bug.cgi?id=108557 5 6 Reviewed by Adam Barth. 7 8 Unfortunately HTMLNames comparisons will always be false on a non-main thread 9 with our current design, so we have to use some "threadSafeMatch" helpers written 10 for the HTMLBackgroundParser. 11 12 Also factor out threadSafeMatch() methods to HTMLParserIdioms. 13 14 No new tests because no new functionality. 15 16 * html/parser/BackgroundHTMLParser.cpp: 17 (WebCore): 18 * html/parser/HTMLParserIdioms.cpp: 19 (WebCore::threadSafeEqual): 20 (WebCore): 21 (WebCore::threadSafeMatch): 22 * html/parser/HTMLParserIdioms.h: 23 (WebCore): 24 * html/parser/XSSAuditor.cpp: 25 (WebCore::XSSAuditor::eraseAttributeIfInjected): 26 1 27 2013-02-01 James Simonsen <simonjam@chromium.org> 2 28 -
trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp
r141494 r141686 32 32 #include "HTMLDocumentParser.h" 33 33 #include "HTMLNames.h" 34 #include "HTMLParserIdioms.h" 34 35 #include "HTMLParserThread.h" 35 36 #include "HTMLTokenizer.h" … … 56 57 // FIXME: Tune this constant based on a benchmark. The current value was choosen arbitrarily. 57 58 static const size_t pendingTokenLimit = 4000; 58 59 static bool threadSafeEqual(StringImpl* a, StringImpl* b)60 {61 if (a->hash() != b->hash())62 return false;63 return StringHash::equal(a, b);64 }65 66 static bool threadSafeMatch(const String& localName, const QualifiedName& qName)67 {68 return threadSafeEqual(localName.impl(), qName.localName().impl());69 }70 59 71 60 ParserMap& parserMap() -
trunk/Source/WebCore/html/parser/HTMLParserIdioms.cpp
r135495 r141686 27 27 28 28 #include "Decimal.h" 29 #include "QualifiedName.h" 29 30 #include <limits> 30 31 #include <wtf/MathExtras.h> 31 32 #include <wtf/text/AtomicString.h> 32 33 #include <wtf/text/StringBuilder.h> 34 #include <wtf/text/StringHash.h> 33 35 34 36 namespace WebCore { … … 276 278 } 277 279 278 } 280 static bool threadSafeEqual(StringImpl* a, StringImpl* b) 281 { 282 if (a->hash() != b->hash()) 283 return false; 284 return StringHash::equal(a, b); 285 } 286 287 bool threadSafeMatch(const QualifiedName& a, const QualifiedName& b) 288 { 289 return threadSafeEqual(a.localName().impl(), b.localName().impl()); 290 } 291 292 bool threadSafeMatch(const String& localName, const QualifiedName& qName) 293 { 294 return threadSafeEqual(localName.impl(), qName.localName().impl()); 295 } 296 297 } -
trunk/Source/WebCore/html/parser/HTMLParserIdioms.h
r131826 r141686 32 32 33 33 class Decimal; 34 class QualifiedName; 34 35 35 36 // Space characters as defined by the HTML specification. … … 86 87 } 87 88 89 bool threadSafeMatch(const QualifiedName&, const QualifiedName&); 90 bool threadSafeMatch(const String&, const QualifiedName&); 91 88 92 } 89 93 -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r141633 r141686 487 487 const HTMLToken::Attribute& attribute = token.attributes().at(indexOfAttribute); 488 488 if (isContainedInRequest(decodedSnippetForAttribute(token, attribute, treatment))) { 489 if ( attributeName == srcAttr&& isLikelySafeResource(String(attribute.m_value.data(), attribute.m_value.size())))489 if (threadSafeMatch(attributeName, srcAttr) && isLikelySafeResource(String(attribute.m_value.data(), attribute.m_value.size()))) 490 490 return false; 491 if ( attributeName == http_equivAttr&& !isDangerousHTTPEquiv(String(attribute.m_value.data(), attribute.m_value.size())))491 if (threadSafeMatch(attributeName, http_equivAttr) && !isDangerousHTTPEquiv(String(attribute.m_value.data(), attribute.m_value.size()))) 492 492 return false; 493 493 token.eraseValueOfAttribute(indexOfAttribute);
Note: See TracChangeset
for help on using the changeset viewer.