Changeset 142712 in webkit


Ignore:
Timestamp:
Feb 12, 2013 8:24:31 PM (11 years ago)
Author:
eric@webkit.org
Message:

Fix HTMLToken::Attribute member naming and update callsites to use Vector-based String functions
https://bugs.webkit.org/show_bug.cgi?id=109638

Reviewed by Adam Barth.

Darin Adler noted in:
https://bugs.webkit.org/show_bug.cgi?id=109408#c4
that HTMLToken::Attribute (then MarkupTokenBase::Attribute)
was a struct, yet incorrectly used m_ for its public members.

This patch fixes the members to not have the m_, and since I was
touching all callers, I also updated all callers to use modern
Vector-based String creation/append functions instead of manually
calling UChar*, size_t versions.

There should be no behavior change to this patch. Where I saw
performance/memory bugs, I noted them with FIXMEs to keep
this change simple.

  • html/HTMLViewSourceDocument.cpp:

(WebCore::HTMLViewSourceDocument::processTagToken):

  • html/parser/AtomicHTMLToken.h:

(WebCore::AtomicHTMLToken::publicIdentifier):
(WebCore::AtomicHTMLToken::systemIdentifier):
(WebCore::AtomicHTMLToken::AtomicHTMLToken):
(WebCore::AtomicHTMLToken::initializeAttributes):

  • html/parser/CompactHTMLToken.cpp:

(WebCore::CompactHTMLToken::CompactHTMLToken):

  • html/parser/HTMLMetaCharsetParser.cpp:

(WebCore::HTMLMetaCharsetParser::processMeta):
(WebCore::HTMLMetaCharsetParser::checkForMetaCharset):

  • html/parser/HTMLPreloadScanner.cpp:

(WebCore::StartTagScanner::processAttributes):
(WebCore::HTMLPreloadScanner::scan):
(WebCore::HTMLPreloadScanner::processPossibleBaseTag):
(WebCore::HTMLPreloadScanner::processToken):

  • html/parser/HTMLToken.h:

(Range):
(Attribute):
(WebCore::HTMLToken::clear):
(WebCore::HTMLToken::startIndex):
(WebCore::HTMLToken::endIndex):
(WebCore::HTMLToken::end):
(WebCore::HTMLToken::nameString):
(WebCore::HTMLToken::addNewAttribute):
(WebCore::HTMLToken::beginAttributeName):
(WebCore::HTMLToken::endAttributeName):
(WebCore::HTMLToken::beginAttributeValue):
(WebCore::HTMLToken::endAttributeValue):
(WebCore::HTMLToken::appendToAttributeName):
(WebCore::HTMLToken::appendToAttributeValue):
(WebCore::HTMLToken::eraseValueOfAttribute):

  • html/parser/HTMLTokenizer.cpp:

(WebCore::AtomicHTMLToken::nameForAttribute):

  • html/parser/HTMLViewSourceParser.cpp:

(WebCore::HTMLViewSourceParser::updateTokenizerState):

  • html/parser/XSSAuditor.cpp:

(WebCore::findAttributeWithName):
(WebCore::XSSAuditor::filterParamToken):
(WebCore::XSSAuditor::eraseDangerousAttributesIfInjected):
(WebCore::XSSAuditor::eraseAttributeIfInjected):
(WebCore::XSSAuditor::decodedSnippetForAttribute):

Location:
trunk/Source/WebCore
Files:
10 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r142711 r142712  
     12013-02-12  Eric Seidel  <eric@webkit.org>
     2
     3        Fix HTMLToken::Attribute member naming and update callsites to use Vector-based String functions
     4        https://bugs.webkit.org/show_bug.cgi?id=109638
     5
     6        Reviewed by Adam Barth.
     7
     8        Darin Adler noted in:
     9        https://bugs.webkit.org/show_bug.cgi?id=109408#c4
     10        that HTMLToken::Attribute (then MarkupTokenBase::Attribute)
     11        was a struct, yet incorrectly used m_ for its public members.
     12
     13        This patch fixes the members to not have the m_, and since I was
     14        touching all callers, I also updated all callers to use modern
     15        Vector-based String creation/append functions instead of manually
     16        calling UChar*, size_t versions.
     17
     18        There should be no behavior change to this patch.  Where I saw
     19        performance/memory bugs, I noted them with FIXMEs to keep
     20        this change simple.
     21
     22        * html/HTMLViewSourceDocument.cpp:
     23        (WebCore::HTMLViewSourceDocument::processTagToken):
     24        * html/parser/AtomicHTMLToken.h:
     25        (WebCore::AtomicHTMLToken::publicIdentifier):
     26        (WebCore::AtomicHTMLToken::systemIdentifier):
     27        (WebCore::AtomicHTMLToken::AtomicHTMLToken):
     28        (WebCore::AtomicHTMLToken::initializeAttributes):
     29        * html/parser/CompactHTMLToken.cpp:
     30        (WebCore::CompactHTMLToken::CompactHTMLToken):
     31        * html/parser/HTMLMetaCharsetParser.cpp:
     32        (WebCore::HTMLMetaCharsetParser::processMeta):
     33        (WebCore::HTMLMetaCharsetParser::checkForMetaCharset):
     34        * html/parser/HTMLPreloadScanner.cpp:
     35        (WebCore::StartTagScanner::processAttributes):
     36        (WebCore::HTMLPreloadScanner::scan):
     37        (WebCore::HTMLPreloadScanner::processPossibleBaseTag):
     38        (WebCore::HTMLPreloadScanner::processToken):
     39        * html/parser/HTMLToken.h:
     40        (Range):
     41        (Attribute):
     42        (WebCore::HTMLToken::clear):
     43        (WebCore::HTMLToken::startIndex):
     44        (WebCore::HTMLToken::endIndex):
     45        (WebCore::HTMLToken::end):
     46        (WebCore::HTMLToken::nameString):
     47        (WebCore::HTMLToken::addNewAttribute):
     48        (WebCore::HTMLToken::beginAttributeName):
     49        (WebCore::HTMLToken::endAttributeName):
     50        (WebCore::HTMLToken::beginAttributeValue):
     51        (WebCore::HTMLToken::endAttributeValue):
     52        (WebCore::HTMLToken::appendToAttributeName):
     53        (WebCore::HTMLToken::appendToAttributeValue):
     54        (WebCore::HTMLToken::eraseValueOfAttribute):
     55        * html/parser/HTMLTokenizer.cpp:
     56        (WebCore::AtomicHTMLToken::nameForAttribute):
     57        * html/parser/HTMLViewSourceParser.cpp:
     58        (WebCore::HTMLViewSourceParser::updateTokenizerState):
     59        * html/parser/XSSAuditor.cpp:
     60        (WebCore::findAttributeWithName):
     61        (WebCore::XSSAuditor::filterParamToken):
     62        (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected):
     63        (WebCore::XSSAuditor::eraseAttributeIfInjected):
     64        (WebCore::XSSAuditor::decodedSnippetForAttribute):
     65
    1662013-02-12  Ryosuke Niwa  <rniwa@webkit.org>
    267

  • trunk/Source/WebCore/html/HTMLViewSourceDocument.cpp

    r142641 r142712  
    136136    m_current = addSpanWithClassName("webkit-html-tag");
    137137
    138     AtomicString tagName(token.name().data(), token.name().size());
     138    AtomicString tagName(token.name());
    139139
    140140    unsigned index = 0;
     
    148148        }
    149149
    150         AtomicString name(iter->m_name.data(), iter->m_name.size());
    151         String value = StringImpl::create8BitIfPossible(iter->m_value.data(), iter->m_value.size());
    152 
    153         index = addRange(source, index, iter->m_nameRange.m_start - token.startIndex(), "");
    154         index = addRange(source, index, iter->m_nameRange.m_end - token.startIndex(), "webkit-html-attribute-name");
     150        AtomicString name(iter->name);
     151        String value = StringImpl::create8BitIfPossible(iter->value);
     152
     153        index = addRange(source, index, iter->nameRange.start - token.startIndex(), "");
     154        index = addRange(source, index, iter->nameRange.end - token.startIndex(), "webkit-html-attribute-name");
    155155
    156156        if (tagName == baseTag && name == hrefAttr)
    157157            m_current = addBase(value);
    158158
    159         index = addRange(source, index, iter->m_valueRange.m_start - token.startIndex(), "");
     159        index = addRange(source, index, iter->valueRange.start - token.startIndex(), "");
    160160
    161161        bool isLink = name == srcAttr || name == hrefAttr;
    162         index = addRange(source, index, iter->m_valueRange.m_end - token.startIndex(), "webkit-html-attribute-value", isLink, tagName == aTag, value);
     162        index = addRange(source, index, iter->valueRange.end - token.startIndex(), "webkit-html-attribute-value", isLink, tagName == aTag, value);
    163163
    164164        ++iter;

  • trunk/Source/WebCore/html/parser/AtomicHTMLToken.h

    r142641 r142712  
    125125
    126126    // FIXME: Distinguish between a missing public identifer and an empty one.
    127     WTF::Vector<UChar>& publicIdentifier() const
     127    Vector<UChar>& publicIdentifier() const
    128128    {
    129129        ASSERT(m_type == HTMLToken::DOCTYPE);
     
    132132
    133133    // FIXME: Distinguish between a missing system identifer and an empty one.
    134     WTF::Vector<UChar>& systemIdentifier() const
     134    Vector<UChar>& systemIdentifier() const
    135135    {
    136136        ASSERT(m_type == HTMLToken::DOCTYPE);
     
    154154            break;
    155155        case HTMLToken::DOCTYPE:
    156             m_name = AtomicString(token.nameString());
     156            m_name = AtomicString(token.nameString()); // FIXME: Should be AtomicString(token.name()) to avoid mallocing every time.
    157157            m_doctypeData = token.releaseDoctypeData();
    158158            break;
     
    162162        case HTMLToken::EndTag: {
    163163            m_selfClosing = token.selfClosing();
    164             m_name = AtomicString(token.nameString());
     164            m_name = AtomicString(token.nameString()); // FIXME: Should be AtomicString(token.name()) to avoid mallocing every time.
    165165            initializeAttributes(token.attributes());
    166166            break;
     
    168168        case HTMLToken::Comment:
    169169            if (token.isAll8BitData())
    170                 m_data = String::make8BitFrom16BitSource(token.comment().data(), token.comment().size());
     170                m_data = String::make8BitFrom16BitSource(token.comment());
    171171            else
    172                 m_data = String(token.comment().data(), token.comment().size());
     172                m_data = String(token.comment());
    173173            break;
    174174        case HTMLToken::Character:
     
    193193            m_doctypeData = adoptPtr(new DoctypeData());
    194194            m_doctypeData->m_hasPublicIdentifier = true;
    195             m_doctypeData->m_publicIdentifier.append(token.publicIdentifier().characters(), token.publicIdentifier().length());
     195            append(m_doctypeData->m_publicIdentifier, token.publicIdentifier());
    196196            m_doctypeData->m_hasSystemIdentifier = true;
    197             m_doctypeData->m_systemIdentifier.append(token.systemIdentifier().characters(), token.systemIdentifier().length());
     197            append(m_doctypeData->m_systemIdentifier, token.systemIdentifier());
    198198            m_doctypeData->m_forceQuirks = token.doctypeForcesQuirks();
    199199            break;
     
    207207        case HTMLToken::EndTag:
    208208            m_selfClosing = token.selfClosing();
    209             m_name = AtomicString(token.data());
     209            m_name = token.data();
    210210            break;
    211211        case HTMLToken::Comment:
     
    289289    for (size_t i = 0; i < size; ++i) {
    290290        const HTMLToken::Attribute& attribute = attributes[i];
    291         if (attribute.m_name.isEmpty())
     291        if (attribute.name.isEmpty())
    292292            continue;
    293293
    294294        // FIXME: We should be able to add the following ASSERT once we fix
    295295        // https://bugs.webkit.org/show_bug.cgi?id=62971
    296         //   ASSERT(attribute.m_nameRange.m_start);
    297         ASSERT(attribute.m_nameRange.m_end);
    298         ASSERT(attribute.m_valueRange.m_start);
    299         ASSERT(attribute.m_valueRange.m_end);
    300 
    301         AtomicString value(attribute.m_value.data(), attribute.m_value.size());
     296        //   ASSERT(attribute.nameRange.start);
     297        ASSERT(attribute.nameRange.end);
     298        ASSERT(attribute.valueRange.start);
     299        ASSERT(attribute.valueRange.end);
     300
     301        AtomicString value(attribute.value);
    302302        const QualifiedName& name = nameForAttribute(attribute);
    303303        if (!findAttributeInVector(m_attributes, name))

  • trunk/Source/WebCore/html/parser/CompactHTMLToken.cpp

    r142641 r142712  
    5656        break;
    5757    case HTMLToken::DOCTYPE: {
    58         m_data = String(token->name().data(), token->name().size());
     58        m_data = String(token->name());
    5959        // There is only 1 DOCTYPE token per document, so to avoid increasing the
    6060        // size of CompactHTMLToken, we just use the m_attributes vector.
    61         String publicIdentifier(token->publicIdentifier().data(), token->publicIdentifier().size());
    62         String systemIdentifier(token->systemIdentifier().data(), token->systemIdentifier().size());
    63         m_attributes.append(CompactAttribute(publicIdentifier, systemIdentifier));
     61        m_attributes.append(CompactAttribute(String(token->publicIdentifier()), String(token->systemIdentifier())));
    6462        m_doctypeForcesQuirks = token->forceQuirks();
    6563        break;
     
    6967    case HTMLToken::StartTag:
    7068        m_attributes.reserveInitialCapacity(token->attributes().size());
     69        // FIXME: Attribute names and values should be 8bit when possible.
    7170        for (Vector<HTMLToken::Attribute>::const_iterator it = token->attributes().begin(); it != token->attributes().end(); ++it)
    72             m_attributes.append(CompactAttribute(String(it->m_name.data(), it->m_name.size()), String(it->m_value.data(), it->m_value.size())));
     71            m_attributes.append(CompactAttribute(String(it->name), String(it->value)));
    7372        // Fall through!
    7473    case HTMLToken::EndTag:
     
    7877    case HTMLToken::Character:
    7978        if (token->isAll8BitData()) {
    80             m_data = String::make8BitFrom16BitSource(token->data().data(), token->data().size());
     79            m_data = String::make8BitFrom16BitSource(token->data());
    8180            m_isAll8BitData = true;
    8281        } else
    83             m_data = String(token->data().data(), token->data().size());
     82            m_data = String(token->data());
    8483        break;
    8584    default:

  • trunk/Source/WebCore/html/parser/HTMLMetaCharsetParser.cpp

    r142641 r142712  
    107107    AttributeList attributes;
    108108    for (HTMLToken::AttributeList::const_iterator iter = tokenAttributes.begin(); iter != tokenAttributes.end(); ++iter) {
    109         String attributeName = StringImpl::create8BitIfPossible(iter->m_name.data(), iter->m_name.size());
    110         String attributeValue = StringImpl::create8BitIfPossible(iter->m_value.data(), iter->m_value.size());
     109        String attributeName = StringImpl::create8BitIfPossible(iter->name);
     110        String attributeValue = StringImpl::create8BitIfPossible(iter->value);
    111111        attributes.append(std::make_pair(attributeName, attributeValue));
    112112    }
     
    179179        bool end = m_token.type() == HTMLToken::EndTag;
    180180        if (end || m_token.type() == HTMLToken::StartTag) {
    181             AtomicString tagName(m_token.name().data(), m_token.name().size());
     181            AtomicString tagName(m_token.name());
    182182            if (!end) {
    183183                m_tokenizer->updateStateFor(tagName);

  • trunk/Source/WebCore/html/parser/HTMLPreloadScanner.cpp

    r142641 r142712  
    7575        for (HTMLToken::AttributeList::const_iterator iter = attributes.begin();
    7676             iter != attributes.end(); ++iter) {
    77             AtomicString attributeName(iter->m_name.data(), iter->m_name.size());
    78             String attributeValue = StringImpl::create8BitIfPossible(iter->m_value.data(), iter->m_value.size());
     77            AtomicString attributeName(iter->name);
     78            String attributeValue = StringImpl::create8BitIfPossible(iter->value);
    7979
    8080            if (attributeName == charsetAttr)
     
    220220    while (m_tokenizer->nextToken(m_source, m_token)) {
    221221        if (isStartTag(m_token))
    222             m_tokenizer->updateStateFor(AtomicString(m_token.name().data(), m_token.name().size()));
     222            m_tokenizer->updateStateFor(AtomicString(m_token.name()));
    223223        processToken(m_token, requests);
    224224        m_token.clear();
     
    264264
    265265        for (HTMLToken::AttributeList::const_iterator iter = token.attributes().begin(); iter != token.attributes().end(); ++iter) {
    266             AtomicString attributeName(iter->m_name.data(), iter->m_name.size());
     266            AtomicString attributeName(iter->name);
    267267            if (attributeName == hrefAttr) {
    268                 String hrefValue = StringImpl::create8BitIfPossible(iter->m_value.data(), iter->m_value.size());
     268                String hrefValue = StringImpl::create8BitIfPossible(iter->value);
    269269                m_predictedBaseElementURL = KURL(m_documentURL, stripLeadingAndTrailingHTMLSpaces(hrefValue));
    270270                break;
     
    287287        return;
    288288
    289     AtomicString tagName(token.name().data(), token.name().size());
     289    AtomicString tagName(token.name());
    290290#if ENABLE(TEMPLATE_ELEMENT)
    291291    if (processPossibleTemplateTag(tagName, token))

  • trunk/Source/WebCore/html/parser/HTMLToken.h

    r142641 r142712  
    7979        class Range {
    8080        public:
    81             int m_start;
    82             int m_end;
     81            int start;
     82            int end;
    8383        };
    8484
    85         Range m_nameRange;
    86         Range m_valueRange;
    87         WTF::Vector<UChar, 32> m_name;
    88         WTF::Vector<UChar, 32> m_value;
     85        Range nameRange;
     86        Range valueRange;
     87        Vector<UChar, 32> name;
     88        Vector<UChar, 32> value;
    8989    };
    9090
     
    9797    {
    9898        m_type = Uninitialized;
    99         m_range.m_start = 0;
    100         m_range.m_end = 0;
     99        m_range.start = 0;
     100        m_range.end = 0;
    101101        m_baseOffset = 0;
    102102        m_data.clear();
     
    114114
    115115    /* Range and offset methods exposed for HTMLSourceTracker and HTMLViewSourceParser */
    116     int startIndex() const { return m_range.m_start; }
    117     int endIndex() const { return m_range.m_end; }
     116    int startIndex() const { return m_range.start; }
     117    int endIndex() const { return m_range.end; }
    118118
    119119    void setBaseOffset(int offset)
     
    124124    void end(int endOffset)
    125125    {
    126         m_range.m_end = endOffset - m_baseOffset;
     126        m_range.end = endOffset - m_baseOffset;
    127127    }
    128128
     
    159159        if (isAll8BitData())
    160160            return String::make8BitFrom16BitSource(m_data.data(), m_data.size());
    161         return String(m_data.data(), m_data.size());
     161        return String(m_data);
    162162    }
    163163
     
    295295        m_currentAttribute = &m_attributes.last();
    296296#ifndef NDEBUG
    297         m_currentAttribute->m_nameRange.m_start = 0;
    298         m_currentAttribute->m_nameRange.m_end = 0;
    299         m_currentAttribute->m_valueRange.m_start = 0;
    300         m_currentAttribute->m_valueRange.m_end = 0;
     297        m_currentAttribute->nameRange.start = 0;
     298        m_currentAttribute->nameRange.end = 0;
     299        m_currentAttribute->valueRange.start = 0;
     300        m_currentAttribute->valueRange.end = 0;
    301301#endif
    302302    }
     
    304304    void beginAttributeName(int offset)
    305305    {
    306         m_currentAttribute->m_nameRange.m_start = offset - m_baseOffset;
     306        m_currentAttribute->nameRange.start = offset - m_baseOffset;
    307307    }
    308308
     
    310310    {
    311311        int index = offset - m_baseOffset;
    312         m_currentAttribute->m_nameRange.m_end = index;
    313         m_currentAttribute->m_valueRange.m_start = index;
    314         m_currentAttribute->m_valueRange.m_end = index;
     312        m_currentAttribute->nameRange.end = index;
     313        m_currentAttribute->valueRange.start = index;
     314        m_currentAttribute->valueRange.end = index;
    315315    }
    316316
    317317    void beginAttributeValue(int offset)
    318318    {
    319         m_currentAttribute->m_valueRange.m_start = offset - m_baseOffset;
     319        m_currentAttribute->valueRange.start = offset - m_baseOffset;
    320320#ifndef NDEBUG
    321         m_currentAttribute->m_valueRange.m_end = 0;
     321        m_currentAttribute->valueRange.end = 0;
    322322#endif
    323323    }
     
    325325    void endAttributeValue(int offset)
    326326    {
    327         m_currentAttribute->m_valueRange.m_end = offset - m_baseOffset;
     327        m_currentAttribute->valueRange.end = offset - m_baseOffset;
    328328    }
    329329
     
    334334        // FIXME: We should be able to add the following ASSERT once we fix
    335335        // https://bugs.webkit.org/show_bug.cgi?id=62971
    336         //   ASSERT(m_currentAttribute->m_nameRange.m_start);
    337         m_currentAttribute->m_name.append(character);
     336        //   ASSERT(m_currentAttribute->nameRange.start);
     337        m_currentAttribute->name.append(character);
    338338    }
    339339
     
    342342        ASSERT(character);
    343343        ASSERT(m_type == StartTag || m_type == EndTag);
    344         ASSERT(m_currentAttribute->m_valueRange.m_start);
    345         m_currentAttribute->m_value.append(character);
     344        ASSERT(m_currentAttribute->valueRange.start);
     345        m_currentAttribute->value.append(character);
    346346    }
    347347
     
    350350        ASSERT(!value.isEmpty());
    351351        ASSERT(m_type == StartTag || m_type == EndTag);
    352         m_attributes[i].m_value.append(value.characters(), value.length());
     352        append(m_attributes[i].value, value);
    353353    }
    354354
     
    363363    {
    364364        ASSERT(m_type == StartTag || m_type == EndTag);
    365         m_attributes[i].m_value.clear();
     365        m_attributes[i].value.clear();
    366366    }
    367367

  • trunk/Source/WebCore/html/parser/HTMLTokenizer.cpp

    r142641 r142712  
    5252QualifiedName AtomicHTMLToken::nameForAttribute(const HTMLToken::Attribute& attribute) const
    5353{
    54     return QualifiedName(nullAtom, AtomicString(attribute.m_name.data(), attribute.m_name.size()), nullAtom);
     54    return QualifiedName(nullAtom, AtomicString(attribute.name), nullAtom);
    5555}
    5656

  • trunk/Source/WebCore/html/parser/HTMLViewSourceParser.cpp

    r142641 r142712  
    7979    if (m_token.type() != HTMLToken::StartTag)
    8080        return;
    81 
    82     AtomicString tagName(m_token.name().data(), m_token.name().size());
    83     m_tokenizer->updateStateFor(tagName);
     81    m_tokenizer->updateStateFor(AtomicString(m_token.name()));
    8482}
    8583

  • trunk/Source/WebCore/html/parser/XSSAuditor.cpp

    r142641 r142712  
    126126
    127127    for (size_t i = 0; i < token.attributes().size(); ++i) {
    128         if (equalIgnoringNullity(token.attributes().at(i).m_name, attrName)) {
     128        if (equalIgnoringNullity(token.attributes().at(i).name, attrName)) {
    129129            indexOfMatchingAttribute = i;
    130130            return true;
     
    395395
    396396    const HTMLToken::Attribute& nameAttribute = request.token.attributes().at(indexOfNameAttribute);
    397     String name = String(nameAttribute.m_value.data(), nameAttribute.m_value.size());
    398 
    399     if (!HTMLParamElement::isURLParameter(name))
     397    if (!HTMLParamElement::isURLParameter(String(nameAttribute.value)))
    400398        return false;
    401399
     
    474472    for (size_t i = 0; i < request.token.attributes().size(); ++i) {
    475473        const HTMLToken::Attribute& attribute = request.token.attributes().at(i);
    476         bool isInlineEventHandler = isNameOfInlineEventHandler(attribute.m_name);
    477         bool valueContainsJavaScriptURL = !isInlineEventHandler && protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(String(attribute.m_value.data(), attribute.m_value.size())));
     474        bool isInlineEventHandler = isNameOfInlineEventHandler(attribute.name);
     475        bool valueContainsJavaScriptURL = !isInlineEventHandler && protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(String(attribute.value)));
    478476        if (!isInlineEventHandler && !valueContainsJavaScriptURL)
    479477            continue;
     
    494492        const HTMLToken::Attribute& attribute = request.token.attributes().at(indexOfAttribute);
    495493        if (isContainedInRequest(decodedSnippetForAttribute(request, attribute, treatment))) {
    496             if (threadSafeMatch(attributeName, srcAttr) && isLikelySafeResource(String(attribute.m_value.data(), attribute.m_value.size())))
     494            if (threadSafeMatch(attributeName, srcAttr) && isLikelySafeResource(String(attribute.value)))
    497495                return false;
    498             if (threadSafeMatch(attributeName, http_equivAttr) && !isDangerousHTTPEquiv(String(attribute.m_value.data(), attribute.m_value.size())))
     496            if (threadSafeMatch(attributeName, http_equivAttr) && !isDangerousHTTPEquiv(String(attribute.value)))
    499497                return false;
    500498            request.token.eraseValueOfAttribute(indexOfAttribute);
     
    519517    // unquoted input of |name=value |, the snippet is |name=value|.
    520518    // FIXME: We should grab one character before the name also.
    521     int start = attribute.m_nameRange.m_start - request.token.startIndex();
    522     int end = attribute.m_valueRange.m_end - request.token.startIndex();
     519    int start = attribute.nameRange.start - request.token.startIndex();
     520    int end = attribute.valueRange.end - request.token.startIndex();
    523521    String decodedSnippet = fullyDecodeString(request.sourceTracker.sourceForToken(request.token).substring(start, end - start), m_encoding);
    524522    decodedSnippet.truncate(kMaximumFragmentLengthTarget);
Note: See TracChangeset for help on using the changeset viewer.