2011-01-29 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 30 Jan 2011 02:39:40 +0000 (02:39 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 30 Jan 2011 02:39:40 +0000 (02:39 +0000)
commitefee11735921d92b40776986851ef04632842d24
treef28efa548db2ad05c0f508da0fbf199df2f0d5e6
parent4ed026806fa4693a01679af670d229b828472b26
2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Fix XSSFilter crash when extracting the source for a token twice
        https://bugs.webkit.org/show_bug.cgi?id=53368

        Previously, it was unsafe to extract the source for the same token
        twice because the HTMLSourceTracker would advance its internal
        representation of the SegmentedString.  This patch introduces a cache
        to make calling HTMLSourceTracker::sourceForToken multiple times safe.

        * html/parser/HTMLSourceTracker.cpp:
        (WebCore::HTMLSourceTracker::end):
        (WebCore::HTMLSourceTracker::sourceForToken):
        * html/parser/HTMLSourceTracker.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77076 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/html/parser/HTMLSourceTracker.cpp
Source/WebCore/html/parser/HTMLSourceTracker.h