Closed
Bug 596180
Opened 14 years ago
Closed 14 years ago
Clone WebKit's loop limits on the adoption agency algorithm
Categories
(Core :: DOM: HTML Parser, defect, P2)
Core
DOM: HTML Parser
Tracking
()
RESOLVED
FIXED
mozilla2.0b7
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: hsivonen, Assigned: hsivonen)
Details
Attachments
(1 file)
|
5.21 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
WebKit's new adoption agency algorithm implementation limits the inner and outer loop to 10 iterations per loop entry. We should probably have limits there, too, and lacking data on what the best limits would be, it makes sense to use the same arbitrary limits as WebKit.
|
Assignee | |
Comment 1•14 years ago
|
||
Comment on attachment 475030 [details] [diff] [review] Limit the loops to 10 iterations per loop entry rs=me, but we need to keep pushing for the ability to align with spec here.
Attachment #475030 -
Flags: review?(jonas) → review+
|
|
Assignee | |
Comment 3•14 years ago
|
||
Nominating as a blocker, since not fixing this exposes a DoS vector for making the parser do an amount of work that is disproportionate to the amount of input text.
blocking2.0: --- → ?
|
|
Assignee | |
Updated•14 years ago
|
Priority: -- → P2
|
||
Updated•14 years ago
|
blocking2.0: ? → betaN+
|
|
Assignee | |
Comment 4•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/66023ea49f39
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b8
|
||
Updated•14 years ago
|
Target Milestone: mozilla2.0b8 → mozilla2.0b7
You need to log in
before you can comment on or make changes to this bug.
Description
•