Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1293703006: Make TextIterator to stop when it falls to handle shadow tree (Closed)

Created:
5 years, 4 months ago by yosin_UTC9
Modified:
5 years, 4 months ago
Reviewers:
tkent
CC:
blink-reviews, Robert Sesek
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Make TextIterator to stop when it falls to handle shadow tree The issue 521655 causes bad case in |toShadowRoot()| with a test script in |TextIterator::advance()|. However, I could not get a HTML fragment causing this situation since the test script generates HTML fragment and I could not reproduce on my machines. This patch changes |TextIterator| to stop when it fails to handle shadow tree to avoid bad cast for preventing attacker to use this. We'll add a test case for this once we have HTML fragment to cause this bad cast. BUG=521655 TEST=n/a; It is hard to create a test case for this issue Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200958

Patch Set 1 : 2015-08-20T17:53:45 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+5 lines, -0 lines) Patch
M Source/core/editing/iterators/TextIterator.cpp View 1 chunk +5 lines, -0 lines 0 comments Download

Messages

Total messages: 14 (6 generated)
yosin_UTC9
PTAL I think that rather than seeking HTML fragment to reproduce this issue, it takes ...
5 years, 4 months ago (2015-08-20 09:19:14 UTC) #2
tkent
lgtm. The function is too large, and it looks very hard to make a unit ...
5 years, 4 months ago (2015-08-20 09:27:24 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1293703006/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1293703006/1
5 years, 4 months ago (2015-08-20 09:38:27 UTC) #5
commit-bot: I haz the power
Try jobs failed on following builders: win_chromium_x64_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_rel_ng/builds/93092)
5 years, 4 months ago (2015-08-20 11:55:28 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1293703006/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1293703006/1
5 years, 4 months ago (2015-08-20 12:57:27 UTC) #9
commit-bot: I haz the power
Try jobs failed on following builders: linux_android_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_android_rel_ng/builds/58214)
5 years, 4 months ago (2015-08-20 17:51:20 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1293703006/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1293703006/1
5 years, 4 months ago (2015-08-21 01:52:29 UTC) #13
commit-bot: I haz the power
5 years, 4 months ago (2015-08-21 04:08:47 UTC) #14
Message was sent while issue was closed. 
Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=200958

Powered by Google App Engine
This is Rietveld 408576698