Chromium Code Reviews Chromium Code Reviews
Issue 1411123004:
Handle extra whitespaces in the DOM token list (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: third_party/WebKit/Source/core/dom/DOMTokenList.cpp |
| diff --git a/third_party/WebKit/Source/core/dom/DOMTokenList.cpp b/third_party/WebKit/Source/core/dom/DOMTokenList.cpp |
| index 4f5db64270ea2043c719fd634ae4c52e428f297c..990aba7c1e8c84f9fb6169557adc056368dce1c3 100644 |
| --- a/third_party/WebKit/Source/core/dom/DOMTokenList.cpp |
| +++ b/third_party/WebKit/Source/core/dom/DOMTokenList.cpp |
| @@ -242,7 +242,7 @@ AtomicString DOMTokenList::removeTokens(const AtomicString& input, const Vector< |
| // Step 5 |
| while (position < inputLength) { |
| if (isHTMLSpace<UChar>(input[position])) { // 6 |
| - output.append(input[position++]); // 6.1, 6.2 |
| + position++; |
| continue; // 6.3 |
| } |
| @@ -263,15 +263,18 @@ AtomicString DOMTokenList::removeTokens(const AtomicString& input, const Vector< |
| while (j > 0 && isHTMLSpace<UChar>(output[j - 1])) |
| --j; |
| output.resize(j); |
| - |
| - // Step 8.3 |
| - if (position < inputLength && !output.isEmpty()) |
| - output.append(' '); |
| } else { |
| output.append(token); // Step 9 |
| } |
| + |
| + if (position < inputLength && !output.isEmpty()) |
| + output.append(' '); |
| } |
| + size_t j = output.length(); |
| + if (isHTMLSpace<UChar>(output[j - 1])) |
|
tkent
2015/10/26 23:30:38
Buffer underflow. |j| can be 0.
tanay.c
2015/10/27 10:44:39
Done.
|
| + output.resize(j - 1); |
| + |
| return output.toAtomicString(); |
| } |
