summaryrefslogtreecommitdiffstats
path: root/chromium/third_party/WebKit/Source/core/html/parser/HTMLToken.h
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/third_party/WebKit/Source/core/html/parser/HTMLToken.h')
-rw-r--r--chromium/third_party/WebKit/Source/core/html/parser/HTMLToken.h13
1 files changed, 8 insertions, 5 deletions
diff --git a/chromium/third_party/WebKit/Source/core/html/parser/HTMLToken.h b/chromium/third_party/WebKit/Source/core/html/parser/HTMLToken.h
index 64f3044631b..e2b67fc33aa 100644
--- a/chromium/third_party/WebKit/Source/core/html/parser/HTMLToken.h
+++ b/chromium/third_party/WebKit/Source/core/html/parser/HTMLToken.h
@@ -27,7 +27,6 @@
#define HTMLToken_h
#include "core/dom/Attribute.h"
-#include "core/html/parser/HTMLToken.h"
#include "wtf/PassOwnPtr.h"
#include "wtf/RefCounted.h"
#include "wtf/RefPtr.h"
@@ -104,7 +103,12 @@ public:
m_range.start = 0;
m_range.end = 0;
m_baseOffset = 0;
- m_data.clear();
+ // Don't call Vector::clear() as that would destroy the
+ // alloced VectorBuffer. If the innerHTML'd content has
+ // two 257 character text nodes in a row, we'll needlessly
+ // thrash malloc. When we finally finish the parse the
+ // HTMLToken will be destroyed and the VectorBuffer released.
+ m_data.shrink(0);
m_orAllData = 0;
}
@@ -326,9 +330,7 @@ public:
{
ASSERT(character);
ASSERT(m_type == StartTag || m_type == EndTag);
- // FIXME: We should be able to add the following ASSERT once we fix
- // https://bugs.webkit.org/show_bug.cgi?id=62971
- // ASSERT(m_currentAttribute->nameRange.start);
+ ASSERT(m_currentAttribute->nameRange.start);
m_currentAttribute->name.append(character);
}
@@ -426,6 +428,7 @@ public:
m_orAllData |= character;
}
+ // Only for XSSAuditor
void eraseCharacters()
{
ASSERT(m_type == Character);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 05:34:46 +0000