Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bd6ef2dd8d797d798fb45fd451909361fdd18873
https://github.com/WebKit/WebKit/commit/bd6ef2dd8d797d798fb45fd451909361fdd18873
Author: Nathan Solomon <[email protected]>
Date: 2026-02-23 (Mon, 23 Feb 2026)
Changed paths:
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/DocumentSharedObjectPool.cpp
M Source/WebCore/dom/DocumentSharedObjectPool.h
Log Message:
-----------
Change DocumentSharedObjectPool's static map keys from RegistrableDomain to
SecurityOriginData
https://bugs.webkit.org/show_bug.cgi?id=308503
rdar://171023988
Reviewed by Ryosuke Niwa.
The DocumentSharedObjectPool maintains a static map that remembers
the peak cache size for previously seen domains, so future pools for
the same domain can pre-allocate capacity. Previously this was keyed
by RegistrableDomain, meaning subdomains like a.example.com and
b.example.com would share the same capacity hint. This is a potential
side-channel leak — one origin could theoretically infer information
about another origin's DOM size under the same registrable
domain by observing allocation behavior somehow.
Keying by SecurityOriginData (scheme + host + port) scopes the hint
to the exact origin so that this leak is not possible.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::setParsing):
* Source/WebCore/dom/DocumentSharedObjectPool.cpp:
(WebCore::peakSizeInPast):
(WebCore::DocumentSharedObjectPool::DocumentSharedObjectPool):
* Source/WebCore/dom/DocumentSharedObjectPool.h:
Canonical link: https://commits.webkit.org/308095@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
