Issue 660254: Disable the XSS Auditor by default for 4.1....

Issue 660254: Disable the XSS Auditor by default for 4.1.... (Closed)

Created:
10 years, 9 months ago by Mark Larson (Google)

Modified:
9 years, 7 months ago

Reviewers:
abarth-chromium

CC:
chromium-reviews_googlegroups.com, brettw+cc_chromium.org, ben+cc_chromium.org

Base URL:
svn://chrome-svn/chrome/branches/249/src/

Visibility:
Public.

Description

Disable the XSS Auditor by default for 4.1. It causes a huge performance regression with POST. The auditor can now be enabled by passing --enable-xss-auditor. R= abarth BUG= http://crbug.com/36929 TEST= http://www/~thakis/cgi-bin/35723.php Click the button, and the page should reload quickly. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=40424

Patch Set 1 #

Created: 10 years, 9 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+3 lines, -3 lines)			Patch
M	chrome/browser/tab_contents/render_view_host_delegate_helper.cc	View	1 chunk	+1 line, -1 line	0 comments	Download
M	chrome/common/chrome_switches.h	View	1 chunk	+1 line, -1 line	0 comments	Download
M	chrome/common/chrome_switches.cc	View	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 2 (0 generated)

Expand Messages | Collapse Messages

abarth-chromium

10 years, 9 months ago (2010-03-01 06:43:41 UTC) #2

LGTM

On Sat, Feb 27, 2010 at 8:36 PM,  <mal.chromium@gmail.com> wrote:
> Reviewers: abarth,
>
> Description:
> Disable the XSS Auditor by default for 4.1.
>
> It causes a huge performance regression with POST.
> The auditor can now be enabled by passing --enable-xss-auditor.
>
> R= abarth
> BUG= http://crbug.com/36929
> TEST= http://www/~thakis/cgi-bin/35723.php  Click the button, and the page
> should
> reload quickly.
>
>
> Please review this at http://codereview.chromium.org/660254
>
> SVN Base: svn://chrome-svn/chrome/branches/249/src/
>
> Affected files:
>  M     chrome/browser/tab_contents/render_view_host_delegate_helper.cc
>  M     chrome/common/chrome_switches.h
>  M     chrome/common/chrome_switches.cc
>
>
> Index: chrome/browser/tab_contents/render_view_host_delegate_helper.cc
> ===================================================================
> --- chrome/browser/tab_contents/render_view_host_delegate_helper.cc
> (revision 40232)
> +++ chrome/browser/tab_contents/render_view_host_delegate_helper.cc
> (working copy)
> @@ -175,7 +175,7 @@
>     web_prefs.remote_fonts_enabled =
>         !command_line.HasSwitch(switches::kDisableRemoteFonts);
>     web_prefs.xss_auditor_enabled =
> -        !command_line.HasSwitch(switches::kDisableXSSAuditor);
> +        command_line.HasSwitch(switches::kEnableXSSAuditor);
>     web_prefs.application_cache_enabled =
>         command_line.HasSwitch(switches::kEnableApplicationCache);
>
> Index: chrome/common/chrome_switches.h
> ===================================================================
> --- chrome/common/chrome_switches.h     (revision 40232)
> +++ chrome/common/chrome_switches.h     (working copy)
> @@ -57,7 +57,7 @@
>  extern const char kDisableWebResources[];
>  extern const char kDisableWebSecurity[];
>  extern const char kDisableWebSockets[];
> -extern const char kDisableXSSAuditor[];
> +extern const char kEnableXSSAuditor[];
>  extern const char kDiskCacheDir[];
>  extern const char kDiskCacheSize[];
>  extern const char kDnsLogDetails[];
> Index: chrome/common/chrome_switches.cc
> ===================================================================
> --- chrome/common/chrome_switches.cc    (revision 40232)
> +++ chrome/common/chrome_switches.cc    (working copy)
> @@ -146,7 +146,7 @@
>  const char kDisableWebSockets[]             = "disable-web-sockets";
>
>  // Disable WebKit's XSSAuditor.  The XSSAuditor mitigates reflective XSS.
> -const char kDisableXSSAuditor[]             = "disable-xss-auditor";
> +const char kEnableXSSAuditor[]             = "enable-xss-auditor";
>
>  // Use a specific disk cache location, rather than one derived from the
>  // UserDatadir.
>
>
>

Expand Messages | Collapse Messages