Index: Source/core/html/parser/XSSAuditor.cpp |
diff --git a/Source/core/html/parser/XSSAuditor.cpp b/Source/core/html/parser/XSSAuditor.cpp |
index a4876ec71f558c8a103f6590f09de34ba0e9ee6f..a847f39bd26091f3bbd3cb84f0ffb90b92ca3bc7 100644 |
--- a/Source/core/html/parser/XSSAuditor.cpp |
+++ b/Source/core/html/parser/XSSAuditor.cpp |
@@ -710,7 +710,14 @@ String XSSAuditor::canonicalize(String snippet, TruncationKind treatment) |
String decodedSnippet = fullyDecodeString(snippet, m_encoding); |
if (treatment != NoTruncation) { |
- decodedSnippet.truncate(kMaximumFragmentLengthTarget); |
+ if (decodedSnippet.length() > kMaximumFragmentLengthTarget) { |
+ // Let the page influence the stopping point to avoid disclosing leading fragments. |
+ // Stop when we hit whitespace, since that is unlikely to be part a leading fragment. |
+ size_t position = kMaximumFragmentLengthTarget; |
+ while (position < decodedSnippet.length() && !isHTMLSpace(decodedSnippet[position])) |
+ ++position; |
+ decodedSnippet.truncate(position); |
+ } |
if (treatment == SrcLikeAttributeTruncation) |
truncateForSrcLikeAttribute(decodedSnippet); |
else if (treatment == ScriptLikeAttributeTruncation) |