Source/WebCore/html/parser/XSSAuditor.cpp - Issue 12324023: Merge 142063

Side by Side Diff: Source/WebCore/html/parser/XSSAuditor.cpp

Issue 12324023: Merge 142063 (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/1364/

Patch Set: Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt ('k') | no next file » | no next file with comments »

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2011 Adam Barth. All Rights Reserved.	2 * Copyright (C) 2011 Adam Barth. All Rights Reserved.

3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com).	3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com).

4 *	4 *

5 * Redistribution and use in source and binary forms, with or without	5 * Redistribution and use in source and binary forms, with or without

6 * modification, are permitted provided that the following conditions	6 * modification, are permitted provided that the following conditions

7 * are met:	7 * are met:

8 * 1. Redistributions of source code must retain the above copyright	8 * 1. Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * 2. Redistributions in binary form must reproduce the above copyright	10 * 2. Redistributions in binary form must reproduce the above copyright

(...skipping 300 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
311	311

312 RefPtr<FormData> report = FormData::create(reportObject->toJSONStrin g().utf8().data());	312 RefPtr<FormData> report = FormData::create(reportObject->toJSONStrin g().utf8().data());

313 PingLoader::sendViolationReport(m_parser->document()->frame(), m_rep ortURL, report);	313 PingLoader::sendViolationReport(m_parser->document()->frame(), m_rep ortURL, report);

314	314

315 m_reportURL = KURL();	315 m_reportURL = KURL();

316 m_originalURL = String();	316 m_originalURL = String();

317 m_originalHTTPBody = String();	317 m_originalHTTPBody = String();

318 }	318 }

319	319

320 if (didBlockEntirePage)	320 if (didBlockEntirePage)

321 m_parser->document()->frame()->navigationScheduler()->scheduleLocati onChange(m_parser->document()->securityOrigin(), blankURL(), String());	321 m_parser->document()->frame()->navigationScheduler()->scheduleLocati onChange(m_parser->document()->securityOrigin(), blankURL(), blankURL());

322 }	322 }

323 }	323 }

324	324

325 bool XSSAuditor::filterStartToken(HTMLToken& token)	325 bool XSSAuditor::filterStartToken(HTMLToken& token)

326 {	326 {

327 bool didBlockScript = eraseDangerousAttributesIfInjected(token);	327 bool didBlockScript = eraseDangerousAttributesIfInjected(token);

328	328

329 if (hasName(token, scriptTag)) {	329 if (hasName(token, scriptTag)) {

330 didBlockScript \|= filterScriptToken(token);	330 didBlockScript \|= filterScriptToken(token);

331 ASSERT(m_shouldAllowCDATA \|\| !m_scriptTagNestingLevel);	331 ASSERT(m_shouldAllowCDATA \|\| !m_scriptTagNestingLevel);

(...skipping 343 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
675 // something dangerous with the query string.	675 // something dangerous with the query string.

676 const KURL& documentURL = m_parser->document()->url();	676 const KURL& documentURL = m_parser->document()->url();

677 if (documentURL.host().isEmpty())	677 if (documentURL.host().isEmpty())

678 return false;	678 return false;

679	679

680 KURL resourceURL(documentURL, url);	680 KURL resourceURL(documentURL, url);

681 return (documentURL.host() == resourceURL.host() && resourceURL.query().isEm pty());	681 return (documentURL.host() == resourceURL.host() && resourceURL.query().isEm pty());

682 }	682 }

683	683

684 } // namespace WebCore	684 } // namespace WebCore

OLD	NEW