Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1182)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/parser/HTMLDocumentParser.cpp

Issue 1322063002: Run HTMLSourceTracker hooks only when XSSAuditor is enabled (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/html/parser/BackgroundHTMLParser.cpp ('k') | Source/core/html/parser/XSSAuditor.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google, Inc. All Rights Reserved. 2 * Copyright (C) 2010 Google, Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 607 matching lines...) Expand 10 before | Expand all | Expand 10 after
618 618
619 PumpSession session(m_pumpSessionNestingLevel, contextForParsingSession()); 619 PumpSession session(m_pumpSessionNestingLevel, contextForParsingSession());
620 620
621 // We tell the InspectorInstrumentation about every pump, even if we 621 // We tell the InspectorInstrumentation about every pump, even if we
622 // end up pumping nothing. It can filter out empty pumps itself. 622 // end up pumping nothing. It can filter out empty pumps itself.
623 // FIXME: m_input.current().length() is only accurate if we 623 // FIXME: m_input.current().length() is only accurate if we
624 // end up parsing the whole buffer in this pump. We should pass how 624 // end up parsing the whole buffer in this pump. We should pass how
625 // much we parsed as part of didWriteHTML instead of willWriteHTML. 625 // much we parsed as part of didWriteHTML instead of willWriteHTML.
626 TRACE_EVENT_BEGIN1("devtools.timeline", "ParseHTML", "beginData", InspectorP arseHtmlEvent::beginData(document(), m_input.current().currentLine().zeroBasedIn t())); 626 TRACE_EVENT_BEGIN1("devtools.timeline", "ParseHTML", "beginData", InspectorP arseHtmlEvent::beginData(document(), m_input.current().currentLine().zeroBasedIn t()));
627 627
628 m_xssAuditor.init(document(), &m_xssAuditorDelegate); 628 if (!isParsingFragment())
629 m_xssAuditor.init(document(), &m_xssAuditorDelegate);
629 630
630 while (canTakeNextToken()) { 631 while (canTakeNextToken()) {
631 if (!isParsingFragment()) 632 if (m_xssAuditor.isEnabled())
632 m_sourceTracker.start(m_input.current(), m_tokenizer.get(), token()) ; 633 m_sourceTracker.start(m_input.current(), m_tokenizer.get(), token()) ;
633 634
634 if (!m_tokenizer->nextToken(m_input.current(), token())) 635 if (!m_tokenizer->nextToken(m_input.current(), token()))
635 break; 636 break;
636 637
637 if (!isParsingFragment()) { 638 if (m_xssAuditor.isEnabled()) {
638 m_sourceTracker.end(m_input.current(), m_tokenizer.get(), token()); 639 m_sourceTracker.end(m_input.current(), m_tokenizer.get(), token());
639 640
640 // We do not XSS filter innerHTML, which means we (intentionally) fa il 641 // We do not XSS filter innerHTML, which means we (intentionally) fa il
641 // http/tests/security/xssAuditor/dom-write-innerHTML.html 642 // http/tests/security/xssAuditor/dom-write-innerHTML.html
642 if (OwnPtr<XSSInfo> xssInfo = m_xssAuditor.filterToken(FilterTokenRe quest(token(), m_sourceTracker, m_tokenizer->shouldAllowCDATA()))) 643 if (OwnPtr<XSSInfo> xssInfo = m_xssAuditor.filterToken(FilterTokenRe quest(token(), m_sourceTracker, m_tokenizer->shouldAllowCDATA())))
643 m_xssAuditorDelegate.didBlockScript(*xssInfo); 644 m_xssAuditorDelegate.didBlockScript(*xssInfo);
644 } 645 }
645 646
646 constructTreeFromHTMLToken(); 647 constructTreeFromHTMLToken();
647 ASSERT(isStopped() || token().isUninitialized()); 648 ASSERT(isStopped() || token().isUninitialized());
(...skipping 472 matching lines...) Expand 10 before | Expand all | Expand 10 after
1120 void HTMLDocumentParser::setDecoder(PassOwnPtr<TextResourceDecoder> decoder) 1121 void HTMLDocumentParser::setDecoder(PassOwnPtr<TextResourceDecoder> decoder)
1121 { 1122 {
1122 ASSERT(decoder); 1123 ASSERT(decoder);
1123 DecodedDataDocumentParser::setDecoder(decoder); 1124 DecodedDataDocumentParser::setDecoder(decoder);
1124 1125
1125 if (m_haveBackgroundParser) 1126 if (m_haveBackgroundParser)
1126 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParse r::setDecoder, AllowCrossThreadAccess(m_backgroundParser), takeDecoder())); 1127 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParse r::setDecoder, AllowCrossThreadAccess(m_backgroundParser), takeDecoder()));
1127 } 1128 }
1128 1129
1129 } 1130 }
OLDNEW
« no previous file with comments | « Source/core/html/parser/BackgroundHTMLParser.cpp ('k') | Source/core/html/parser/XSSAuditor.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698