Chromium Code Reviews Chromium Code Reviews
Issue 14327009:
XSSAuditor performance regression in M26 (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
| 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 220 , m_didSendValidCSPHeader(false) | 220 , m_didSendValidCSPHeader(false) |
| 221 , m_didSendValidXSSProtectionHeader(false) | 221 , m_didSendValidXSSProtectionHeader(false) |
| 222 , m_state(Uninitialized) | 222 , m_state(Uninitialized) |
| 223 , m_scriptTagNestingLevel(0) | 223 , m_scriptTagNestingLevel(0) |
| 224 , m_encoding(UTF8Encoding()) | 224 , m_encoding(UTF8Encoding()) |
| 225 { | 225 { |
| 226 // Although tempting to call init() at this point, the various objects | 226 // Although tempting to call init() at this point, the various objects |
| 227 // we want to reference might not all have been constructed yet. | 227 // we want to reference might not all have been constructed yet. |
| 228 } | 228 } |
| 229 | 229 |
| 230 void XSSAuditor::initForFragment() | |
| 231 { | |
| 232 ASSERT(isMainThread()); | |
| 233 ASSERT(m_state == Uninitialized); | |
| 234 m_state = Initialized; | |
| 235 // When parsing a fragment, we don't enable the XSS auditor because it's | |
| 236 // too much overhead. | |
| 237 ASSERT(!m_isEnabled); | |
| 238 } | |
| 239 | |
| 230 void XSSAuditor::init(Document* document, XSSAuditorDelegate* auditorDelegate) | 240 void XSSAuditor::init(Document* document, XSSAuditorDelegate* auditorDelegate) |
| 231 { | 241 { |
| 232 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. | 242 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. |
| 233 const int suffixTreeDepth = 5; | 243 const int suffixTreeDepth = 5; |
| 234 | 244 |
| 235 ASSERT(isMainThread()); | 245 ASSERT(isMainThread()); |
| 236 if (m_state == Initialized) | 246 if (m_state == Initialized) |
| 237 return; | 247 return; |
| 238 ASSERT(m_state == Uninitialized); | 248 ASSERT(m_state == Uninitialized); |
| 239 m_state = Initialized; | 249 m_state = Initialized; |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 317 | 327 |
| 318 if (m_decodedURL.isEmpty() && m_decodedHTTPBody.isEmpty()) { | 328 if (m_decodedURL.isEmpty() && m_decodedHTTPBody.isEmpty()) { |
| 319 m_isEnabled = false; | 329 m_isEnabled = false; |
| 320 return; | 330 return; |
| 321 } | 331 } |
| 322 } | 332 } |
| 323 | 333 |
| 324 PassOwnPtr<XSSInfo> XSSAuditor::filterToken(const FilterTokenRequest& request) | 334 PassOwnPtr<XSSInfo> XSSAuditor::filterToken(const FilterTokenRequest& request) |
| 325 { | 335 { |
| 326 ASSERT(m_state == Initialized); | 336 ASSERT(m_state == Initialized); |
| 327 if (!m_isEnabled || m_xssProtection == ContentSecurityPolicy::AllowReflected XSS) | 337 if (!m_isEnabled || m_xssProtection == ContentSecurityPolicy::AllowReflected XSS) |
|
tonyg
2013/04/22 16:06:01
Would it be cleaner to flip the order of the !m_is
abarth-chromium
2013/04/22 18:14:55
Yeah, that makes a lot of sense.
| |
| 328 return nullptr; | 338 return nullptr; |
| 329 | 339 |
| 330 bool didBlockScript = false; | 340 bool didBlockScript = false; |
| 331 if (request.token.type() == HTMLToken::StartTag) | 341 if (request.token.type() == HTMLToken::StartTag) |
| 332 didBlockScript = filterStartToken(request); | 342 didBlockScript = filterStartToken(request); |
| 333 else if (m_scriptTagNestingLevel) { | 343 else if (m_scriptTagNestingLevel) { |
| 334 if (request.token.type() == HTMLToken::Character) | 344 if (request.token.type() == HTMLToken::Character) |
| 335 didBlockScript = filterCharacterToken(request); | 345 didBlockScript = filterCharacterToken(request); |
| 336 else if (request.token.type() == HTMLToken::EndTag) | 346 else if (request.token.type() == HTMLToken::EndTag) |
| 337 filterEndToken(request); | 347 filterEndToken(request); |
| (...skipping 389 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 727 | 737 |
| 728 bool XSSAuditor::isSafeToSendToAnotherThread() const | 738 bool XSSAuditor::isSafeToSendToAnotherThread() const |
| 729 { | 739 { |
| 730 return m_documentURL.isSafeToSendToAnotherThread() | 740 return m_documentURL.isSafeToSendToAnotherThread() |
| 731 && m_decodedURL.isSafeToSendToAnotherThread() | 741 && m_decodedURL.isSafeToSendToAnotherThread() |
| 732 && m_decodedHTTPBody.isSafeToSendToAnotherThread() | 742 && m_decodedHTTPBody.isSafeToSendToAnotherThread() |
| 733 && m_cachedDecodedSnippet.isSafeToSendToAnotherThread(); | 743 && m_cachedDecodedSnippet.isSafeToSendToAnotherThread(); |
| 734 } | 744 } |
| 735 | 745 |
| 736 } // namespace WebCore | 746 } // namespace WebCore |
| OLD | NEW |
