third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp - Issue 2524013002: XSS Auditor: Block by default. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(413)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp

Issue 2524013002: XSS Auditor: Block by default. (Closed)

Patch Set: Rebase+Test Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt ('k') | third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp

diff --git a/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp b/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp

index c0dbe2abde8735e9c052b093a1028ec244bdf7b2..55c5ccd9fe0ea4fd6293e40e1b5a3c4f9f98d14d 100644

--- a/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp

+++ b/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp

@@ -684,8 +684,13 @@ void HTMLDocumentParser::pumpTokenizer() {

// http/tests/security/xssAuditor/dom-write-innerHTML.html

if (std::unique_ptr<XSSInfo> xssInfo =

m_xssAuditor.filterToken(FilterTokenRequest(

- token(), m_sourceTracker, m_tokenizer->shouldAllowCDATA())))

+ token(), m_sourceTracker, m_tokenizer->shouldAllowCDATA()))) {

m_xssAuditorDelegate.didBlockScript(*xssInfo);

+ // If we're in blocking mode, we might stop the parser in

+ // 'didBlockScript()'. In that case, exit early.

+ if (!isParsing())

+ return;

+ }

}

constructTreeFromHTMLToken();

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt ('k') | third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698