Highlight relfected XSS vectors in view-source page.

Source/core/html/HTMLViewSourceDocument.cpp

 /*
  * Copyright (C) 2006, 2008, 2009, 2010 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 68 matching lines @@
     body->parserAppendChild(div);
 
     RefPtrWillBeRawPtr<HTMLTableElement> table = HTMLTableElement::create(*this);
     body->parserAppendChild(table);
     m_tbody = HTMLTableSectionElement::create(tbodyTag, *this);
     table->parserAppendChild(m_tbody);
     m_current = m_tbody;
     m_lineNumber = 0;
 }
 
-void HTMLViewSourceDocument::addSource(const String& source, HTMLToken& token)
+void HTMLViewSourceDocument::addSource(const String& source, HTMLToken& token, bool highlight)
 {
     if (!m_current)
         createContainingTable();
 
     switch (token.type()) {
     case HTMLToken::Uninitialized:
         ASSERT_NOT_REACHED();
         break;
     case HTMLToken::DOCTYPE:
         processDoctypeToken(source, token);
         break;
     case HTMLToken::EndOfFile:
         processEndOfFileToken(source, token);
         break;
     case HTMLToken::StartTag:
     case HTMLToken::EndTag:
-        processTagToken(source, token);
+        processTagToken(source, token, highlight);
         break;
     case HTMLToken::Comment:
         processCommentToken(source, token);
         break;
     case HTMLToken::Character:
-        processCharacterToken(source, token);
+        processCharacterToken(source, token, highlight);
         break;
     }
 }
 
 void HTMLViewSourceDocument::processDoctypeToken(const String& source, HTMLToken&)
 {
     m_current = addSpanWithClassName("webkit-html-doctype");
     addText(source, "webkit-html-doctype");
     m_current = m_td;
 }
 
 void HTMLViewSourceDocument::processEndOfFileToken(const String& source, HTMLToken&)
 {
     m_current = addSpanWithClassName("webkit-html-end-of-file");
     addText(source, "webkit-html-end-of-file");
     m_current = m_td;
 }
 
-void HTMLViewSourceDocument::processTagToken(const String& source, HTMLToken& token)
+void HTMLViewSourceDocument::processTagToken(const String& source, HTMLToken& token, bool highlight)
 {
-    m_current = addSpanWithClassName("webkit-html-tag");
+    m_current = addSpanWithClassName(highlight ? "webkit-html-tag-highlight" : "webkit-html-tag");
 
     AtomicString tagName(token.name());
 
     unsigned index = 0;
     HTMLToken::AttributeList::const_iterator iter = token.attributes().begin();
     while (index < source.length()) {
         if (iter == token.attributes().end()) {
             // We want to show the remaining characters in the token.
             index = addRange(source, index, source.length(), emptyAtom);
             ASSERT(index == source.length());
@@ skipping 19 matching lines @@
     m_current = m_td;
 }
 
 void HTMLViewSourceDocument::processCommentToken(const String& source, HTMLToken&)
 {
     m_current = addSpanWithClassName("webkit-html-comment");
     addText(source, "webkit-html-comment");
     m_current = m_td;
 }
 
-void HTMLViewSourceDocument::processCharacterToken(const String& source, HTMLToken&)
+void HTMLViewSourceDocument::processCharacterToken(const String& source, HTMLToken&, bool highlight)
 {
-    addText(source, "");
+    addText(source, "", highlight);
 }
 
 PassRefPtr<Element> HTMLViewSourceDocument::addSpanWithClassName(const AtomicString& className)
 {
     if (m_current == m_tbody) {
         addLine(className);
         return m_current;
     }
 
     RefPtrWillBeRawPtr<HTMLSpanElement> span = HTMLSpanElement::create(*this);
@@ skipping 30 matching lines @@
 
 void HTMLViewSourceDocument::finishLine()
 {
     if (!m_current->hasChildren()) {
         RefPtrWillBeRawPtr<HTMLBRElement> br = HTMLBRElement::create(*this);
         m_current->parserAppendChild(br);
     }
     m_current = m_tbody;
 }
 
-void HTMLViewSourceDocument::addText(const String& text, const AtomicString& className)
+void HTMLViewSourceDocument::addText(const String& text, const AtomicString& className, bool highlight)
 {
     if (text.isEmpty())
         return;
 
     // Add in the content, splitting on newlines.
     Vector<String> lines;
     text.split('\n', true, lines);
     unsigned size = lines.size();
     for (unsigned i = 0; i < size; i++) {
         String substring = lines[i];
         if (m_current == m_tbody)
             addLine(className);
         if (substring.isEmpty()) {
             if (i == size - 1)
                 break;
             finishLine();
             continue;
         }
+        RefPtrWillBeRawPtr<Element> oldElement;
+        if (highlight) {
+            oldElement = m_current;
+            m_current = addSpanWithClassName("webkit-highlight");
+        }
         m_current->parserAppendChild(Text::create(*this, substring));
+        if (highlight)
+            m_current = oldElement;
         if (i < size - 1)
             finishLine();
     }
 }
 
 int HTMLViewSourceDocument::addRange(const String& source, int start, int end, const AtomicString& className, bool isLink, bool isAnchor, const AtomicString& link)
 {
     ASSERT(start <= end);
     if (start == end)
         return start;
@@ skipping 40 matching lines @@
 
 void HTMLViewSourceDocument::trace(Visitor* visitor)
 {
     visitor->trace(m_current);
     visitor->trace(m_tbody);
     visitor->trace(m_td);
     HTMLDocument::trace(visitor);
 }
 
 }