Highlight relfected XSS vectors in view-source page.

Source/core/html/HTMLViewSourceDocument.cpp

Index: Source/core/html/HTMLViewSourceDocument.cpp
diff --git a/Source/core/html/HTMLViewSourceDocument.cpp b/Source/core/html/HTMLViewSourceDocument.cpp
index f6bdf10482eb912039a878c9472baa1046c0053a..ad3a771b2822b38ca7e0ac7bbf3e345649c3016b 100644
--- a/Source/core/html/HTMLViewSourceDocument.cpp
+++ b/Source/core/html/HTMLViewSourceDocument.cpp
@@ -86,7 +86,7 @@ void HTMLViewSourceDocument::createContainingTable()
     m_lineNumber = 0;
 }
 
-void HTMLViewSourceDocument::addSource(const String& source, HTMLToken& token)
+void HTMLViewSourceDocument::addSource(const String& source, HTMLToken& token, bool highlight)
 {
     if (!m_current)
         createContainingTable();
@@ -103,13 +103,13 @@ void HTMLViewSourceDocument::addSource(const String& source, HTMLToken& token)
         break;
     case HTMLToken::StartTag:
     case HTMLToken::EndTag:
-        processTagToken(source, token);
+        processTagToken(source, token, highlight);
         break;
     case HTMLToken::Comment:
         processCommentToken(source, token);
         break;
     case HTMLToken::Character:
-        processCharacterToken(source, token);
+        processCharacterToken(source, token, highlight);
         break;
     }
 }
@@ -128,9 +128,9 @@ void HTMLViewSourceDocument::processEndOfFileToken(const String& source, HTMLTok
     m_current = m_td;
 }
 
-void HTMLViewSourceDocument::processTagToken(const String& source, HTMLToken& token)
+void HTMLViewSourceDocument::processTagToken(const String& source, HTMLToken& token, bool highlight)
 {
-    m_current = addSpanWithClassName("webkit-html-tag");
+    m_current = addSpanWithClassName(highlight ? "webkit-html-tag-highlight" : "webkit-html-tag");
 
     AtomicString tagName(token.name());
 
@@ -170,9 +170,9 @@ void HTMLViewSourceDocument::processCommentToken(const String& source, HTMLToken
     m_current = m_td;
 }
 
-void HTMLViewSourceDocument::processCharacterToken(const String& source, HTMLToken&)
+void HTMLViewSourceDocument::processCharacterToken(const String& source, HTMLToken&, bool highlight)
 {
-    addText(source, "");
+    addText(source, "", highlight);
 }
 
 PassRefPtr<Element> HTMLViewSourceDocument::addSpanWithClassName(const AtomicString& className)
@@ -223,7 +223,7 @@ void HTMLViewSourceDocument::finishLine()
     m_current = m_tbody;
 }
 
-void HTMLViewSourceDocument::addText(const String& text, const AtomicString& className)
+void HTMLViewSourceDocument::addText(const String& text, const AtomicString& className, bool highlight)
 {
     if (text.isEmpty())
         return;
@@ -242,7 +242,14 @@ void HTMLViewSourceDocument::addText(const String& text, const AtomicString& cla
             finishLine();
             continue;
         }
+        RefPtrWillBeRawPtr<Element> oldElement;
+        if (highlight) {
+            oldElement = m_current;
+            m_current = addSpanWithClassName("webkit-highlight");
+        }
         m_current->parserAppendChild(Text::create(*this, substring));
+        if (highlight)
+            m_current = oldElement;
         if (i < size - 1)
             finishLine();
     }