Highlight relfected XSS vectors in view-source page.

Source/core/html/parser/HTMLViewSourceParser.cpp

Index: Source/core/html/parser/HTMLViewSourceParser.cpp
diff --git a/Source/core/html/parser/HTMLViewSourceParser.cpp b/Source/core/html/parser/HTMLViewSourceParser.cpp
index 4288d3e900a82bc701b20adad6e659d7749c6906..8947567bb5ee1d1954977289478d5f21dcf93ceb 100644
--- a/Source/core/html/parser/HTMLViewSourceParser.cpp
+++ b/Source/core/html/parser/HTMLViewSourceParser.cpp
@@ -30,6 +30,7 @@
 #include "core/html/parser/HTMLParserIdioms.h"
 #include "core/html/parser/HTMLParserOptions.h"
 #include "core/html/parser/HTMLToken.h"
+#include "core/html/parser/XSSAuditorDelegate.h"
 
 namespace WebCore {
 
@@ -43,13 +44,16 @@ HTMLViewSourceParser::HTMLViewSourceParser(HTMLViewSourceDocument& document, con
 
 void HTMLViewSourceParser::pumpTokenizer()
 {
+    m_xssAuditor.init(document(), 0);
+
     while (true) {
         m_sourceTracker.start(m_input.current(), m_tokenizer.get(), m_token);
         if (!m_tokenizer->nextToken(m_input.current(), m_token))
             return;
         m_sourceTracker.end(m_input.current(), m_tokenizer.get(), m_token);
 
-        document()->addSource(m_sourceTracker.sourceForToken(m_token), m_token);
+        OwnPtr<XSSInfo> xssInfo = m_xssAuditor.filterToken(FilterTokenRequest(m_token, m_sourceTracker, m_tokenizer->shouldAllowCDATA()));
+        document()->addSource(m_sourceTracker.sourceForToken(m_token), m_token, !!xssInfo);
 
         // FIXME: The tokenizer should do this work for us.
         if (m_token.type() == HTMLToken::StartTag)