| Index: Source/core/html/parser/HTMLViewSourceParser.cpp
|
| diff --git a/Source/core/html/parser/HTMLViewSourceParser.cpp b/Source/core/html/parser/HTMLViewSourceParser.cpp
|
| index 4288d3e900a82bc701b20adad6e659d7749c6906..d504a4c570335f034057e9268ca028b4b72cabd8 100644
|
| --- a/Source/core/html/parser/HTMLViewSourceParser.cpp
|
| +++ b/Source/core/html/parser/HTMLViewSourceParser.cpp
|
| @@ -30,6 +30,7 @@
|
| #include "core/html/parser/HTMLParserIdioms.h"
|
| #include "core/html/parser/HTMLParserOptions.h"
|
| #include "core/html/parser/HTMLToken.h"
|
| +#include "core/html/parser/XSSAuditorDelegate.h"
|
|
|
| namespace WebCore {
|
|
|
| @@ -43,13 +44,17 @@ HTMLViewSourceParser::HTMLViewSourceParser(HTMLViewSourceDocument& document, con
|
|
|
| void HTMLViewSourceParser::pumpTokenizer()
|
| {
|
| + m_xssAuditor.init(document(), 0);
|
| +
|
| while (true) {
|
| m_sourceTracker.start(m_input.current(), m_tokenizer.get(), m_token);
|
| if (!m_tokenizer->nextToken(m_input.current(), m_token))
|
| return;
|
| m_sourceTracker.end(m_input.current(), m_tokenizer.get(), m_token);
|
|
|
| - document()->addSource(m_sourceTracker.sourceForToken(m_token), m_token);
|
| + OwnPtr<XSSInfo> xssInfo = m_xssAuditor.filterToken(FilterTokenRequest(m_token, m_sourceTracker, m_tokenizer->shouldAllowCDATA()));
|
| + HTMLViewSourceDocument::SourceAnnotation annotation = xssInfo ? HTMLViewSourceDocument::AnnotateSourceAsXSS : HTMLViewSourceDocument::AnnotateSourceAsSafe;
|
| + document()->addSource(m_sourceTracker.sourceForToken(m_token), m_token, annotation);
|
|
|
| // FIXME: The tokenizer should do this work for us.
|
| if (m_token.type() == HTMLToken::StartTag)
|
|
|
Chromium Code Reviews
Issue 301813002:
Highlight relfected XSS vectors in view-source page. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk