Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 337143004: Fix XSSAuditor handling of semicolon-separated attributes. (Closed)

Created:
6 years, 6 months ago by Tom Sepez
Modified:
6 years, 6 months ago
Reviewers:
abarth-chromium
CC:
darktears, blink-reviews, blink-reviews-animation_chromium.org, blink-reviews-html_chromium.org, dglazkov+blink, dstockwell, Eric Willigers, Mike Lawther (Google), rjwright, shans, Steve Block, Timothy Loh
Project:
blink
Visibility:
Public.

Description

This is another corner case where clutter from the page may prevent the XSSAuditor from performing a proper match. Compare attr="subvalue;subvalue;clutter" on a per-subvalue basis for the first suspicious subvalue. BUG=384077 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=176359

Patch Set 1 #

Patch Set 2 : Rebase. #

Patch Set 3 : Restore lost FIXME comment. #

Total comments: 1

Patch Set 4 : Use emptyString() #

Unified diffs Side-by-side diffs Delta from patch set Stats (+35 lines, -17 lines) Patch
A + LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter.html View 1 chunk +1 line, -1 line 0 comments Download
A + LayoutTests/http/tests/security/xssAuditor/svg-animate-clutter-expected.txt View 2 chunks +1 line, -4 lines 0 comments Download
M Source/core/html/parser/XSSAuditor.h View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/html/parser/XSSAuditor.cpp View 1 2 3 3 chunks +32 lines, -12 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
Tom Sepez
Adam, please review. This is the follow-on CL enabled by yesterday's refactoring. Thanks.
6 years, 6 months ago (2014-06-17 18:58:07 UTC) #1
abarth-chromium
lgtm https://codereview.chromium.org/337143004/diff/40001/Source/core/html/parser/XSSAuditor.cpp File Source/core/html/parser/XSSAuditor.cpp (right): https://codereview.chromium.org/337143004/diff/40001/Source/core/html/parser/XSSAuditor.cpp#newcode261 Source/core/html/parser/XSSAuditor.cpp:261: return String(""); return emptyString()
6 years, 6 months ago (2014-06-17 21:54:07 UTC) #2
Tom Sepez
The CQ bit was checked by tsepez@chromium.org
6 years, 6 months ago (2014-06-17 21:59:25 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tsepez@chromium.org/337143004/60001
6 years, 6 months ago (2014-06-17 21:59:36 UTC) #4
commit-bot: I haz the power
6 years, 6 months ago (2014-06-17 23:08:22 UTC) #5
Message was sent while issue was closed. 
Change committed as 176359

Powered by Google App Engine
This is Rietveld 408576698