26555 2009-06-19 11:54:45 -0700 Fix Chromium canary bot 2009-06-19 16:44:27 -0700 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 abarth abarth abarth dglazkov levin paul oldest_to_newest 126986 0 abarth 2009-06-19 11:54:45 -0700 The Chromium canary bot is unhappy with some parts of the XSSAuditor. Patch forthcoming. 126994 1 31559 abarth 2009-06-19 12:23:48 -0700 Created attachment 31559 patch 127009 2 31559 dglazkov 2009-06-19 13:01:57 -0700 Comment on attachment 31559 patch yay! 127014 3 abarth 2009-06-19 13:21:08 -0700 Will land. DRT is chugging along as we speak. 127021 4 abarth 2009-06-19 13:40:44 -0700 Sending WebCore/ChangeLog Sending WebCore/bindings/js/ScriptController.cpp Sending WebCore/bindings/js/ScriptSourceCode.h Sending WebCore/bindings/v8/ScriptController.cpp Sending WebCore/page/XSSAuditor.cpp Sending WebCore/page/XSSAuditor.h Transmitting file data ...... Committed revision 44869. 127054 5 darin 2009-06-19 16:00:51 -0700 The source() function in ScriptSourceCode.h looks bad to me. It looks like JavaScriptCore is being forced to copy some code -- won't that make things slow? 127056 6 levin 2009-06-19 16:12:42 -0700 I agree with Darin. It looks like that copy was in there before *but* it was only done when m_isEnabled was true. 59 bool XSSAuditor::canEvaluate(const ScriptSourceCode& sourceCode) const 60 { 61 if (!m_isEnabled) 62 return true; 63 64 return canEvaluate(String(sourceCode.jsSourceCode().data(), sourceCode.jsSourceCode().length())); A simple fix to restore old behavior would be to change this line 84 if (!m_XSSAuditor->canEvaluate(sourceCode.source())) { to 84 if (m_XSSAuditor->isEnabled() && !m_XSSAuditor->canEvaluate(sourceCode.source())) { 127057 7 abarth 2009-06-19 16:19:56 -0700 (In reply to comment #5) > The source() function in ScriptSourceCode.h looks bad to me. It looks like > JavaScriptCore is being forced to copy some code -- won't that make things > slow? Maybe ScriptSourceCode should just grab a reference to the string on construction? It looks like the string is kept alive anyway because the ScriptSourceCode holds a JSC::SourceCode which holds a RefPtr<SourceProvider> which holds String m_source (via StringSourceProvider : public JSC::SourceProvider). 127062 8 31572 abarth 2009-06-19 16:35:34 -0700 Created attachment 31572 work-in-progress patch 127067 9 abarth 2009-06-19 16:44:27 -0700 Follow patch in https://bugs.webkit.org/show_bug.cgi?id=26561 31559 2009-06-19 12:23:48 -0700 2009-06-19 13:01:57 -0700 patch canary.patch text/plain 4248 abarth SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDQ0ODYy KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTggQEAKKzIwMDktMDYt MTkgIGFiYXJ0aCAgPGFiYXJ0aEB3ZWJraXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0yNjU1NQorCisgICAgICAgIEZpeCB0aGUgQ2hyb21pdW0gY2FuYXJ5IGJvdC4gIFR1 cm5zIG91dCBTY3JpcHRTb3VyY2VDb2RlIGRvZXNuJ3QgaGF2ZQorICAgICAgICB0aGUgc2FtZSBB UEkgaW4gVjggYW5kIEpTQy4KKworICAgICAgICAqIFdlYkNvcmUvYmluZGluZ3MvanMvU2NyaXB0 Q29udHJvbGxlci5jcHA6CisgICAgICAgICogV2ViQ29yZS9iaW5kaW5ncy9qcy9TY3JpcHRTb3Vy Y2VDb2RlLmg6CisgICAgICAgICogV2ViQ29yZS9iaW5kaW5ncy92OC9TY3JpcHRDb250cm9sbGVy LmNwcDoKKyAgICAgICAgKiBXZWJDb3JlL3BhZ2UvWFNTQXVkaXRvci5jcHA6CisgICAgICAgICog V2ViQ29yZS9wYWdlL1hTU0F1ZGl0b3IuaDoKKwogMjAwOS0wNi0xNSAgWGFuIExvcGV6ICA8eGxv cGV6QGlnYWxpYS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgR3VzdGF2byBOb3JvbmhhLgpJ bmRleDogV2ViQ29yZS9iaW5kaW5ncy9qcy9TY3JpcHRDb250cm9sbGVyLmNwcAo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBXZWJDb3JlL2JpbmRpbmdzL2pzL1NjcmlwdENvbnRyb2xsZXIuY3BwCShyZXZpc2lvbiA0 NDg0NykKKysrIFdlYkNvcmUvYmluZGluZ3MvanMvU2NyaXB0Q29udHJvbGxlci5jcHAJKHdvcmtp bmcgY29weSkKQEAgLTgxLDE0ICs4MSwxNCBAQCBTY3JpcHRDb250cm9sbGVyOjp+U2NyaXB0Q29u dHJvbGxlcigpCiAKIFNjcmlwdFZhbHVlIFNjcmlwdENvbnRyb2xsZXI6OmV2YWx1YXRlKGNvbnN0 IFNjcmlwdFNvdXJjZUNvZGUmIHNvdXJjZUNvZGUpIAogewotICAgIGlmICghbV9YU1NBdWRpdG9y LT5jYW5FdmFsdWF0ZShzb3VyY2VDb2RlKSkgeworICAgIGlmICghbV9YU1NBdWRpdG9yLT5jYW5F dmFsdWF0ZShzb3VyY2VDb2RlLnNvdXJjZSgpKSkgewogICAgICAgICAvLyBUaGlzIHNjcmlwdCBp cyBub3Qgc2FmZSB0byBiZSBldmFsdWF0ZWQuCiAgICAgICAgIHJldHVybiBKU1ZhbHVlKCk7CiAg ICAgfQotICAgIAorCiAgICAgLy8gZXZhbHVhdGUgY29kZS4gUmV0dXJucyB0aGUgSlMgcmV0dXJu IHZhbHVlIG9yIDAKICAgICAvLyBpZiB0aGVyZSB3YXMgbm9uZSwgYW4gZXJyb3Igb2NjdXJlZCBv ciB0aGUgdHlwZSBjb3VsZG4ndCBiZSBjb252ZXJ0ZWQuCi0gICAgCisKICAgICBjb25zdCBTb3Vy Y2VDb2RlJiBqc1NvdXJjZUNvZGUgPSBzb3VyY2VDb2RlLmpzU291cmNlQ29kZSgpOwogCiAgICAg aW5pdFNjcmlwdElmTmVlZGVkKCk7CkluZGV4OiBXZWJDb3JlL2JpbmRpbmdzL2pzL1NjcmlwdFNv dXJjZUNvZGUuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL2JpbmRpbmdzL2pzL1NjcmlwdFNvdXJj ZUNvZGUuaAkocmV2aXNpb24gNDQ4NDcpCisrKyBXZWJDb3JlL2JpbmRpbmdzL2pzL1NjcmlwdFNv dXJjZUNvZGUuaAkod29ya2luZyBjb3B5KQpAQCAtNTMsNiArNTMsOSBAQCBwdWJsaWM6CiAKICAg ICBjb25zdCBKU0M6OlNvdXJjZUNvZGUmIGpzU291cmNlQ29kZSgpIGNvbnN0IHsgcmV0dXJuIG1f Y29kZTsgfQogCisgICAgLy8gTm90ZSB0aGUgbWVtY3B5IQorICAgIFN0cmluZyBzb3VyY2UoKSB7 IHJldHVybiBTdHJpbmcobV9jb2RlLmRhdGEoKSwgbV9jb2RlLmxlbmd0aCgpKTsgfQorCiBwcml2 YXRlOgogICAgIEpTQzo6U291cmNlQ29kZSBtX2NvZGU7CiB9OwpJbmRleDogV2ViQ29yZS9iaW5k aW5ncy92OC9TY3JpcHRDb250cm9sbGVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL2JpbmRp bmdzL3Y4L1NjcmlwdENvbnRyb2xsZXIuY3BwCShyZXZpc2lvbiA0NDg0OSkKKysrIFdlYkNvcmUv YmluZGluZ3MvdjgvU2NyaXB0Q29udHJvbGxlci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTE4OCw3 ICsxODgsNyBAQCB2b2lkIFNjcmlwdENvbnRyb2xsZXI6OmV2YWx1YXRlSW5OZXdDb250CiAvLyBF dmFsdWF0ZSBhIHNjcmlwdCBmaWxlIGluIHRoZSBlbnZpcm9ubWVudCBvZiB0aGlzIHByb3h5Lgog U2NyaXB0VmFsdWUgU2NyaXB0Q29udHJvbGxlcjo6ZXZhbHVhdGUoY29uc3QgU2NyaXB0U291cmNl Q29kZSYgc291cmNlQ29kZSkKIHsKLSAgICBpZiAoIW1fWFNTQXVkaXRvci0+Y2FuRXZhbHVhdGUo c291cmNlQ29kZSkpIHsKKyAgICBpZiAoIW1fWFNTQXVkaXRvci0+Y2FuRXZhbHVhdGUoc291cmNl Q29kZS5zb3VyY2UoKSkpIHsKICAgICAgICAgLy8gVGhpcyBzY3JpcHQgaXMgbm90IHNhZmUgdG8g YmUgZXZhbHVhdGVkLgogICAgICAgICByZXR1cm4gU2NyaXB0VmFsdWUoKTsKICAgICB9CkluZGV4 OiBXZWJDb3JlL3BhZ2UvWFNTQXVkaXRvci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9wYWdl L1hTU0F1ZGl0b3IuY3BwCShyZXZpc2lvbiA0NDg0NykKKysrIFdlYkNvcmUvcGFnZS9YU1NBdWRp dG9yLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMjcsOSArMjcsMTIgQEAKICNpbmNsdWRlICJjb25m aWcuaCIKICNpbmNsdWRlICJYU1NBdWRpdG9yLmgiCiAKKyNpbmNsdWRlIDx3dGYvU3RkTGliRXh0 cmFzLmg+CisKICNpbmNsdWRlICJDb25zb2xlLmgiCiAjaW5jbHVkZSAiQ1N0cmluZy5oIgogI2lu Y2x1ZGUgIkRvY3VtZW50TG9hZGVyLmgiCisjaW5jbHVkZSAiRE9NV2luZG93LmgiCiAjaW5jbHVk ZSAiRnJhbWUuaCIKICNpbmNsdWRlICJLVVJMLmgiCiAjaW5jbHVkZSAiU2NyaXB0U291cmNlQ29k ZS5oIgpAQCAtNTYsMTQgKzU5LDYgQEAgWFNTQXVkaXRvcjo6flhTU0F1ZGl0b3IoKQogewogfQog ICAKLWJvb2wgWFNTQXVkaXRvcjo6Y2FuRXZhbHVhdGUoY29uc3QgU2NyaXB0U291cmNlQ29kZSYg c291cmNlQ29kZSkgY29uc3QKLXsKLSAgICBpZiAoIW1faXNFbmFibGVkKQotICAgICAgICByZXR1 cm4gdHJ1ZTsKLSAgICAKLSAgICByZXR1cm4gY2FuRXZhbHVhdGUoU3RyaW5nKHNvdXJjZUNvZGUu anNTb3VyY2VDb2RlKCkuZGF0YSgpLCBzb3VyY2VDb2RlLmpzU291cmNlQ29kZSgpLmxlbmd0aCgp KSk7Ci19Ci0gIAogYm9vbCBYU1NBdWRpdG9yOjpjYW5FdmFsdWF0ZShjb25zdCBTdHJpbmcmIHNv dXJjZUNvZGUpIGNvbnN0CiB7CiAgICAgaWYgKCFtX2lzRW5hYmxlZCkKSW5kZXg6IFdlYkNvcmUv cGFnZS9YU1NBdWRpdG9yLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9wYWdlL1hTU0F1ZGl0b3Iu aAkocmV2aXNpb24gNDQ4NDcpCisrKyBXZWJDb3JlL3BhZ2UvWFNTQXVkaXRvci5oCSh3b3JraW5n IGNvcHkpCkBAIC03NCwxMCArNzQsNiBAQCBuYW1lc3BhY2UgV2ViQ29yZSB7CiAKICAgICAgICAg Ly8gRGV0ZXJtaW5lcyB3aGV0aGVyIHRoZSBzY3JpcHQgc2hvdWxkIGJlIGFsbG93ZWQgb3IgZGVu aWVkIGV4ZWN1dGlvbgogICAgICAgICAvLyBiYXNlZCBvbiB0aGUgY29udGVudCBvZiBhbnkgdXNl ci1zdWJtaXR0ZWQgZGF0YS4KLSAgICAgICAgYm9vbCBjYW5FdmFsdWF0ZShjb25zdCBTY3JpcHRT b3VyY2VDb2RlJiBzb3VyY2VDb2RlKSBjb25zdDsKLQotICAgICAgICAvLyBEZXRlcm1pbmVzIHdo ZXRoZXIgdGhlIHNjcmlwdCBzaG91bGQgYmUgYWxsb3dlZCBvciBkZW5pZWQgZXhlY3V0aW9uCi0g ICAgICAgIC8vIGJhc2VkIG9uIHRoZSBjb250ZW50IG9mIGFueSB1c2VyLXN1Ym1pdHRlZCBkYXRh LgogICAgICAgICBib29sIGNhbkV2YWx1YXRlKGNvbnN0IFN0cmluZyYgc291cmNlQ29kZSkgY29u c3Q7CiAKICAgICAgICAgLy8gRGV0ZXJtaW5lcyB3aGV0aGVyIHRoZSBldmVudCBsaXN0ZW5lciBz aG91bGQgYmUgY3JlYXRlZCBiYXNlZCBvbiB0aGUK 31572 2009-06-19 16:35:34 -0700 2009-06-19 16:35:34 -0700 work-in-progress patch proto.patch text/plain 807 abarth SW5kZXg6IFNjcmlwdFNvdXJjZUNvZGUuaA0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KLS0tIFNjcmlwdFNvdXJjZUNv ZGUuaAkocmV2aXNpb24gNDQ4NDcpDQorKysgU2NyaXB0U291cmNlQ29kZS5oCSh3b3JraW5nIGNv cHkpDQpAQCAtNDEsNiArNDEsNyBAQA0KIHB1YmxpYzoKICAgICBTY3JpcHRTb3VyY2VDb2RlKGNv bnN0IFN0cmluZyYgc291cmNlLCBjb25zdCBLVVJMJiB1cmwgPSBLVVJMKCksIGludCBzdGFydExp bmUgPSAxKQogICAgICAgICA6IG1fY29kZShtYWtlU291cmNlKHNvdXJjZSwgdXJsLmlzTnVsbCgp ID8gU3RyaW5nKCkgOiB1cmwuc3RyaW5nKCksIHN0YXJ0TGluZSkpCisgICAgICAgICwgbV9zb3Vy Y2Uoc291cmNlKQogICAgIHsKICAgICB9CiAKQEAgLTUzLDggKzU0LDE0IEBADQogCiAgICAgY29u c3QgSlNDOjpTb3VyY2VDb2RlJiBqc1NvdXJjZUNvZGUoKSBjb25zdCB7IHJldHVybiBtX2NvZGU7 IH0KIAorICAgIFN0cmluZyBzb3VyY2UoKSYgeyByZXR1cm4gbV9zb3VyY2U7IH0KKwogcHJpdmF0 ZToKICAgICBKU0M6OlNvdXJjZUNvZGUgbV9jb2RlOworCisgICAgLy8gVGhpcyBzYW1lIHN0cmlu ZyBpcyBhY3R1YWxseSBidXJpZWQgaW4gbV9jb2RlLCBidXQgdGhlcmUgaXNuJ3QgYSBjbGVhbgor ICAgIC8vIHdhbnQgdG8gd3JpdGUgYW4gYWNjZXNzb3IgZm9yIGl0LCBzbyB3ZSBjYWNoZSBhIHJl ZmVybmNlIHRvIGl0LgorICAgIFN0cmluZyBtX3NvdXJjZTsKIH07CiAKIH0gLy8gbmFtZXNwYWNl IFdlYkNvcmUK