40659 2010-06-16 01:12:37 -0700 Switch XSSAuditor over to using new entity parser 2011-05-23 10:15:19 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Other OS X 10.5 RESOLVED FIXED P2 Normal --- 39259 1 abarth abarth eric oldest_to_newest 238716 0 abarth 2010-06-16 01:12:37 -0700 Switch XSSAuditor over to using new entity parser 238717 1 58858 abarth 2010-06-16 01:14:13 -0700 Created attachment 58858 wip 238721 2 58860 abarth 2010-06-16 01:27:14 -0700 Created attachment 58860 Patch 238724 3 58860 eric 2010-06-16 01:30:44 -0700 Comment on attachment 58860 Patch So this is not reflected in the tests in any way? There are certainly many more entities supported in HTML5 than in our old parser. 238728 4 abarth 2010-06-16 01:37:12 -0700 Yeah, but the two backend to the same entity list. Maybe we could use surrogate pairs? 238730 5 eric 2010-06-16 01:38:35 -0700 Does HTML5 support different entities in terms of � style? I thought it supported longer or shorter lists of digits there? 238733 6 abarth 2010-06-16 01:48:20 -0700 Another possibility is CR, which think the old entity parser converted to LF. 243506 7 58860 eric 2010-06-27 14:52:03 -0700 Comment on attachment 58860 Patch no tests. 408027 8 abarth 2011-05-23 10:15:19 -0700 This happened a while ago! 58858 2010-06-16 01:14:13 -0700 2010-06-16 01:27:10 -0700 wip bug-40659-20100616011412.patch text/plain 1747 abarth SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2MTI0MCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTggQEAKKzIwMTAtMDYtMTYgIEFkYW0gQmFydGggIDxhYmFydGhAd2Via2l0Lm9y Zz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBTd2l0 Y2ggWFNTQXVkaXRvciBvdmVyIHRvIHVzaW5nIG5ldyBlbnRpdHkgcGFyc2VyCisgICAgICAgIGh0 dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00MDY1OQorCisgICAgICAgIFRo ZSBYU1NBdWRpdG9yIG5lZWRzIHRvIHVzZSBhbiBlbnRpdHkgcGFyc2VyIHRoYXQgbWF0Y2hlcyB0 aGUgcmVhbAorICAgICAgICBwYXNlci4gIE5vdyB0aGF0IHdlJ3ZlIHN3aXRjaGVkIHRvIHVzaW5n IHRoZSBuZXcgcGFzZXIsIHdlIGNhbiBzd2l0Y2gKKyAgICAgICAgdGhlIGF1ZGl0b3IgdG9vLiAg SSdkIHJhdGhlciBtYWtlIHRoaXMgY29uZGl0aW9uYWwgb24gdGhlCisgICAgICAgIFdlYkNvcmU6 OlNldHRpbmcsIGJ1dCBJIGRvbid0IHNlZSBhIGNsZWFuIHdheSBvZiBkb2luZyB0aGF0LgorCisg ICAgICAgICogcGFnZS9YU1NBdWRpdG9yLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlhTU0F1ZGl0 b3I6OmRlY29kZUhUTUxFbnRpdGllcyk6CisKIDIwMTAtMDYtMTYgIEFkYW0gQmFydGggIDxhYmFy dGhAd2Via2l0Lm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBFcmljIFNlaWRlbC4KSW5kZXg6 IFdlYkNvcmUvcGFnZS9YU1NBdWRpdG9yLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL3BhZ2Uv WFNTQXVkaXRvci5jcHAJKHJldmlzaW9uIDYxMjM4KQorKysgV2ViQ29yZS9wYWdlL1hTU0F1ZGl0 b3IuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0zNCw2ICszNCw3IEBACiAjaW5jbHVkZSAiRG9jdW1l bnRMb2FkZXIuaCIKICNpbmNsdWRlICJET01XaW5kb3cuaCIKICNpbmNsdWRlICJGcmFtZS5oIgor I2luY2x1ZGUgIkhUTUw1RW50aXR5UGFzZXIuaCIKICNpbmNsdWRlICJLVVJMLmgiCiAjaW5jbHVk ZSAiUHJlbG9hZFNjYW5uZXIuaCIKICNpbmNsdWRlICJSZXNvdXJjZVJlc3BvbnNlQmFzZS5oIgpA QCAtMjc3LDcgKzI3OCw3IEBAIFN0cmluZyBYU1NBdWRpdG9yOjpkZWNvZGVIVE1MRW50aXRpZXMo Y28KICAgICAgICAgaWYgKGxlYXZlVW5kZWNvZGFibGVFbnRpdGllc1VudG91Y2hlZCkKICAgICAg ICAgICAgIHNvdXJjZVNoYWRvdyA9IHNvdXJjZTsKICAgICAgICAgYm9vbCBub3RFbm91Z2hDaGFy YWN0ZXJzID0gZmFsc2U7Ci0gICAgICAgIHVuc2lnbmVkIGVudGl0eSA9IFByZWxvYWRTY2FubmVy Ojpjb25zdW1lRW50aXR5KHNvdXJjZSwgbm90RW5vdWdoQ2hhcmFjdGVycyk7CisgICAgICAgIHVu c2lnbmVkIGVudGl0eSA9IGNvbnN1bWVIVE1MNUVudGl0eShzb3VyY2UsIG5vdEVub3VnaENoYXJh Y3RlcnMpOwogICAgICAgICAvLyBXZSBpZ25vcmUgbm90RW5vdWdoQ2hhcmFjdGVycyBiZWNhdXNl IHdlIG1pZ2h0IGFzIHdlbGwgdXNlIHRoaXMgbG9vcAogICAgICAgICAvLyB0byBjb3B5IHRoZSBy ZW1haW5pbmcgY2hhcmFjdGVycyBpbnRvIHxyZXN1bHR8LgogCg== 58860 2010-06-16 01:27:14 -0700 2010-06-27 14:52:03 -0700 Patch bug-40659-20100616012713.patch text/plain 2058 abarth ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg NzkwZTNhZmQyM2U4MmI0ZTJhNTViMjVmMmMxMGE5MDA1ZGM2YjI2YS4uYjM3MjZhOTI0NThkMjM2 YmIxZWU3ZGMyODQ5YTFkZmUzYTAyZDI0YyAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cK KysrIGIvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTIsNiArMiwyNCBAQAogCiAgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgogCisgICAgICAgIFN3aXRjaCBYU1NBdWRpdG9yIG92ZXIg dG8gdXNpbmcgbmV3IGVudGl0eSBwYXJzZXIKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTQwNjU5CisKKyAgICAgICAgVGhlIFhTU0F1ZGl0b3IgbmVlZHMg dG8gdXNlIGFuIGVudGl0eSBwYXJzZXIgdGhhdCBtYXRjaGVzIHRoZSByZWFsCisgICAgICAgIHBh c2VyLiAgTm93IHRoYXQgd2UndmUgc3dpdGNoZWQgdG8gdXNpbmcgdGhlIG5ldyBwYXNlciwgd2Ug Y2FuIHN3aXRjaAorICAgICAgICB0aGUgYXVkaXRvciB0b28uICBJJ2QgcmF0aGVyIG1ha2UgdGhp cyBjb25kaXRpb25hbCBvbiB0aGUKKyAgICAgICAgV2ViQ29yZTo6U2V0dGluZywgYnV0IEkgZG9u J3Qgc2VlIGEgY2xlYW4gd2F5IG9mIGRvaW5nIHRoYXQuCisKKyAgICAgICAgSWYgSSB3ZXJlIGNs ZXZlciwgSSdkIGZpbmQgYSB3YXkgb2YgdGVzdGluZyB0aGlzIGJ5IGZpZ3VyaW5nIG91dCBhCisg ICAgICAgIGRpZmZlcmVuY2UgYmV0d2VlbiB0aGVzZSB0d28gZW50aXR5IHBhcnNlcnMuLi4KKwor ICAgICAgICAqIHBhZ2UvWFNTQXVkaXRvci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpYU1NBdWRp dG9yOjpkZWNvZGVIVE1MRW50aXRpZXMpOgorCisyMDEwLTA2LTE2ICBBZGFtIEJhcnRoICA8YWJh cnRoQHdlYmtpdC5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK ICAgICAgICAgRG9uJ3QgY3Jhc2ggd2hlbiBhIGRvY3VtZW50IGVuZHMgd2l0aCBhbiBlbnRpdHkK ICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTQwNjU4CiAK ZGlmZiAtLWdpdCBhL1dlYkNvcmUvcGFnZS9YU1NBdWRpdG9yLmNwcCBiL1dlYkNvcmUvcGFnZS9Y U1NBdWRpdG9yLmNwcAppbmRleCBiNWFiYTc5ZDJiMThhNDM0N2E3MDBmN2YwMWU5NDg1YTQwZWMw ZWVlLi45MTNlMzI0YTYzZDFhNzNmNjgxNWM5MWRlOTY2Zjg1NGZjM2JmYTBiIDEwMDY0NAotLS0g YS9XZWJDb3JlL3BhZ2UvWFNTQXVkaXRvci5jcHAKKysrIGIvV2ViQ29yZS9wYWdlL1hTU0F1ZGl0 b3IuY3BwCkBAIC0zNCw2ICszNCw3IEBACiAjaW5jbHVkZSAiRG9jdW1lbnRMb2FkZXIuaCIKICNp bmNsdWRlICJET01XaW5kb3cuaCIKICNpbmNsdWRlICJGcmFtZS5oIgorI2luY2x1ZGUgIkhUTUw1 RW50aXR5UGFyc2VyLmgiCiAjaW5jbHVkZSAiS1VSTC5oIgogI2luY2x1ZGUgIlByZWxvYWRTY2Fu bmVyLmgiCiAjaW5jbHVkZSAiUmVzb3VyY2VSZXNwb25zZUJhc2UuaCIKQEAgLTI3Nyw3ICsyNzgs NyBAQCBTdHJpbmcgWFNTQXVkaXRvcjo6ZGVjb2RlSFRNTEVudGl0aWVzKGNvbnN0IFN0cmluZyYg c3RyaW5nLCBib29sIGxlYXZlVW5kZWNvZGFibAogICAgICAgICBpZiAobGVhdmVVbmRlY29kYWJs ZUVudGl0aWVzVW50b3VjaGVkKQogICAgICAgICAgICAgc291cmNlU2hhZG93ID0gc291cmNlOwog ICAgICAgICBib29sIG5vdEVub3VnaENoYXJhY3RlcnMgPSBmYWxzZTsKLSAgICAgICAgdW5zaWdu ZWQgZW50aXR5ID0gUHJlbG9hZFNjYW5uZXI6OmNvbnN1bWVFbnRpdHkoc291cmNlLCBub3RFbm91 Z2hDaGFyYWN0ZXJzKTsKKyAgICAgICAgdW5zaWduZWQgZW50aXR5ID0gY29uc3VtZUhUTUw1RW50 aXR5KHNvdXJjZSwgbm90RW5vdWdoQ2hhcmFjdGVycyk7CiAgICAgICAgIC8vIFdlIGlnbm9yZSBu b3RFbm91Z2hDaGFyYWN0ZXJzIGJlY2F1c2Ugd2UgbWlnaHQgYXMgd2VsbCB1c2UgdGhpcyBsb29w CiAgICAgICAgIC8vIHRvIGNvcHkgdGhlIHJlbWFpbmluZyBjaGFyYWN0ZXJzIGludG8gfHJlc3Vs dHwuCiAK