68092 2011-09-14 11:09:45 -0700 xssauditor - truncate inline snippets at a reasonable length before comparison 2011-09-16 22:15:18 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Minor --- 1 tsepez tsepez abarth dbates webkit.review.bot oldest_to_newest 467155 0 tsepez 2011-09-14 11:09:45 -0700 Work postponed from https://bugs.webkit.org/show_bug.cgi?id=27895. Truncating the snipped will cause a problem if we truncate in the middle of a %-escape sequence. Maybe we should canonicalize before trimming the snippet. 467488 1 tsepez 2011-09-14 17:30:53 -0700 alterative approach is to walk backwards from the end while the character is a hex digit, then check if we're preceded by % or %u. 467489 2 abarth 2011-09-14 17:32:12 -0700 What about the multiple encoding case? 468124 3 tsepez 2011-09-15 15:35:06 -0700 Yup. Let's try re-ordering, then. 468177 4 107570 tsepez 2011-09-15 17:33:20 -0700 Created attachment 107570 Proposed patch plus new test case Proposed patch plus test case. I manually tuned the length and confirmed the test case fails if we move the truncation prior to the decoding. The test case is kind of devious in that I wanted the alert to fire if the xss auditor didn't catch the issue, but without the ability to introduce strings or regexps via punctuation, I settled for a numeric expression, exploiting the dual nature of the %-sign -- an escape for URL characters versus a modulo operation in JS. Full tests still running on my box, hence no commit-queue "?" just yet. But please review. Thanks heaps. 468182 5 107570 abarth 2011-09-15 17:39:52 -0700 Comment on attachment 107570 Proposed patch plus new test case View in context: https://bugs.webkit.org/attachment.cgi?id=107570&action=review > Source/WebCore/html/parser/XSSAuditor.cpp:512 > - if ((position = snippet.find("=")) != notFound > - && (position = snippet.find(isNotHTMLSpace, position + 1)) != notFound > - && (position = snippet.find(isTerminatingCharacter, isHTMLQuote(snippet[position]) ? position + 1 : position)) != notFound) { > - snippet.truncate(position); > + if ((position = decodedSnippet.find("=")) != notFound > + && (position = decodedSnippet.find(isNotHTMLSpace, position + 1)) != notFound > + && (position = decodedSnippet.find(isTerminatingCharacter, isHTMLQuote(decodedSnippet[position]) ? position + 1 : position)) != notFound) { > + decodedSnippet.truncate(position); I'm slightly confused. Are URLs going through this path too? > Source/WebCore/html/parser/XSSAuditor.cpp:-516 > - ASSERT(!snippet.isEmpty()); Maybe we should assert the fullyDecoding the decodedSnippet doesn't change it? 468546 6 107570 tsepez 2011-09-16 09:40:47 -0700 Comment on attachment 107570 Proposed patch plus new test case View in context: https://bugs.webkit.org/attachment.cgi?id=107570&action=review >> Source/WebCore/html/parser/XSSAuditor.cpp:512 >> + decodedSnippet.truncate(position); > > I'm slightly confused. Are URLs going through this path too? URLs (as in the request paramaters and/post body) being matched against don't go through this path. They go through fullyDecodeString as part of xssauditor::init(). URLs (as in <object src="URL"> go through this path, but the check for == "javascript:" is made against the parsed form of the attribute, not the snippet. Snippet is just used to see if injected. >> Source/WebCore/html/parser/XSSAuditor.cpp:-516 > > Maybe we should assert the fullyDecoding the decodedSnippet doesn't change it? The refactoring first moved the responsibility for decoding to each of the three callers of isContainedInrequest(). They could each assert this. The refactoring then removed the responsibility from two of the three callers by putting it into the middle of (now renamed) decodedSnippetForAttribute. It could assert this, too. There isn't any decoding going on in this function any longer, the sole remaining check is isEmpty(), so all the decoding transformations take place outside this. 468547 7 tsepez 2011-09-16 09:41:24 -0700 Tests finished locally without any new noise. 468598 8 abarth 2011-09-16 10:43:05 -0700 Right, I'm saying that it could have: ASSERT(decodedSnippet == fullyDecodeString(decodedSnippet)); to make sure all the callers have already decoded the string. The reason I asked about whether URLs go through this path is whether we're going to get too many false positives from something like the following: <object data="http://example.com/foo/bar.swf"></object> which will generate the snippet: data="http:/ which doesn't seem specific enough to avoid false positives. We probably want this to be the snippet: data="http://example.com 468603 9 tsepez 2011-09-16 10:49:03 -0700 (In reply to comment #8) > Right, I'm saying that it could have: > > ASSERT(decodedSnippet == fullyDecodeString(decodedSnippet)); > > to make sure all the callers have already decoded the string. > Ah, gotcha. Seems reasonable. Will do. > The reason I asked about whether URLs go through this path is whether we're going to get too many false positives from something like the following: > > <object data="http://example.com/foo/bar.swf"></object> > > which will generate the snippet: > > data="http:/ > > which doesn't seem specific enough to avoid false positives. We probably want this to be the snippet: > > data="http://example.com think you're right. that would have broken on previous commit. Need to avoid the comment-truncating path on the non-dangerous attributes. Will fix. 468607 10 abarth 2011-09-16 10:53:16 -0700 Thanks Tom. 468608 11 tsepez 2011-09-16 10:54:18 -0700 (In reply to comment #9) > (In reply to comment #8) > > Right, I'm saying that it could have: > > > > ASSERT(decodedSnippet == fullyDecodeString(decodedSnippet)); > > > > to make sure all the callers have already decoded the string. > > > > Ah, gotcha. Seems reasonable. Will do. > Actually, don't think we can make this assertion. FullyDecoceString decodes in a loop then canonicalizes. So if your string was %[high char]23, FDS (despite the name) returns %23. No matter, what we want is %23 in this case because the intervening high char has meaning. Just not consistent meaning across charsets. 468621 12 107570 abarth 2011-09-16 11:04:01 -0700 Comment on attachment 107570 Proposed patch plus new test case You're totally right. We could grep for %, but that's probably not worth it. 468628 13 107686 tsepez 2011-09-16 11:12:10 -0700 Created attachment 107686 Patch, testcase, plus don't treat non-dangerous attributes as JS. 468662 14 107686 tsepez 2011-09-16 11:35:40 -0700 Comment on attachment 107686 Patch, testcase, plus don't treat non-dangerous attributes as JS. Please review revised. 468670 15 107686 abarth 2011-09-16 11:43:02 -0700 Comment on attachment 107686 Patch, testcase, plus don't treat non-dangerous attributes as JS. This looks great. I think this fixes another subtle bug when the characters we were looking to truncate at were URL-encoded. 469024 16 107686 webkit.review.bot 2011-09-16 22:15:13 -0700 Comment on attachment 107686 Patch, testcase, plus don't treat non-dangerous attributes as JS. Clearing flags on attachment: 107686 Committed r95366: <http://trac.webkit.org/changeset/95366> 469025 17 webkit.review.bot 2011-09-16 22:15:18 -0700 All reviewed patches have been landed. Closing bug. 107570 2011-09-15 17:33:20 -0700 2011-09-16 11:34:59 -0700 Proposed patch plus new test case patch_68092.txt text/plain 8735 tsepez SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDk1MjQ1KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjEgQEAKKzIwMTEtMDktMTUgIFRvbSBTZXBl eiAgPHRzZXBlekBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgTWFrZSBYU1NBdWRpdG9yIHRydW5j YXRlIGlubGluZSBzbmlwcGV0cyBhdCBhIHJlYXNvbmFibGUgbGVuZ3RoIGJlZm9yZSBjb21wYXJp c29uCisgICAgICAgIHJlc3BlY3RpbmcgYm91bmRhcmllcyBvZiBtdWx0aXBseSB1cmxlbmNvZGVk IHNlcXVlbmNlcy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTY4MDkyCisgICAgICAgIAorICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBUZXN0OiBodHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvcHJvcGVydHkt ZXNjYXBlLWxvbmcuaHRtbAorCisgICAgICAgICogaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHA6 CisgICAgICAgIChXZWJDb3JlOjpYU1NBdWRpdG9yOjpmaWx0ZXJUb2tlbkFmdGVyU2NyaXB0U3Rh cnRUYWcpOgorICAgICAgICAoV2ViQ29yZTo6WFNTQXVkaXRvcjo6ZXJhc2VEYW5nZXJvdXNBdHRy aWJ1dGVzSWZJbmplY3RlZCk6CisgICAgICAgIChXZWJDb3JlOjpYU1NBdWRpdG9yOjplcmFzZUF0 dHJpYnV0ZUlmSW5qZWN0ZWQpOgorICAgICAgICAoV2ViQ29yZTo6WFNTQXVkaXRvcjo6ZGVjb2Rl ZFNuaXBwZXRGb3JBdHRyaWJ1dGUpOgorICAgICAgICAoV2ViQ29yZTo6WFNTQXVkaXRvcjo6aXND b250YWluZWRJblJlcXVlc3QpOgorICAgICAgICAqIGh0bWwvcGFyc2VyL1hTU0F1ZGl0b3IuaDoK KwogMjAxMS0wOS0xNSAgU2ltb24gRnJhc2VyICA8c2ltb24uZnJhc2VyQGFwcGxlLmNvbT4KIAog ICAgICAgICBNYWtlIGN1c3RvbSBzY3JvbGxiYXIgdGhlbWUgZm9yIHVzZSBpbiBEUlQsIHRvIHJl ZHVjZSBwaXhlbCBkaWZmZXJlbmNlcyBiZXR3ZWVuIHBsYXRmb3JtcwpJbmRleDogU291cmNlL1dl YkNvcmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dl YkNvcmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHAJKHJldmlzaW9uIDk1MjM4KQorKysgU291 cmNlL1dlYkNvcmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHAJKHdvcmtpbmcgY29weSkKQEAg LTMwOSw3ICszMDksOCBAQCBib29sIFhTU0F1ZGl0b3I6OmZpbHRlclRva2VuQWZ0ZXJTY3JpcHRT CiAgICAgLy8gRklYTUU6IFdlIHByb2JhYmx5IHdhbnQgdG8gZ3JhYiBvbmx5IHRoZSBmaXJzdCBm ZXcgY2hhcmFjdGVycyBvZiB0aGUKICAgICAvLyAgICAgICAgY29udGVudHMgb2YgdGhlIHNjcmlw dCBlbGVtZW50LgogICAgIGludCBlbmQgPSB0b2tlbi5lbmRJbmRleCgpIC0gdG9rZW4uc3RhcnRJ bmRleCgpOwotICAgIGlmIChpc0NvbnRhaW5lZEluUmVxdWVzdChtX2NhY2hlZFNuaXBwZXQgKyBz bmlwcGV0Rm9yUmFuZ2UodG9rZW4sIHN0YXJ0LCBlbmQpKSkgeworICAgIFN0cmluZyBzbmlwcGV0 ID0gbV9jYWNoZWRTbmlwcGV0ICsgc25pcHBldEZvclJhbmdlKHRva2VuLCBzdGFydCwgZW5kKTsK KyAgICBpZiAoaXNDb250YWluZWRJblJlcXVlc3QoZnVsbHlEZWNvZGVTdHJpbmcoc25pcHBldCwg bV9wYXJzZXItPmRvY3VtZW50KCktPmRlY29kZXIoKSkpKSB7CiAgICAgICAgIHRva2VuLmVyYXNl Q2hhcmFjdGVycygpOwogICAgICAgICB0b2tlbi5hcHBlbmRUb0NoYXJhY3RlcignICcpOyAvLyBU ZWNobmljYWxseSwgY2hhcmFjdGVyIHRva2VucyBjYW4ndCBiZSBlbXB0eS4KICAgICAgICAgcmV0 dXJuIHRydWU7CkBAIC00NDAsNyArNDQxLDcgQEAgYm9vbCBYU1NBdWRpdG9yOjplcmFzZURhbmdl cm91c0F0dHJpYnV0ZQogICAgICAgICBib29sIHZhbHVlQ29udGFpbnNKYXZhU2NyaXB0VVJMID0g aXNJbmxpbmVFdmVudEhhbmRsZXIgPyBmYWxzZSA6IGNvbnRhaW5zSmF2YVNjcmlwdFVSTChhdHRy aWJ1dGUubV92YWx1ZSk7CiAgICAgICAgIGlmICghaXNJbmxpbmVFdmVudEhhbmRsZXIgJiYgIXZh bHVlQ29udGFpbnNKYXZhU2NyaXB0VVJMKQogICAgICAgICAgICAgY29udGludWU7Ci0gICAgICAg IGlmICghaXNDb250YWluZWRJblJlcXVlc3Qoc25pcHBldEZvckF0dHJpYnV0ZSh0b2tlbiwgYXR0 cmlidXRlKSkpCisgICAgICAgIGlmICghaXNDb250YWluZWRJblJlcXVlc3QoZGVjb2RlZFNuaXBw ZXRGb3JBdHRyaWJ1dGUodG9rZW4sIGF0dHJpYnV0ZSkpKQogICAgICAgICAgICAgY29udGludWU7 CiAgICAgICAgIHRva2VuLmVyYXNlVmFsdWVPZkF0dHJpYnV0ZShpKTsKICAgICAgICAgaWYgKHZh bHVlQ29udGFpbnNKYXZhU2NyaXB0VVJMKQpAQCAtNDU1LDcgKzQ1Niw3IEBAIGJvb2wgWFNTQXVk aXRvcjo6ZXJhc2VBdHRyaWJ1dGVJZkluamVjdGUKICAgICBzaXplX3QgaW5kZXhPZkF0dHJpYnV0 ZTsKICAgICBpZiAoZmluZEF0dHJpYnV0ZVdpdGhOYW1lKHRva2VuLCBhdHRyaWJ1dGVOYW1lLCBp bmRleE9mQXR0cmlidXRlKSkgewogICAgICAgICBjb25zdCBIVE1MVG9rZW46OkF0dHJpYnV0ZSYg YXR0cmlidXRlID0gdG9rZW4uYXR0cmlidXRlcygpLmF0KGluZGV4T2ZBdHRyaWJ1dGUpOwotICAg ICAgICBpZiAoaXNDb250YWluZWRJblJlcXVlc3Qoc25pcHBldEZvckF0dHJpYnV0ZSh0b2tlbiwg YXR0cmlidXRlKSkpIHsKKyAgICAgICAgaWYgKGlzQ29udGFpbmVkSW5SZXF1ZXN0KGRlY29kZWRT bmlwcGV0Rm9yQXR0cmlidXRlKHRva2VuLCBhdHRyaWJ1dGUpKSkgewogICAgICAgICAgICAgaWYg KGF0dHJpYnV0ZU5hbWUgPT0gc3JjQXR0ciAmJiBpc1NhbWVPcmlnaW5SZXNvdXJjZShTdHJpbmco YXR0cmlidXRlLm1fdmFsdWUuZGF0YSgpLCBhdHRyaWJ1dGUubV92YWx1ZS5zaXplKCkpKSkKICAg ICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgICBpZiAoYXR0cmlidXRlTmFt ZSA9PSBodHRwX2VxdWl2QXR0ciAmJiAhaXNEYW5nZXJvdXNIVFRQRXF1aXYoU3RyaW5nKGF0dHJp YnV0ZS5tX3ZhbHVlLmRhdGEoKSwgYXR0cmlidXRlLm1fdmFsdWUuc2l6ZSgpKSkpCkBAIC00NzYs MTUgKzQ3NywxOCBAQCBTdHJpbmcgWFNTQXVkaXRvcjo6c25pcHBldEZvclJhbmdlKGNvbnN0CiAg ICAgcmV0dXJuIG1fcGFyc2VyLT5zb3VyY2VGb3JUb2tlbih0b2tlbikuc3Vic3RyaW5nKHN0YXJ0 LCBlbmQgLSBzdGFydCk7CiB9CiAKLVN0cmluZyBYU1NBdWRpdG9yOjpzbmlwcGV0Rm9yQXR0cmli dXRlKGNvbnN0IEhUTUxUb2tlbiYgdG9rZW4sIGNvbnN0IEhUTUxUb2tlbjo6QXR0cmlidXRlJiBh dHRyaWJ1dGUpCitTdHJpbmcgWFNTQXVkaXRvcjo6ZGVjb2RlZFNuaXBwZXRGb3JBdHRyaWJ1dGUo Y29uc3QgSFRNTFRva2VuJiB0b2tlbiwgY29uc3QgSFRNTFRva2VuOjpBdHRyaWJ1dGUmIGF0dHJp YnV0ZSkKIHsKKyAgICBjb25zdCBzaXplX3Qga01heGltdW1TbmlwcGV0TGVuZ3RoID0gMTAwOwor CiAgICAgLy8gVGhlIHJhbmdlIGRvZXNuJ3QgaW5sY3VkZSB0aGUgY2hhcmFjdGVyIHdoaWNoIHRl cm1pbmF0ZXMgdGhlIHZhbHVlLiBTbywKICAgICAvLyBmb3IgYW4gaW5wdXQgb2YgfG5hbWU9InZh bHVlInwsIHRoZSBzbmlwcGV0IGlzIHxuYW1lPSJ2YWx1ZXwuIEZvciBhbgogICAgIC8vIHVucXVv dGVkIGlucHV0IG9mIHxuYW1lPXZhbHVlIHwsIHRoZSBzbmlwcGV0IGlzIHxuYW1lPXZhbHVlfC4K ICAgICAvLyBGSVhNRTogV2Ugc2hvdWxkIGdyYWIgb25lIGNoYXJhY3RlciBiZWZvcmUgdGhlIG5h bWUgYWxzby4KICAgICBpbnQgc3RhcnQgPSBhdHRyaWJ1dGUubV9uYW1lUmFuZ2UubV9zdGFydCAt IHRva2VuLnN0YXJ0SW5kZXgoKTsKICAgICBpbnQgZW5kID0gYXR0cmlidXRlLm1fdmFsdWVSYW5n ZS5tX2VuZCAtIHRva2VuLnN0YXJ0SW5kZXgoKTsKLSAgICBTdHJpbmcgc25pcHBldCA9IHNuaXBw ZXRGb3JSYW5nZSh0b2tlbiwgc3RhcnQsIGVuZCk7CisgICAgU3RyaW5nIGRlY29kZWRTbmlwcGV0 ID0gZnVsbHlEZWNvZGVTdHJpbmcoc25pcHBldEZvclJhbmdlKHRva2VuLCBzdGFydCwgZW5kKSwg bV9wYXJzZXItPmRvY3VtZW50KCktPmRlY29kZXIoKSk7CisgICAgZGVjb2RlZFNuaXBwZXQudHJ1 bmNhdGUoa01heGltdW1TbmlwcGV0TGVuZ3RoKTsKIAogICAgIC8vIEJld2FyZSBvZiB0cmFpbGlu ZyBjaGFyYWN0ZXJzIHdoaWNoIGNhbWUgZnJvbSB0aGUgcGFnZSBpdHNlbGYsIG5vdCB0aGUgCiAg ICAgLy8gaW5qZWN0ZWQgdmVjdG9yLiBFeGNsdWRpbmcgdGhlIHRlcm1pbmF0aW5nIGNoYXJhY3Rl ciBjb3ZlcnMgY29tbW9uIGNhc2VzCkBAIC01MDIsMjAgKzUwNiwxNyBAQCBTdHJpbmcgWFNTQXVk aXRvcjo6c25pcHBldEZvckF0dHJpYnV0ZShjCiAgICAgLy8gY2hlY2sgZm9yIGEgc2Vjb25kIHNs YXNoIGZvciBhIGNvbW1lbnQsIHN0b3BpbmcgaW5zdGVhZCBvbiBhbnkgYW1wZXJzYW5kCiAgICAg Ly8gb3Igc2xhc2guCiAgICAgc2l6ZV90IHBvc2l0aW9uOwotICAgIGlmICgocG9zaXRpb24gPSBz bmlwcGV0LmZpbmQoIj0iKSkgIT0gbm90Rm91bmQKLSAgICAgICAgJiYgKHBvc2l0aW9uID0gc25p cHBldC5maW5kKGlzTm90SFRNTFNwYWNlLCBwb3NpdGlvbiArIDEpKSAhPSBub3RGb3VuZAotICAg ICAgICAmJiAocG9zaXRpb24gPSBzbmlwcGV0LmZpbmQoaXNUZXJtaW5hdGluZ0NoYXJhY3Rlciwg aXNIVE1MUXVvdGUoc25pcHBldFtwb3NpdGlvbl0pID8gcG9zaXRpb24gKyAxIDogcG9zaXRpb24p KSAhPSBub3RGb3VuZCkgewotICAgICAgICBzbmlwcGV0LnRydW5jYXRlKHBvc2l0aW9uKTsKKyAg ICBpZiAoKHBvc2l0aW9uID0gZGVjb2RlZFNuaXBwZXQuZmluZCgiPSIpKSAhPSBub3RGb3VuZAor ICAgICAgICAmJiAocG9zaXRpb24gPSBkZWNvZGVkU25pcHBldC5maW5kKGlzTm90SFRNTFNwYWNl LCBwb3NpdGlvbiArIDEpKSAhPSBub3RGb3VuZAorICAgICAgICAmJiAocG9zaXRpb24gPSBkZWNv ZGVkU25pcHBldC5maW5kKGlzVGVybWluYXRpbmdDaGFyYWN0ZXIsIGlzSFRNTFF1b3RlKGRlY29k ZWRTbmlwcGV0W3Bvc2l0aW9uXSkgPyBwb3NpdGlvbiArIDEgOiBwb3NpdGlvbikpICE9IG5vdEZv dW5kKSB7CisgICAgICAgIGRlY29kZWRTbmlwcGV0LnRydW5jYXRlKHBvc2l0aW9uKTsKICAgICB9 CiAKLSAgICByZXR1cm4gc25pcHBldDsKKyAgICByZXR1cm4gZGVjb2RlZFNuaXBwZXQ7CiB9CiAK LWJvb2wgWFNTQXVkaXRvcjo6aXNDb250YWluZWRJblJlcXVlc3QoY29uc3QgU3RyaW5nJiBzbmlw cGV0KQorYm9vbCBYU1NBdWRpdG9yOjppc0NvbnRhaW5lZEluUmVxdWVzdChjb25zdCBTdHJpbmcm IGRlY29kZWRTbmlwcGV0KQogewotICAgIEFTU0VSVCghc25pcHBldC5pc0VtcHR5KCkpOwotICAg IFRleHRSZXNvdXJjZURlY29kZXIqIGRlY29kZXIgPSBtX3BhcnNlci0+ZG9jdW1lbnQoKS0+ZGVj b2RlcigpOwotICAgIFN0cmluZyBkZWNvZGVkU25pcHBldCA9IGZ1bGx5RGVjb2RlU3RyaW5nKHNu aXBwZXQsIGRlY29kZXIpOwogICAgIGlmIChkZWNvZGVkU25pcHBldC5pc0VtcHR5KCkpCiAgICAg ICAgIHJldHVybiBmYWxzZTsKICAgICBpZiAobV9kZWNvZGVkVVJMLmZpbmQoZGVjb2RlZFNuaXBw ZXQsIDAsIGZhbHNlKSAhPSBub3RGb3VuZCkKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2h0bWwvcGFy c2VyL1hTU0F1ZGl0b3IuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9odG1sL3BhcnNl ci9YU1NBdWRpdG9yLmgJKHJldmlzaW9uIDk1MjM4KQorKysgU291cmNlL1dlYkNvcmUvaHRtbC9w YXJzZXIvWFNTQXVkaXRvci5oCSh3b3JraW5nIGNvcHkpCkBAIC02Nyw3ICs2Nyw3IEBAIHByaXZh dGU6CiAgICAgYm9vbCBlcmFzZUF0dHJpYnV0ZUlmSW5qZWN0ZWQoSFRNTFRva2VuJiwgY29uc3Qg UXVhbGlmaWVkTmFtZSYsIGNvbnN0IFN0cmluZyYgcmVwbGFjZW1lbnRWYWx1ZSA9IFN0cmluZygp KTsKIAogICAgIFN0cmluZyBzbmlwcGV0Rm9yUmFuZ2UoY29uc3QgSFRNTFRva2VuJiwgaW50IHN0 YXJ0LCBpbnQgZW5kKTsKLSAgICBTdHJpbmcgc25pcHBldEZvckF0dHJpYnV0ZShjb25zdCBIVE1M VG9rZW4mLCBjb25zdCBIVE1MVG9rZW46OkF0dHJpYnV0ZSYpOworICAgIFN0cmluZyBkZWNvZGVk U25pcHBldEZvckF0dHJpYnV0ZShjb25zdCBIVE1MVG9rZW4mLCBjb25zdCBIVE1MVG9rZW46OkF0 dHJpYnV0ZSYpOwogCiAgICAgYm9vbCBpc0NvbnRhaW5lZEluUmVxdWVzdChjb25zdCBTdHJpbmcm KTsKICAgICBib29sIGlzU2FtZU9yaWdpblJlc291cmNlKGNvbnN0IFN0cmluZyYgdXJsKTsKSW5k ZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFu Z2VMb2cJKHJldmlzaW9uIDk1MjQ1KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3JraW5n IGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAKKzIwMTEtMDktMTUgIFRvbSBTZXBleiAgPHRzZXBlekBj aHJvbWl1bS5vcmc+CisKKyAgICAgICAgTWFrZSBYU1NBdWRpdG9yIHRydW5jYXRlIGlubGluZSBz bmlwcGV0cyBhdCBhIHJlYXNvbmFibGUgbGVuZ3RoIGJlZm9yZSBjb21wYXJpc29uCisgICAgICAg IHJlc3BlY3RpbmcgYm91bmRhcmllcyBvZiBtdWx0aXBseSB1cmxlbmNvZGVkIHNlcXVlbmNlcy4K KyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTY4MDkyCisg ICAgICAgIAorICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAq IGh0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9wcm9wZXJ0eS1lc2NhcGUtbG9uZy1leHBl Y3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGh0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRv ci9wcm9wZXJ0eS1lc2NhcGUtbG9uZy5odG1sOiBBZGRlZC4KKwogMjAxMS0wOS0xNSAgRGF2aWQg SHlhdHQgIDxoeWF0dEBhcHBsZS5jb20+CiAKICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTI3NTc5CkluZGV4OiBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3Nl Y3VyaXR5L3hzc0F1ZGl0b3IvcHJvcGVydHktZXNjYXBlLWxvbmctZXhwZWN0ZWQudHh0Cj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9wcm9w ZXJ0eS1lc2NhcGUtbG9uZy1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0 cy9odHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvcHJvcGVydHktZXNjYXBlLWxvbmctZXhw ZWN0ZWQudHh0CShyZXZpc2lvbiAwKQpAQCAtMCwwICsxLDMgQEAKK0NPTlNPTEUgTUVTU0FHRTog bGluZSAxOiBSZWZ1c2VkIHRvIGV4ZWN1dGUgYSBKYXZhU2NyaXB0IHNjcmlwdC4gU291cmNlIGNv ZGUgb2Ygc2NyaXB0IGZvdW5kIHdpdGhpbiByZXF1ZXN0LgorCisKSW5kZXg6IExheW91dFRlc3Rz L2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9wcm9wZXJ0eS1lc2NhcGUtbG9uZy5odG1s Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRv ci9wcm9wZXJ0eS1lc2NhcGUtbG9uZy5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMv aHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL3Byb3BlcnR5LWVzY2FwZS1sb25nLmh0bWwJ KHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTUgQEAKKzwhRE9DVFlQRSBodG1sPgorPGh0bWw+Cis8 aGVhZD4KKzxzY3JpcHQ+CitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7CisgIGxh eW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQoKTsKKyAgbGF5b3V0VGVzdENvbnRyb2xsZXIu c2V0WFNTQXVkaXRvckVuYWJsZWQodHJ1ZSk7Cit9Cis8L3NjcmlwdD4KKzwvaGVhZD4KKzxib2R5 PgorPGlmcmFtZSBzcmM9Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMC9zZWN1cml0eS94c3NBdWRpdG9y L3Jlc291cmNlcy9lY2hvLXByb3BlcnR5LnBsP3E9JTIyJTIwb25sb2FkPSUyMmFsZXJ0KDExMSUy NTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUz MiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIl MjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1 MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMy JTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUy NTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIpIj4KKzwvaWZyYW1lPgorPC9i b2R5PgorPC9odG1sPgo= 107686 2011-09-16 11:12:10 -0700 2011-09-16 22:15:13 -0700 Patch, testcase, plus don't treat non-dangerous attributes as JS. patch_68092.txt text/plain 10819 tsepez SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDk1MjQ1KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjEgQEAKKzIwMTEtMDktMTUgIFRvbSBTZXBl eiAgPHRzZXBlekBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgTWFrZSBYU1NBdWRpdG9yIHRydW5j YXRlIGlubGluZSBzbmlwcGV0cyBhdCBhIHJlYXNvbmFibGUgbGVuZ3RoIGJlZm9yZSBjb21wYXJp c29uCisgICAgICAgIHJlc3BlY3RpbmcgYm91bmRhcmllcyBvZiBtdWx0aXBseSB1cmxlbmNvZGVk IHNlcXVlbmNlcy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTY4MDkyCisgICAgICAgIAorICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBUZXN0OiBodHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvcHJvcGVydHkt ZXNjYXBlLWxvbmcuaHRtbAorCisgICAgICAgICogaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHA6 CisgICAgICAgIChXZWJDb3JlOjpYU1NBdWRpdG9yOjpmaWx0ZXJUb2tlbkFmdGVyU2NyaXB0U3Rh cnRUYWcpOgorICAgICAgICAoV2ViQ29yZTo6WFNTQXVkaXRvcjo6ZXJhc2VEYW5nZXJvdXNBdHRy aWJ1dGVzSWZJbmplY3RlZCk6CisgICAgICAgIChXZWJDb3JlOjpYU1NBdWRpdG9yOjplcmFzZUF0 dHJpYnV0ZUlmSW5qZWN0ZWQpOgorICAgICAgICAoV2ViQ29yZTo6WFNTQXVkaXRvcjo6ZGVjb2Rl ZFNuaXBwZXRGb3JBdHRyaWJ1dGUpOgorICAgICAgICAoV2ViQ29yZTo6WFNTQXVkaXRvcjo6aXND b250YWluZWRJblJlcXVlc3QpOgorICAgICAgICAqIGh0bWwvcGFyc2VyL1hTU0F1ZGl0b3IuaDoK KwogMjAxMS0wOS0xNSAgU2ltb24gRnJhc2VyICA8c2ltb24uZnJhc2VyQGFwcGxlLmNvbT4KIAog ICAgICAgICBNYWtlIGN1c3RvbSBzY3JvbGxiYXIgdGhlbWUgZm9yIHVzZSBpbiBEUlQsIHRvIHJl ZHVjZSBwaXhlbCBkaWZmZXJlbmNlcyBiZXR3ZWVuIHBsYXRmb3JtcwpJbmRleDogU291cmNlL1dl YkNvcmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dl YkNvcmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHAJKHJldmlzaW9uIDk1MjM4KQorKysgU291 cmNlL1dlYkNvcmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHAJKHdvcmtpbmcgY29weSkKQEAg LTMwOSw3ICszMDksOCBAQCBib29sIFhTU0F1ZGl0b3I6OmZpbHRlclRva2VuQWZ0ZXJTY3JpcHRT CiAgICAgLy8gRklYTUU6IFdlIHByb2JhYmx5IHdhbnQgdG8gZ3JhYiBvbmx5IHRoZSBmaXJzdCBm ZXcgY2hhcmFjdGVycyBvZiB0aGUKICAgICAvLyAgICAgICAgY29udGVudHMgb2YgdGhlIHNjcmlw dCBlbGVtZW50LgogICAgIGludCBlbmQgPSB0b2tlbi5lbmRJbmRleCgpIC0gdG9rZW4uc3RhcnRJ bmRleCgpOwotICAgIGlmIChpc0NvbnRhaW5lZEluUmVxdWVzdChtX2NhY2hlZFNuaXBwZXQgKyBz bmlwcGV0Rm9yUmFuZ2UodG9rZW4sIHN0YXJ0LCBlbmQpKSkgeworICAgIFN0cmluZyBzbmlwcGV0 ID0gbV9jYWNoZWRTbmlwcGV0ICsgc25pcHBldEZvclJhbmdlKHRva2VuLCBzdGFydCwgZW5kKTsK KyAgICBpZiAoaXNDb250YWluZWRJblJlcXVlc3QoZnVsbHlEZWNvZGVTdHJpbmcoc25pcHBldCwg bV9wYXJzZXItPmRvY3VtZW50KCktPmRlY29kZXIoKSkpKSB7CiAgICAgICAgIHRva2VuLmVyYXNl Q2hhcmFjdGVycygpOwogICAgICAgICB0b2tlbi5hcHBlbmRUb0NoYXJhY3RlcignICcpOyAvLyBU ZWNobmljYWxseSwgY2hhcmFjdGVyIHRva2VucyBjYW4ndCBiZSBlbXB0eS4KICAgICAgICAgcmV0 dXJuIHRydWU7CkBAIC00NDAsNyArNDQxLDI5IEBAIGJvb2wgWFNTQXVkaXRvcjo6ZXJhc2VEYW5n ZXJvdXNBdHRyaWJ1dGUKICAgICAgICAgYm9vbCB2YWx1ZUNvbnRhaW5zSmF2YVNjcmlwdFVSTCA9 IGlzSW5saW5lRXZlbnRIYW5kbGVyID8gZmFsc2UgOiBjb250YWluc0phdmFTY3JpcHRVUkwoYXR0 cmlidXRlLm1fdmFsdWUpOwogICAgICAgICBpZiAoIWlzSW5saW5lRXZlbnRIYW5kbGVyICYmICF2 YWx1ZUNvbnRhaW5zSmF2YVNjcmlwdFVSTCkKICAgICAgICAgICAgIGNvbnRpbnVlOwotICAgICAg ICBpZiAoIWlzQ29udGFpbmVkSW5SZXF1ZXN0KHNuaXBwZXRGb3JBdHRyaWJ1dGUodG9rZW4sIGF0 dHJpYnV0ZSkpKQorICAgICAgICAvLyBCZXdhcmUgb2YgdHJhaWxpbmcgY2hhcmFjdGVycyB3aGlj aCBjYW1lIGZyb20gdGhlIHBhZ2UgaXRzZWxmLCBub3QgdGhlIAorICAgICAgICAvLyBpbmplY3Rl ZCB2ZWN0b3IuIEV4Y2x1ZGluZyB0aGUgdGVybWluYXRpbmcgY2hhcmFjdGVyIGNvdmVycyBjb21t b24gY2FzZXMKKyAgICAgICAgLy8gd2hlcmUgdGhlIHBhZ2UgaW1tZWRpYXRlbHkgZW5kcyB0aGUg YXR0cmlidXRlLCBidXQgZG9lc24ndCBjb3ZlciBtb3JlCisgICAgICAgIC8vIGNvbXBsZXggY2Fz ZXMgd2hlcmUgdGhlcmUgaXMgb3RoZXIgcGFnZSBkYXRhIGZvbGxvd2luZyB0aGUgaW5qZWN0aW9u LiAKKyAgICAgICAgLy8gR2VuZXJhbGx5LCB0aGVzZSB3b24ndCBwYXJzZSBhcyBqYXZhc2NyaXB0 LCBzbyB0aGUgaW5qZWN0ZWQgdmVjdG9yCisgICAgICAgIC8vIHR5cGljYWxseSBleGNsdWRlcyB0 aGVtIGZyb20gY29uc2lkZXJhdGlvbiB2aWEgYSBzaW5nbGUtbGluZSBjb21tZW50IG9yCisgICAg ICAgIC8vIGJ5IGVuY2xvc2luZyB0aGVtIGluIGEgc3RyaW5nIGxpdGVyYWwgdGVybWluYXRlZCBs YXRlciBieSB0aGUgcGFnZSdzIG93bgorICAgICAgICAvLyBjbG9zaW5nIHB1bmN0dWF0aW9uLiBT aW5jZSB0aGUgc25pcHBldCBoYXMgbm90IGJlZW4gcGFyc2VkLCB0aGUgdmVjdG9yCisgICAgICAg IC8vIG1heSBhbHNvIHRyeSB0byBpbnRyb2R1Y2UgdGhlc2UgdmlhIGVudGl0aWVzLiBBcyBhIHJl c3VsdCwgd2UnZCBsaWtlIHRvCisgICAgICAgIC8vIHN0b3AgYmVmb3JlIHRoZSBmaXJzdCAiLy8i LCB0aGUgZmlyc3QgZW50aXR5LCBvciB0aGUgZmlyc3QgcXVvdGUgbm90CisgICAgICAgIC8vIGlt bWVkaWF0ZWx5IGZvbGxvd2luZyB0aGUgZmlyc3QgZXF1YWxzIHNpZ24gKHRha2luZyB3aGl0ZXNw YWNlIGludG8KKyAgICAgICAgLy8gY29uc2lkZXJhdGlvbikuIFRvIGtlZXAgdGhpbmdzIHNpbXBs ZXIsIHdlIGRvbid0IHRyeSB0byBkaXN0aW5ndWlzaAorICAgICAgICAvLyBiZXR3ZWVuIGVudGl0 eS1pbnRyb2R1Y2luZyBhbXBlcmFuZHMgdnMuIG90aGVyIHVzZXMsIG5vciBkbyB3ZSBib3RoZXIg dG8KKyAgICAgICAgLy8gY2hlY2sgZm9yIGEgc2Vjb25kIHNsYXNoIGZvciBhIGNvbW1lbnQsIHN0 b3BpbmcgaW5zdGVhZCBvbiBhbnkgYW1wZXJzYW5kCisgICAgICAgIC8vIG9yIHNsYXNoLgorICAg ICAgICBTdHJpbmcgZGVjb2RlZFNuaXBwZXQgPSBkZWNvZGVkU25pcHBldEZvckF0dHJpYnV0ZSh0 b2tlbiwgYXR0cmlidXRlKTsKKyAgICAgICAgc2l6ZV90IHBvc2l0aW9uOworICAgICAgICBpZiAo KHBvc2l0aW9uID0gZGVjb2RlZFNuaXBwZXQuZmluZCgiPSIpKSAhPSBub3RGb3VuZAorICAgICAg ICAgICAgJiYgKHBvc2l0aW9uID0gZGVjb2RlZFNuaXBwZXQuZmluZChpc05vdEhUTUxTcGFjZSwg cG9zaXRpb24gKyAxKSkgIT0gbm90Rm91bmQKKyAgICAgICAgICAgICYmIChwb3NpdGlvbiA9IGRl Y29kZWRTbmlwcGV0LmZpbmQoaXNUZXJtaW5hdGluZ0NoYXJhY3RlciwgaXNIVE1MUXVvdGUoZGVj b2RlZFNuaXBwZXRbcG9zaXRpb25dKSA/IHBvc2l0aW9uICsgMSA6IHBvc2l0aW9uKSkgIT0gbm90 Rm91bmQpIHsKKyAgICAgICAgICAgIGRlY29kZWRTbmlwcGV0LnRydW5jYXRlKHBvc2l0aW9uKTsK KyAgICAgICAgfQorICAgICAgICBpZiAoIWlzQ29udGFpbmVkSW5SZXF1ZXN0KGRlY29kZWRTbmlw cGV0KSkKICAgICAgICAgICAgIGNvbnRpbnVlOwogICAgICAgICB0b2tlbi5lcmFzZVZhbHVlT2ZB dHRyaWJ1dGUoaSk7CiAgICAgICAgIGlmICh2YWx1ZUNvbnRhaW5zSmF2YVNjcmlwdFVSTCkKQEAg LTQ1NSw3ICs0NzgsNyBAQCBib29sIFhTU0F1ZGl0b3I6OmVyYXNlQXR0cmlidXRlSWZJbmplY3Rl CiAgICAgc2l6ZV90IGluZGV4T2ZBdHRyaWJ1dGU7CiAgICAgaWYgKGZpbmRBdHRyaWJ1dGVXaXRo TmFtZSh0b2tlbiwgYXR0cmlidXRlTmFtZSwgaW5kZXhPZkF0dHJpYnV0ZSkpIHsKICAgICAgICAg Y29uc3QgSFRNTFRva2VuOjpBdHRyaWJ1dGUmIGF0dHJpYnV0ZSA9IHRva2VuLmF0dHJpYnV0ZXMo KS5hdChpbmRleE9mQXR0cmlidXRlKTsKLSAgICAgICAgaWYgKGlzQ29udGFpbmVkSW5SZXF1ZXN0 KHNuaXBwZXRGb3JBdHRyaWJ1dGUodG9rZW4sIGF0dHJpYnV0ZSkpKSB7CisgICAgICAgIGlmIChp c0NvbnRhaW5lZEluUmVxdWVzdChkZWNvZGVkU25pcHBldEZvckF0dHJpYnV0ZSh0b2tlbiwgYXR0 cmlidXRlKSkpIHsKICAgICAgICAgICAgIGlmIChhdHRyaWJ1dGVOYW1lID09IHNyY0F0dHIgJiYg aXNTYW1lT3JpZ2luUmVzb3VyY2UoU3RyaW5nKGF0dHJpYnV0ZS5tX3ZhbHVlLmRhdGEoKSwgYXR0 cmlidXRlLm1fdmFsdWUuc2l6ZSgpKSkpCiAgICAgICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwog ICAgICAgICAgICAgaWYgKGF0dHJpYnV0ZU5hbWUgPT0gaHR0cF9lcXVpdkF0dHIgJiYgIWlzRGFu Z2Vyb3VzSFRUUEVxdWl2KFN0cmluZyhhdHRyaWJ1dGUubV92YWx1ZS5kYXRhKCksIGF0dHJpYnV0 ZS5tX3ZhbHVlLnNpemUoKSkpKQpAQCAtNDc2LDQ2ICs0OTksMjMgQEAgU3RyaW5nIFhTU0F1ZGl0 b3I6OnNuaXBwZXRGb3JSYW5nZShjb25zdAogICAgIHJldHVybiBtX3BhcnNlci0+c291cmNlRm9y VG9rZW4odG9rZW4pLnN1YnN0cmluZyhzdGFydCwgZW5kIC0gc3RhcnQpOwogfQogCi1TdHJpbmcg WFNTQXVkaXRvcjo6c25pcHBldEZvckF0dHJpYnV0ZShjb25zdCBIVE1MVG9rZW4mIHRva2VuLCBj b25zdCBIVE1MVG9rZW46OkF0dHJpYnV0ZSYgYXR0cmlidXRlKQorU3RyaW5nIFhTU0F1ZGl0b3I6 OmRlY29kZWRTbmlwcGV0Rm9yQXR0cmlidXRlKGNvbnN0IEhUTUxUb2tlbiYgdG9rZW4sIGNvbnN0 IEhUTUxUb2tlbjo6QXR0cmlidXRlJiBhdHRyaWJ1dGUpCiB7CisgICAgY29uc3Qgc2l6ZV90IGtN YXhpbXVtU25pcHBldExlbmd0aCA9IDEwMDsKKwogICAgIC8vIFRoZSByYW5nZSBkb2Vzbid0IGlu bGN1ZGUgdGhlIGNoYXJhY3RlciB3aGljaCB0ZXJtaW5hdGVzIHRoZSB2YWx1ZS4gU28sCiAgICAg Ly8gZm9yIGFuIGlucHV0IG9mIHxuYW1lPSJ2YWx1ZSJ8LCB0aGUgc25pcHBldCBpcyB8bmFtZT0i dmFsdWV8LiBGb3IgYW4KICAgICAvLyB1bnF1b3RlZCBpbnB1dCBvZiB8bmFtZT12YWx1ZSB8LCB0 aGUgc25pcHBldCBpcyB8bmFtZT12YWx1ZXwuCiAgICAgLy8gRklYTUU6IFdlIHNob3VsZCBncmFi IG9uZSBjaGFyYWN0ZXIgYmVmb3JlIHRoZSBuYW1lIGFsc28uCiAgICAgaW50IHN0YXJ0ID0gYXR0 cmlidXRlLm1fbmFtZVJhbmdlLm1fc3RhcnQgLSB0b2tlbi5zdGFydEluZGV4KCk7CiAgICAgaW50 IGVuZCA9IGF0dHJpYnV0ZS5tX3ZhbHVlUmFuZ2UubV9lbmQgLSB0b2tlbi5zdGFydEluZGV4KCk7 Ci0gICAgU3RyaW5nIHNuaXBwZXQgPSBzbmlwcGV0Rm9yUmFuZ2UodG9rZW4sIHN0YXJ0LCBlbmQp OwotCi0gICAgLy8gQmV3YXJlIG9mIHRyYWlsaW5nIGNoYXJhY3RlcnMgd2hpY2ggY2FtZSBmcm9t IHRoZSBwYWdlIGl0c2VsZiwgbm90IHRoZSAKLSAgICAvLyBpbmplY3RlZCB2ZWN0b3IuIEV4Y2x1 ZGluZyB0aGUgdGVybWluYXRpbmcgY2hhcmFjdGVyIGNvdmVycyBjb21tb24gY2FzZXMKLSAgICAv LyB3aGVyZSB0aGUgcGFnZSBpbW1lZGlhdGVseSBlbmRzIHRoZSBhdHRyaWJ1dGUsIGJ1dCBkb2Vz bid0IGNvdmVyIG1vcmUKLSAgICAvLyBjb21wbGV4IGNhc2VzIHdoZXJlIHRoZXJlIGlzIG90aGVy IHBhZ2UgZGF0YSBmb2xsb3dpbmcgdGhlIGluamVjdGlvbi4gCi0gICAgLy8gR2VuZXJhbGx5LCB0 aGVzZSB3b24ndCBwYXJzZSBhcyBqYXZhc2NyaXB0LCBzbyB0aGUgaW5qZWN0ZWQgdmVjdG9yCi0g ICAgLy8gdHlwaWNhbGx5IGV4Y2x1ZGVzIHRoZW0gZnJvbSBjb25zaWRlcmF0aW9uIHZpYSBhIHNp bmdsZS1saW5lIGNvbW1lbnQgb3IKLSAgICAvLyBieSBlbmNsb3NpbmcgdGhlbSBpbiBhIHN0cmlu ZyBsaXRlcmFsIHRlcm1pbmF0ZWQgbGF0ZXIgYnkgdGhlIHBhZ2UncyBvd24KLSAgICAvLyBjbG9z aW5nIHB1bmN0dWF0aW9uLiBTaW5jZSB0aGUgc25pcHBldCBoYXMgbm90IGJlZW4gcGFyc2VkLCB0 aGUgdmVjdG9yCi0gICAgLy8gbWF5IGFsc28gdHJ5IHRvIGludHJvZHVjZSB0aGVzZSB2aWEgZW50 aXRpZXMuIEFzIGEgcmVzdWx0LCB3ZSdkIGxpa2UgdG8KLSAgICAvLyBzdG9wIGJlZm9yZSB0aGUg Zmlyc3QgIi8vIiwgdGhlIGZpcnN0IGVudGl0eSwgb3IgdGhlIGZpcnN0IHF1b3RlIG5vdAotICAg IC8vIGltbWVkaWF0ZWx5IGZvbGxvd2luZyB0aGUgZmlyc3QgZXF1YWxzIHNpZ24gKHRha2luZyB3 aGl0ZXNwYWNlIGludG8KLSAgICAvLyBjb25zaWRlcmF0aW9uKS4gVG8ga2VlcCB0aGluZ3Mgc2lt cGxlciwgd2UgZG9uJ3QgdHJ5IHRvIGRpc3Rpbmd1aXNoCi0gICAgLy8gYmV0d2VlbiBlbnRpdHkt aW50cm9kdWNpbmcgYW1wZXJhbmRzIHZzLiBvdGhlciB1c2VzLCBub3IgZG8gd2UgYm90aGVyIHRv Ci0gICAgLy8gY2hlY2sgZm9yIGEgc2Vjb25kIHNsYXNoIGZvciBhIGNvbW1lbnQsIHN0b3Bpbmcg aW5zdGVhZCBvbiBhbnkgYW1wZXJzYW5kCi0gICAgLy8gb3Igc2xhc2guCi0gICAgc2l6ZV90IHBv c2l0aW9uOwotICAgIGlmICgocG9zaXRpb24gPSBzbmlwcGV0LmZpbmQoIj0iKSkgIT0gbm90Rm91 bmQKLSAgICAgICAgJiYgKHBvc2l0aW9uID0gc25pcHBldC5maW5kKGlzTm90SFRNTFNwYWNlLCBw b3NpdGlvbiArIDEpKSAhPSBub3RGb3VuZAotICAgICAgICAmJiAocG9zaXRpb24gPSBzbmlwcGV0 LmZpbmQoaXNUZXJtaW5hdGluZ0NoYXJhY3RlciwgaXNIVE1MUXVvdGUoc25pcHBldFtwb3NpdGlv bl0pID8gcG9zaXRpb24gKyAxIDogcG9zaXRpb24pKSAhPSBub3RGb3VuZCkgewotICAgICAgICBz bmlwcGV0LnRydW5jYXRlKHBvc2l0aW9uKTsKLSAgICB9Ci0KLSAgICByZXR1cm4gc25pcHBldDsK KyAgICBTdHJpbmcgZGVjb2RlZFNuaXBwZXQgPSBmdWxseURlY29kZVN0cmluZyhzbmlwcGV0Rm9y UmFuZ2UodG9rZW4sIHN0YXJ0LCBlbmQpLCBtX3BhcnNlci0+ZG9jdW1lbnQoKS0+ZGVjb2Rlcigp KTsKKyAgICBkZWNvZGVkU25pcHBldC50cnVuY2F0ZShrTWF4aW11bVNuaXBwZXRMZW5ndGgpOwor ICAgIHJldHVybiBkZWNvZGVkU25pcHBldDsKIH0KIAotYm9vbCBYU1NBdWRpdG9yOjppc0NvbnRh aW5lZEluUmVxdWVzdChjb25zdCBTdHJpbmcmIHNuaXBwZXQpCitib29sIFhTU0F1ZGl0b3I6Omlz Q29udGFpbmVkSW5SZXF1ZXN0KGNvbnN0IFN0cmluZyYgZGVjb2RlZFNuaXBwZXQpCiB7Ci0gICAg QVNTRVJUKCFzbmlwcGV0LmlzRW1wdHkoKSk7Ci0gICAgVGV4dFJlc291cmNlRGVjb2RlciogZGVj b2RlciA9IG1fcGFyc2VyLT5kb2N1bWVudCgpLT5kZWNvZGVyKCk7Ci0gICAgU3RyaW5nIGRlY29k ZWRTbmlwcGV0ID0gZnVsbHlEZWNvZGVTdHJpbmcoc25pcHBldCwgZGVjb2Rlcik7CiAgICAgaWYg KGRlY29kZWRTbmlwcGV0LmlzRW1wdHkoKSkKICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgIGlm IChtX2RlY29kZWRVUkwuZmluZChkZWNvZGVkU25pcHBldCwgMCwgZmFsc2UpICE9IG5vdEZvdW5k KQpJbmRleDogU291cmNlL1dlYkNvcmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5oCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2h0bWwvcGFyc2VyL1hTU0F1ZGl0b3IuaAkocmV2aXNpb24g OTUyMzgpCisrKyBTb3VyY2UvV2ViQ29yZS9odG1sL3BhcnNlci9YU1NBdWRpdG9yLmgJKHdvcmtp bmcgY29weSkKQEAgLTY3LDcgKzY3LDcgQEAgcHJpdmF0ZToKICAgICBib29sIGVyYXNlQXR0cmli dXRlSWZJbmplY3RlZChIVE1MVG9rZW4mLCBjb25zdCBRdWFsaWZpZWROYW1lJiwgY29uc3QgU3Ry aW5nJiByZXBsYWNlbWVudFZhbHVlID0gU3RyaW5nKCkpOwogCiAgICAgU3RyaW5nIHNuaXBwZXRG b3JSYW5nZShjb25zdCBIVE1MVG9rZW4mLCBpbnQgc3RhcnQsIGludCBlbmQpOwotICAgIFN0cmlu ZyBzbmlwcGV0Rm9yQXR0cmlidXRlKGNvbnN0IEhUTUxUb2tlbiYsIGNvbnN0IEhUTUxUb2tlbjo6 QXR0cmlidXRlJik7CisgICAgU3RyaW5nIGRlY29kZWRTbmlwcGV0Rm9yQXR0cmlidXRlKGNvbnN0 IEhUTUxUb2tlbiYsIGNvbnN0IEhUTUxUb2tlbjo6QXR0cmlidXRlJik7CiAKICAgICBib29sIGlz Q29udGFpbmVkSW5SZXF1ZXN0KGNvbnN0IFN0cmluZyYpOwogICAgIGJvb2wgaXNTYW1lT3JpZ2lu UmVzb3VyY2UoY29uc3QgU3RyaW5nJiB1cmwpOwpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9n Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gOTUyNDUpCisr KyBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxNCBAQAor MjAxMS0wOS0xNSAgVG9tIFNlcGV6ICA8dHNlcGV6QGNocm9taXVtLm9yZz4KKworICAgICAgICBN YWtlIFhTU0F1ZGl0b3IgdHJ1bmNhdGUgaW5saW5lIHNuaXBwZXRzIGF0IGEgcmVhc29uYWJsZSBs ZW5ndGggYmVmb3JlIGNvbXBhcmlzb24KKyAgICAgICAgcmVzcGVjdGluZyBib3VuZGFyaWVzIG9m IG11bHRpcGx5IHVybGVuY29kZWQgc2VxdWVuY2VzLgorICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NjgwOTIKKyAgICAgICAgCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS94c3NB dWRpdG9yL3Byb3BlcnR5LWVzY2FwZS1sb25nLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAg ICogaHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL3Byb3BlcnR5LWVzY2FwZS1sb25nLmh0 bWw6IEFkZGVkLgorCiAyMDExLTA5LTE1ICBEYXZpZCBIeWF0dCAgPGh5YXR0QGFwcGxlLmNvbT4K IAogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Mjc1NzkK SW5kZXg6IExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9wcm9wZXJ0 eS1lc2NhcGUtbG9uZy1leHBlY3RlZC50eHQKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvaHR0 cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL3Byb3BlcnR5LWVzY2FwZS1sb25nLWV4cGVjdGVk LnR4dAkocmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNz QXVkaXRvci9wcm9wZXJ0eS1lc2NhcGUtbG9uZy1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBA IC0wLDAgKzEsMyBAQAorQ09OU09MRSBNRVNTQUdFOiBsaW5lIDE6IFJlZnVzZWQgdG8gZXhlY3V0 ZSBhIEphdmFTY3JpcHQgc2NyaXB0LiBTb3VyY2UgY29kZSBvZiBzY3JpcHQgZm91bmQgd2l0aGlu IHJlcXVlc3QuCisKKwpJbmRleDogTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS94c3NB dWRpdG9yL3Byb3BlcnR5LWVzY2FwZS1sb25nLmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVz dHMvaHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL3Byb3BlcnR5LWVzY2FwZS1sb25nLmh0 bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1 ZGl0b3IvcHJvcGVydHktZXNjYXBlLWxvbmcuaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwx NSBAQAorPCFET0NUWVBFIGh0bWw+Cis8aHRtbD4KKzxoZWFkPgorPHNjcmlwdD4KK2lmICh3aW5k b3cubGF5b3V0VGVzdENvbnRyb2xsZXIpIHsKKyAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFz VGV4dCgpOworICBsYXlvdXRUZXN0Q29udHJvbGxlci5zZXRYU1NBdWRpdG9yRW5hYmxlZCh0cnVl KTsKK30KKzwvc2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8aWZyYW1lIHNyYz0iaHR0cDovL2xv Y2FsaG9zdDo4MDAwL3NlY3VyaXR5L3hzc0F1ZGl0b3IvcmVzb3VyY2VzL2VjaG8tcHJvcGVydHku cGw/cT0lMjIlMjBvbmxvYWQ9JTIyYWxlcnQoMTExJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUy NTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUz MiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIl MjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1 MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMy JTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUyNTMyJTI1MzIlMjUzMiUy NTMyJTI1MzIlMjUzMikiPgorPC9pZnJhbWU+Cis8L2JvZHk+Cis8L2h0bWw+Cg==