Bug 111944

Summary: XSSAuditor doesn't need a copy of the original document URL.
Product: WebKit Reporter: Mike West <mkwst>
Component: New BugsAssignee: Mike West <mkwst>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, dbates, esprehn+autocc, ojan.autocc, tsepez, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 110733    
Attachments:
Description Flags
Patch none

Mike West
Reported 2013-03-10 11:47:18 PDT
XSSAuditor doesn't need a copy of the original document URL.
Attachments
Patch (6.50 KB, patch)
2013-03-10 11:57 PDT, Mike West
no flags
Mike West
Comment 1 2013-03-10 11:57:30 PDT
Mike West
Comment 2 2013-03-10 11:59:34 PDT
As Adam noted in https://bugs.webkit.org/show_bug.cgi?id=110733#c36, there doesn't seem to be any good reason to retain a copy of this string.
Adam Barth
Comment 3 2013-03-10 12:45:18 PDT
Comment on attachment 192382 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=192382&action=review > Source/WebCore/html/parser/XSSAuditorDelegate.cpp:76 > reportDetails->setString("request-body", xssInfo.m_originalHTTPBody); Is the same true of the request body?
Mike West
Comment 4 2013-03-10 12:51:53 PDT
(In reply to comment #3) > (From update of attachment 192382 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=192382&action=review > > > Source/WebCore/html/parser/XSSAuditorDelegate.cpp:76 > > reportDetails->setString("request-body", xssInfo.m_originalHTTPBody); > > Is the same true of the request body? Looks like it might be; I don't think there's any circumstance in which the document's loader would change, or the loader's originalRequest. I'll put together another patch and see what happens if I just remove that property as well.
WebKit Review Bot
Comment 5 2013-03-10 12:59:18 PDT
Comment on attachment 192382 [details] Patch Clearing flags on attachment: 192382 Committed r145331: <http://trac.webkit.org/changeset/145331>
WebKit Review Bot
Comment 6 2013-03-10 12:59:21 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.