Bug 111964

Summary:

Explicitly send only one report via XSSAuditorDelegate.

Product:

WebKit

Reporter:

Mike West <mkwst>

Component:

WebCore Misc.

Assignee:

Mike West <mkwst>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, dbates, esprehn+autocc, ojan.autocc, tsepez, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch for landing	none

Description Mike West 2013-03-11 02:09:09 PDT

We want to send only one report when blocking script/pages via XSSAuditor. Currently, we do this by zeroing out the report URL after creating an XSSInfo object. I'd like to move this responsibility to the XSSAuditorDelegate instead, and do it explicitly via a "m_numberOfReportsSent" counter or "m_reportSent" boolean. That seems simpler to understand.

Comment 1 Mike West 2013-03-11 05:25:30 PDT

Created attachment 192446 [details]
Patch

Comment 2 Adam Barth 2013-03-11 10:44:05 PDT

Comment on attachment 192446 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=192446&action=review

> Source/WebCore/html/parser/XSSAuditor.cpp:-335
> -        m_reportURL = KURL();

Won't m_reportURL now be referenced on multiple threads at the same time?

Comment 3 Mike West 2013-03-12 02:45:01 PDT

(In reply to comment #2)
> (From update of attachment 192446 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=192446&action=review
> 
> > Source/WebCore/html/parser/XSSAuditor.cpp:-335
> > -        m_reportURL = KURL();
> 
> Won't m_reportURL now be referenced on multiple threads at the same time?

Ugh. Yes. r-.

I think it's more elegant to allow the delegate to determine what the reporting policy should be. I'm not sure that elegance is worth making multiple isolated copies of the report URL.

Perhaps it would be possible to send the report URL to the delegate separately, rather than passing it around on an XSSInfo object. How would you feel about exposing the report URL via a public method on XSSAuditor, and adding it as a property to the XSSAuditorDelegate? We could populate it from HTMLDocumentParser::pumpTokenizer directly after initializing the Auditor. This would allow us to remove the property from XSSInfo objects entirely, which would also allow us to drop the thread-safe checks, as it would consist entirely of booleans (and a TextPosition, which might or might not be safe to pass across threads? (it isn't being checked in the existing code)).

WDYT?

Comment 4 Adam Barth 2013-03-12 11:33:33 PDT

Yeah, there don't seem to be much reason to send the report URL to the background thread.  We should give it to the delegate on the main thread somehow.

Comment 5 Mike West 2013-03-12 12:57:04 PDT

(In reply to comment #4)
> Yeah, there don't seem to be much reason to send the report URL to the background thread.  We should give it to the delegate on the main thread somehow.

Forked this into https://bugs.webkit.org/show_bug.cgi?id=112179 for clarity. Mind taking a look?

Comment 6 Mike West 2013-03-13 04:47:24 PDT

Created attachment 192901 [details]
Patch

Comment 7 Adam Barth 2013-03-13 12:51:39 PDT

Comment on attachment 192901 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=192901&action=review

> Source/WebCore/html/parser/XSSAuditorDelegate.cpp:111
> +            RefPtr<FormData> report = generateViolationReport();
> +            PingLoader::sendViolationReport(m_document->frame(), m_reportURL, report);

report.release()

Actually, I would just combine these lines.

Comment 8 Mike West 2013-03-14 03:11:05 PDT

Created attachment 193098 [details]
Patch for landing

Comment 9 WebKit Review Bot 2013-03-14 03:53:38 PDT

Comment on attachment 193098 [details]
Patch for landing

Clearing flags on attachment: 193098

Committed r145801: <http://trac.webkit.org/changeset/145801>

Comment 10 WebKit Review Bot 2013-03-14 03:53:42 PDT

All reviewed patches have been landed.  Closing bug.