Bug 26555

Summary: Fix Chromium canary bot
Product: WebKit Reporter: Adam Barth <abarth>
Component: DOMAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, dglazkov, levin, paul
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch
dglazkov: review+
work-in-progress patch none

Adam Barth
Reported 2009-06-19 11:54:45 PDT
The Chromium canary bot is unhappy with some parts of the XSSAuditor. Patch forthcoming.
Attachments
patch (4.15 KB, patch)
2009-06-19 12:23 PDT, Adam Barth 		dglazkov: review+
DetailsFormatted DiffDiff
work-in-progress patch (807 bytes, patch)
2009-06-19 16:35 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2009-06-19 12:23:48 PDT
Created attachment 31559 [details] patch
Dimitri Glazkov (Google)
Comment 2 2009-06-19 13:01:57 PDT
Comment on attachment 31559 [details] patch yay!
Adam Barth
Comment 3 2009-06-19 13:21:08 PDT
Will land. DRT is chugging along as we speak.
Adam Barth
Comment 4 2009-06-19 13:40:44 PDT
Sending WebCore/ChangeLog Sending WebCore/bindings/js/ScriptController.cpp Sending WebCore/bindings/js/ScriptSourceCode.h Sending WebCore/bindings/v8/ScriptController.cpp Sending WebCore/page/XSSAuditor.cpp Sending WebCore/page/XSSAuditor.h Transmitting file data ...... Committed revision 44869.
Darin Adler
Comment 5 2009-06-19 16:00:51 PDT
The source() function in ScriptSourceCode.h looks bad to me. It looks like JavaScriptCore is being forced to copy some code -- won't that make things slow?
David Levin
Comment 6 2009-06-19 16:12:42 PDT
I agree with Darin. It looks like that copy was in there before *but* it was only done when m_isEnabled was true. 59 bool XSSAuditor::canEvaluate(const ScriptSourceCode& sourceCode) const 60 { 61 if (!m_isEnabled) 62 return true; 63 64 return canEvaluate(String(sourceCode.jsSourceCode().data(), sourceCode.jsSourceCode().length())); A simple fix to restore old behavior would be to change this line 84 if (!m_XSSAuditor->canEvaluate(sourceCode.source())) { to 84 if (m_XSSAuditor->isEnabled() && !m_XSSAuditor->canEvaluate(sourceCode.source())) {
Adam Barth
Comment 7 2009-06-19 16:19:56 PDT
(In reply to comment #5) > The source() function in ScriptSourceCode.h looks bad to me. It looks like > JavaScriptCore is being forced to copy some code -- won't that make things > slow? Maybe ScriptSourceCode should just grab a reference to the string on construction? It looks like the string is kept alive anyway because the ScriptSourceCode holds a JSC::SourceCode which holds a RefPtr<SourceProvider> which holds String m_source (via StringSourceProvider : public JSC::SourceProvider).
Adam Barth
Comment 8 2009-06-19 16:35:34 PDT
Created attachment 31572 [details] work-in-progress patch
Adam Barth
Comment 9 2009-06-19 16:44:27 PDT
Follow patch in https://bugs.webkit.org/show_bug.cgi?id=26561
Note You need to log in before you can comment on or make changes to this bug.