Bug 27174

Summary: XSSAuditor needs cleanup
Product: WebKit Reporter: Adam Barth <abarth>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: dbates, mjs, sam
Priority: P2 Keywords: XSSAuditor
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on: 27494    
Bug Blocks:    
Attachments:
Description Flags
Patch with tests
abarth: review-
Patch
none
patch abarth: review+

Adam Barth
Reported 2009-07-11 01:02:40 PDT
Now that we've gotten all the known false negatives squared away, it's time to do a cleanup patch for the XSSAuditor. For example, findInURL takes too many Boolean arguments. I'll post a patch in a bit.
Attachments
Patch with tests (19.00 KB, patch)
2009-07-22 13:29 PDT, Daniel Bates 		abarth: review-
DetailsFormatted DiffDiff
Patch (18.14 KB, patch)
2009-07-22 15:16 PDT, Daniel Bates 		no flags
DetailsFormatted DiffDiff
patch (18.06 KB, patch)
2009-07-22 15:23 PDT, Daniel Bates 		abarth: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2009-07-22 13:29:04 PDT
Created attachment 33286 [details] Patch with tests This patch also addresses bug #26938.
Adam Barth
Comment 2 2009-07-22 14:22:19 PDT
Comment on attachment 33286 [details] Patch with tests Spoke to Dan in person. We want to remove all the slashes.
Daniel Bates
Comment 3 2009-07-22 15:16:57 PDT
Created attachment 33299 [details] Patch Updated patch, removed XSSAuditor::stripSlashes
Daniel Bates
Comment 4 2009-07-22 15:23:42 PDT
Created attachment 33301 [details] patch
Adam Barth
Comment 5 2009-07-22 15:24:43 PDT
Comment on attachment 33301 [details] patch Thanks Dan.
Adam Barth
Comment 6 2009-07-22 16:27:30 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog A LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-addslashes.pl A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html M WebCore/ChangeLog M WebCore/page/XSSAuditor.cpp M WebCore/page/XSSAuditor.h Committed r46250 M WebKitTools/ChangeLog M WebKitTools/Scripts/modules/cpplint_unittest.py M WebKitTools/Scripts/modules/cpplint.py r46248 = cda7d0b0e991f7b929f194698f2f703bff126f51 (trunk) M WebKitTools/ChangeLog D WebKitTools/Scripts/run-webkit-lint A WebKitTools/Scripts/check-webkit-style r46249 = afae2f5bd610037dc1cf72c9a9af625b855fa68c (trunk) M WebCore/ChangeLog M WebCore/page/XSSAuditor.cpp M WebCore/page/XSSAuditor.h A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html A LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-addslashes.pl A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html M LayoutTests/ChangeLog r46250 = 1f56a65a26d0efe48750fa4c52bdb65a74767f42 (trunk) First, rewinding head to replay your work on top of it... Nothing to do. http://trac.webkit.org/changeset/46250
Note You need to log in before you can comment on or make changes to this bug.