Bug 40287

Summary:

HTML5 Parser needs to integrate with the XSSAuditor

Product:

WebKit

Reporter:

Eric Seidel (no email) <eric>

Component:

New Bugs

Assignee:

Eric Seidel (no email) <eric>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, tonyg

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

OS X 10.5

Attachments:

Description	Flags
patch	none

Description Eric Seidel (no email) 2010-06-08 01:12:10 PDT

HTML5 Parser needs to integrate with the XSSAuditor

Comment 1 Eric Seidel (no email) 2010-06-08 01:18:38 PDT

Created attachment 58123 [details]
patch

Comment 2 Eric Seidel (no email) 2010-06-08 02:19:29 PDT

Comment on attachment 58123 [details]
patch

This fixes 4 or 5 tests and will give Adam a place to start from when he goes back to make the XSS auditor fully work with the HTML5 parser.

Comment 3 Adam Barth 2010-06-08 10:11:33 PDT

Comment on attachment 58123 [details]
patch

I don't really understand how this patch builds.  I guess we must inherit m_XSSAuditor from the Tokenizer?  I don't remember writing or reviewing that patch.  I probably would have named it m_xssAuditor...  In any case, if the commit-queue lands this patch, then it must both build and be correct.  ;)

Comment 4 Eric Seidel (no email) 2010-06-08 10:50:51 PDT

It builds using my powers of awesome:
http://trac.webkit.org/browser/trunk/WebCore/dom/Tokenizer.h#L83

Comment 5 Adam Barth 2010-06-08 10:53:34 PDT

Woah.  Apparently I did write that code.  We usually talk to it using xssAuditor(), which is probably why I thought it had a lower case XSS.  ;)

Comment 6 Adam Barth 2010-06-09 10:09:16 PDT

Comment on attachment 58123 [details]
patch

Clearing flags on attachment: 58123

Committed r60898: <http://trac.webkit.org/changeset/60898>

Comment 7 Adam Barth 2010-06-09 10:09:23 PDT

All reviewed patches have been landed.  Closing bug.