Bug 40404

Summary:

Use allowRequestIfNoIllegalURICharacters instead of context for XSSAuditor::canLoadExternalScriptFromSrc

Product:

WebKit

Reporter:

Adam Barth <abarth>

Component:

New Bugs

Assignee:

Adam Barth <abarth>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

dbates, eric, Ms2ger

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

OS X 10.5

Bug Depends on:

Bug Blocks:

39259

Attachments:

Description	Flags
Patch	eric: review+

Adam Barth

Reported 2010-06-09 23:48:52 PDT

Use allowRequestIfNoIllegalURICharacters instead of context for XSSAuditor::canLoadExternalScriptFromSrc

Attachments
Patch (5.78 KB, patch) 2010-06-09 23:55 PDT, Adam Barth	eric: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Adam Barth

Comment 1 2010-06-09 23:55:41 PDT

Created attachment 58336 [details] Patch

Eric Seidel (no email)

Comment 2 2010-06-09 23:58:20 PDT

Comment on attachment 58336 [details] Patch OK. dbates should at least see this go by.

Ms2ger (he/him; ⌚ UTC+1/+2)

Comment 3 2010-06-10 02:28:39 PDT

> // FIXME: We have no easy way to provide the XSSAuditor with the original > // un-processed attribute source, so for now we pass nullAtom. >- return m_XSSAuditor->canLoadExternalScriptFromSrc(nullAtom, srcValue); >+ return m_XSSAuditor->canLoadExternalScriptFromSrc(srcValue); Update the comment?

Adam Barth

Comment 4 2010-06-10 10:21:52 PDT

Good catch. One sec.

Adam Barth

Comment 5 2010-06-10 10:40:12 PDT

Committed r60964: <http://trac.webkit.org/changeset/60964>

Note You need to log in before you can comment on or make changes to this bug.