Bug 53354

Summary: XSSFilter should log to the console when it blocks something
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, dbates, eric, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 49845    
Attachments:
Description Flags
Patch
none
Patch for landing commit-queue: commit-queue-

Description Adam Barth 2011-01-28 16:44:36 PST 
XSSFilter should log to the console when it blocks something
Comment 1 Adam Barth 2011-01-28 16:49:18 PST 
Created attachment 80524 [details]
Patch
Comment 2 Eric Seidel (no email) 2011-01-28 16:52:14 PST 
Comment on attachment 80524 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=80524&action=review

How do we test this?

> Source/WebCore/html/parser/XSSFilter.cpp:151
> +        return filterMetaToken(token) || didBlockScript;

I like the other |= format here, mostly because you used it everywhere else in the file and it's nice to be consistent.  Then you wouldn't return after any of these, just a long else if chain.
Comment 3 Adam Barth 2011-01-28 16:57:49 PST 
> How do we test this?

We have a lot of tests here:

http://trac.webkit.org/browser/trunk/LayoutTests/http/tests/security/xssAuditor

Theoretically we should be able to pass some of them after this patch!
Comment 4 Adam Barth 2011-01-28 17:03:14 PST 
Created attachment 80527 [details]
Patch for landing
Comment 5 WebKit Commit Bot 2011-01-28 17:40:58 PST 
Comment on attachment 80527 [details]
Patch for landing

Rejecting attachment 80527 [details] from commit-queue.

Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'apply-..." exit_code: 2

Last 500 characters of output:
ools/Scripts/svn-apply', u'--force']" exit_code: 1

Parsed 3 diffs from patch file(s).
patching file Source/WebCore/ChangeLog
Hunk #1 FAILED at 1.
Hunk #2 FAILED at 40.
Hunk #3 FAILED at 58.
Hunk #4 FAILED at 80.
4 out of 4 hunks FAILED -- saving rejects to file Source/WebCore/ChangeLog.rej
patching file Source/WebCore/html/parser/XSSFilter.cpp
patching file Source/WebCore/html/parser/XSSFilter.h

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--force']" exit_code: 1

Full output: http://queues.webkit.org/results/7522360
Comment 6 Adam Barth 2011-01-28 18:09:04 PST 
Committed r77041: <http://trac.webkit.org/changeset/77041>