Bug 60489

Summary: XSSAuditor should be more selective about the <meta http-equivs> that it blocks
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, dbates, eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing
none
Patch for landing none

Description Adam Barth 2011-05-09 11:48:28 PDT 
XSSAuditor should be more selective about the <meta http-equivs> that it blocks
Comment 1 Adam Barth 2011-05-09 11:52:37 PDT 
Created attachment 92815 [details]
Patch
Comment 2 Daniel Bates 2011-05-09 12:00:07 PDT 
Comment on attachment 92815 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92815&action=review

> Source/WebCore/ChangeLog:28
> +        (WebCore::isNonCanonicalCharacter):
> +        (WebCore::canonicalize):
> +        (WebCore::isRequiredForInjection):
> +        (WebCore::hasName):
> +        (WebCore::findAttributeWithName):
> +        (WebCore::isNameOfInlineEventHandler):
> +        (WebCore::isDangerousHTTPEquiv):
> +        (WebCore::containsJavaScriptURL):
> +        (WebCore::decodeURL):
> +        (WebCore::XSSFilter::eraseAttributeIfInjected):

Most of the changes to these methods is because this patch moves them from being in an anonymous namespace to being static functions. So, as to demarcate the syntactic change from the actual change for this bug I suggest adding a remark to the right of isDangerousHTTPEquiv to mention that it was added and add some sort of remark to the other functions (or general sentence to the commit message) to describe the syntactic changes. Alternatively, you could split this into two patches/bugs. One to move the methods from being in an anonymous namespace to being static functions. And one patch/bug to actually make the change described in this bug.
Comment 3 Daniel Bates 2011-05-09 12:01:16 PDT 
Comment on attachment 92815 [details]
Patch

Also, can we test this change?
Comment 4 Adam Barth 2011-05-09 12:03:04 PDT 
Created attachment 92821 [details]
Patch for landing
Comment 5 Adam Barth 2011-05-09 12:03:34 PDT 
Comment on attachment 92821 [details]
Patch for landing

Updated patch.  Eric and I were discussing how and whether we want a test for this patch.
Comment 6 Adam Barth 2011-05-09 12:25:06 PDT 
Created attachment 92826 [details]
Patch for landing
Comment 7 WebKit Commit Bot 2011-05-09 14:20:32 PDT 
Comment on attachment 92826 [details]
Patch for landing

Clearing flags on attachment: 92826

Committed r86087: <http://trac.webkit.org/changeset/86087>
Comment 8 WebKit Commit Bot 2011-05-09 14:20:38 PDT 
All reviewed patches have been landed.  Closing bug.