| Summary: | Regression: View Source not showing closing script tags | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Keishi Hattori <keishi> | ||||||
| Component: | WebCore Misc. | Assignee: | Thomas Sepez <tsepez> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | abarth, tsepez, webkit.review.bot | ||||||
| Priority: | P2 | ||||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
|
Description
Keishi Hattori
2011-09-27 06:26:58 PDT
Tom, your patch to SourceTracker probably broke this. I thought we had tests covering this case, but I guess we don't. Created attachment 108912 [details]
Patching XSSAuditor
Most prudent fix is to revert the truncation of the token in the HTMLTokenizer, and beware of the trailing close script tag. We now have XSSAuditor::javaScriptForSnippet() which is well suited to doing this itself. My patch at the tokenizer level fails badly when document.write re-introduces more text around the insertion point. I'd like to get this resolved, and see if we can't get proper tokenization later. The patch to the XSSAuditor is still relevant even in a world where the tokenizer appears correct as a second line of defense. The tests are still running locally, I'll flip commit-queue back to ? when they pass, but it would be good to get comments now.
Created attachment 108914 [details]
Patch + be more grammatical
Comment on attachment 108914 [details]
Patch + be more grammatical
Ok. I guess discretion is the better part of valor. :)
Comment on attachment 108914 [details]
Patch + be more grammatical
Tests OK. Setting c-c: ?
Comment on attachment 108914 [details] Patch + be more grammatical Clearing flags on attachment: 108914 Committed r96231: <http://trac.webkit.org/changeset/96231> All reviewed patches have been landed. Closing bug. |