111946 – XSSAuditor doesn't need a copy of the original document's body.

Bug 111946 - XSSAuditor doesn't need a copy of the original document's body.

Summary: XSSAuditor doesn't need a copy of the original document's body.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mike West

URL:
Keywords:

Depends on:
Blocks:	110733
	Show dependency tree / graph

Reported:	2013-03-10 14:54 PDT by Mike West
Modified:	2013-03-11 02:50 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (8.06 KB, patch) 2013-03-10 15:09 PDT, Mike West	no flags	Details \| Formatted Diff \| Diff
Patch for landing (8.03 KB, patch) 2013-03-11 02:22 PDT, Mike West	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike West 2013-03-10 14:54:14 PDT

XSSAuditor doesn't need a copy of the original document's body.

Comment 1 Mike West 2013-03-10 15:09:12 PDT

Created attachment 192387 [details]
Patch

Comment 2 Darin Adler 2013-03-10 17:33:40 PDT

Comment on attachment 192387 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=192387&action=review

> Source/WebCore/html/parser/XSSAuditor.cpp:336
> +        if (!m_reportURL.isEmpty())
>              m_reportURL = KURL();

This is now a strange sequence. It says “make all URLs null except for the empty URL”; having logic that goes out of its way to preserve the empty URL rather than replacing it with null is strange. I suggest an unconditional assignment without an if statement.

> Source/WebCore/html/parser/XSSAuditorDelegate.cpp:83
> +            FormData* formData = frameLoader->documentLoader()->originalRequest().httpBody();
> +            if (formData)
> +                httpBody = formData->flattenToString();

It’s sometimes considered good style to write code like this with the assignment in the if statement itself. I like it that way.

Comment 3 Mike West 2013-03-11 02:10:00 PDT

Thanks for taking a look!

(In reply to comment #2)
> (From update of attachment 192387 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=192387&action=review
> 
> > Source/WebCore/html/parser/XSSAuditor.cpp:336
> > +        if (!m_reportURL.isEmpty())
> >              m_reportURL = KURL();
> 
> This is now a strange sequence. It says “make all URLs null except for the empty URL”; having logic that goes out of its way to preserve the empty URL rather than replacing it with null is strange. I suggest an unconditional assignment without an if statement.

The goal here is to only send one report per page. I think we should actually refactor this into a counter stored on XSSAuditorDelegate now that I look at it: bug 111964.

For this patch, I'm happy to just drop the `if`.

> > Source/WebCore/html/parser/XSSAuditorDelegate.cpp:83
> > +            FormData* formData = frameLoader->documentLoader()->originalRequest().httpBody();
> > +            if (formData)
> > +                httpBody = formData->flattenToString();
> 
> It’s sometimes considered good style to write code like this with the assignment in the if statement itself. I like it that way.

I personally prefer one effect per line when possible, but it's a pretty common pattern in WebCore, so I'm happy to try to start using it. :)

Comment 4 Mike West 2013-03-11 02:22:01 PDT

Created attachment 192427 [details]
Patch for landing

Comment 5 WebKit Review Bot 2013-03-11 02:50:25 PDT

Comment on attachment 192427 [details]
Patch for landing

Clearing flags on attachment: 192427

Committed r145348: <http://trac.webkit.org/changeset/145348>

Comment 6 WebKit Review Bot 2013-03-11 02:50:29 PDT

All reviewed patches have been landed.  Closing bug.