RESOLVED FIXED Bug 27174
XSSAuditor needs cleanup 
https://bugs.webkit.org/show_bug.cgi?id=27174
Summary XSSAuditor needs cleanup
Adam Barth
Reported 2009-07-11 01:02:40 PDT
Now that we've gotten all the known false negatives squared away, it's time to do a cleanup patch for the XSSAuditor. For example, findInURL takes too many Boolean arguments. I'll post a patch in a bit.
Attachments
Patch with tests (19.00 KB, patch)
2009-07-22 13:29 PDT, Daniel Bates 		abarth: review-
DetailsFormatted DiffDiff
Patch (18.14 KB, patch)
2009-07-22 15:16 PDT, Daniel Bates 		no flags
DetailsFormatted DiffDiff
patch (18.06 KB, patch)
2009-07-22 15:23 PDT, Daniel Bates 		abarth: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2009-07-22 13:29:04 PDT
Created attachment 33286 [details] Patch with tests This patch also addresses bug #26938.
Adam Barth
Comment 2 2009-07-22 14:22:19 PDT
Comment on attachment 33286 [details] Patch with tests Spoke to Dan in person. We want to remove all the slashes.
Daniel Bates
Comment 3 2009-07-22 15:16:57 PDT
Created attachment 33299 [details] Patch Updated patch, removed XSSAuditor::stripSlashes
Daniel Bates
Comment 4 2009-07-22 15:23:42 PDT
Created attachment 33301 [details] patch
Adam Barth
Comment 5 2009-07-22 15:24:43 PDT
Comment on attachment 33301 [details] patch Thanks Dan.
Adam Barth
Comment 6 2009-07-22 16:27:30 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog A LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-addslashes.pl A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html M WebCore/ChangeLog M WebCore/page/XSSAuditor.cpp M WebCore/page/XSSAuditor.h Committed r46250 M WebKitTools/ChangeLog M WebKitTools/Scripts/modules/cpplint_unittest.py M WebKitTools/Scripts/modules/cpplint.py r46248 = cda7d0b0e991f7b929f194698f2f703bff126f51 (trunk) M WebKitTools/ChangeLog D WebKitTools/Scripts/run-webkit-lint A WebKitTools/Scripts/check-webkit-style r46249 = afae2f5bd610037dc1cf72c9a9af625b855fa68c (trunk) M WebCore/ChangeLog M WebCore/page/XSSAuditor.cpp M WebCore/page/XSSAuditor.h A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html A LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag-addslashes.pl A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-backslash.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote-expected.txt A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-null-char.html A LayoutTests/http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html M LayoutTests/ChangeLog r46250 = 1f56a65a26d0efe48750fa4c52bdb65a74767f42 (trunk) First, rewinding head to replay your work on top of it... Nothing to do. http://trac.webkit.org/changeset/46250
Note You need to log in before you can comment on or make changes to this bug.