RESOLVED FIXED Bug 33419
[XSSAuditor] Add XSSAuditor support to Qt DRT 
https://bugs.webkit.org/show_bug.cgi?id=33419
Summary [XSSAuditor] Add XSSAuditor support to Qt DRT
Daniel Bates
Reported 2010-01-08 22:50:38 PST
We should add support for the XSSAuditor to the Qt DRT.
Attachments
Patch (5.52 KB, patch)
2010-01-08 22:55 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Patch (5.51 KB, patch)
2010-01-08 22:58 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Patch (8.73 KB, patch)
2010-01-10 09:25 PST, Robert Hogan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2010-01-08 22:55:53 PST
Created attachment 46197 [details] Patch
Daniel Bates
Comment 2 2010-01-08 22:58:41 PST
Created attachment 46198 [details] Patch
Adam Barth
Comment 3 2010-01-08 23:02:35 PST
Comment on attachment 46198 [details] Patch yes
Simon Hausmann
Comment 4 2010-01-09 01:34:03 PST
Thanks Daniel for the patch! I realize we also need to document in the API docs what exactly the XSSAuditorEnabled setting does. I'll spin off a separate bug.
Daniel Bates
Comment 5 2010-01-09 16:40:49 PST
Committed r53044: <http://trac.webkit.org/changeset/53044>
Daniel Bates
Comment 6 2010-01-09 19:21:34 PST
Need to look into why, even with this change, the XSSAuditor tests failed on the Qt bot. At first we thought that only a few XSSAuditor tests were failing (see bug #33440), so we skipped them (http://trac.webkit.org/changeset/53045). However, this did not resolve the issue and more XSSAuditor tests were failing. So, we decided to roll out this patch. Hence, we rolled out the changes committed in change sets 53045 and 53044 (in that order) in <http://trac.webkit.org/changeset/53047> and <http://trac.webkit.org/changeset/53048>, respectively. Strangely, with this patch applied, all XSSAuditor tests passed on my Ubuntu Qt build (r52685).
Robert Hogan
Comment 7 2010-01-10 09:25:09 PST
Created attachment 46234 [details] Patch Support for XSSAuditor needs to set both the global and page settings so that pages opened from the test inherit the setting. This is required for at least one test (open-in-new-window.html). It also means that the XSSAuditor should not be set in the WebPage constructor. I'm not sure if the failures experienced on the buildbot were related.
Adam Barth
Comment 8 2010-01-10 10:29:29 PST
Comment on attachment 46234 [details] Patch Ok. It's strange that the Qt DRT has two levels of settings while the other ones have one, but that's an issue for another day.
Daniel Bates
Comment 9 2010-01-10 10:39:40 PST
Thank you Robert.
WebKit Commit Bot
Comment 10 2010-01-10 20:09:09 PST
Comment on attachment 46234 [details] Patch Clearing flags on attachment: 46234 Committed r53060: <http://trac.webkit.org/changeset/53060>
WebKit Commit Bot
Comment 11 2010-01-10 20:09:17 PST
All reviewed patches have been landed. Closing bug.
Eric Seidel (no email)
Comment 12 2010-01-10 21:22:05 PST
This caused Qt to start failing. Bug 33460. I'm going to roll this out unless I hear otherwise.
Daniel Bates
Comment 13 2010-01-10 23:00:15 PST
(In reply to comment #12) > This caused Qt to start failing. Bug 33460. I'm going to roll this out unless > I hear otherwise. Spoke with Eric on IRC today (01/10/2010). Decided to add failing test http/tests/security/xssAuditor/malformed-HTML.html to Qt Skipped file for now. See bug #33460 for more details.
Note You need to log in before you can comment on or make changes to this bug.