Bug 39560 - REGRESSION: xssAuditor tests failing in Chromium
Summary: REGRESSION: xssAuditor tests failing in Chromium
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Julie Parent
URL:
Keywords: XSSAuditor
Depends on:
Blocks:
 
Reported: 2010-05-22 23:00 PDT by Julie Parent
Modified: 2010-05-23 00:49 PDT (History)
4 users (show)

See Also:

Attachments
Patch - Just making the v8 if statement match jsc one. (1.28 KB, patch)
2010-05-22 23:07 PDT, Julie Parent 		abarth: review+
abarth: commit-queue+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julie Parent 2010-05-22 23:00:50 PDT 
A bunch of xssAuditor tests are failing in Chromium (all platforms) after http://trac.webkit.org/changeset/60014/.

Failing tests:
http/tests/security/xssAuditor/anchor-url-dom-write-location.html,http/tests/security/xssAuditor/dom-write-URL.html,http/tests/security/xssAuditor/dom-write-location.html,http/tests/security/xssAuditor/full-block-get-from-iframe.html,http/tests/security/xssAuditor/full-block-iframe-no-inherit.php,http/tests/security/xssAuditor/full-block-post-from-iframe.html,http/tests/security/xssAuditor/get-from-iframe.html,http/tests/security/xssAuditor/javascript-link-safe.html,http/tests/security/xssAuditor/link-opens-new-window.html,http/tests/security/xssAuditor/malformed-xss-protection-header.html,http/tests/security/xssAuditor/post-from-iframe.html,http/tests/security/xssAuditor/script-tag-addslashes-backslash.html,http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html,http/tests/security/xssAuditor/script-tag-addslashes-null-char.html,http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html,http/tests/security/xssAuditor/script-tag-control-char.html,http/tests/security/xssAuditor/script-tag-convoluted.html,http/tests/security/xssAuditor/script-tag-entities.html,http/tests/security/xssAuditor/script-tag-null-char.html,http/tests/security/xssAuditor/script-tag-open-redirect.html,http/tests/security/xssAuditor/script-tag-post-control-char.html,http/tests/security/xssAuditor/script-tag-post-null-char.html,http/tests/security/xssAuditor/script-tag-post.html,http/tests/security/xssAuditor/script-tag-redirect.html,http/tests/security/xssAuditor/script-tag.html,http/tests/security/xssAuditor/xss-protection-parsing-01.html,http/tests/security/xssAuditor/full-block-script-tag.html

They all fail with ALERT: /XSS/.

I think the issue is just a bad if statement in trunk/WebCore/bindings/v8/ScriptController.cpp, patch upcoming.
Comment 1 Julie Parent 2010-05-22 23:07:16 PDT 
Created attachment 56809 [details]
Patch - Just making the v8 if statement match jsc one.

Running this change with Chromium makes the failing tests pass, but granted, I don't know anything about this code, so please make sure this makes sense!
Comment 2 Adam Barth 2010-05-22 23:10:20 PDT 
Comment on attachment 56809 [details]
Patch - Just making the v8 if statement match jsc one.

LGTM.  I must have missed that in the review, thanks.
Comment 3 Julie Parent 2010-05-22 23:46:30 PDT 
Committed in http://trac.webkit.org/changeset/60028.
Comment 4 WebKit Review Bot 2010-05-23 00:22:19 PDT 
http://trac.webkit.org/changeset/60028 might have broken SnowLeopard Intel Release (Tests)
Comment 5 Daniel Bates 2010-05-23 00:49:20 PDT 
I take responsibility.  I first made shouldAllowXSS a boolean then switched to an enum for clarity and missed changing the V8 code.

Thanks Julie Parent and Adam Barth for following up.