A bunch of xssAuditor tests are failing in Chromium (all platforms) after http://trac.webkit.org/changeset/60014/. Failing tests: http/tests/security/xssAuditor/anchor-url-dom-write-location.html,http/tests/security/xssAuditor/dom-write-URL.html,http/tests/security/xssAuditor/dom-write-location.html,http/tests/security/xssAuditor/full-block-get-from-iframe.html,http/tests/security/xssAuditor/full-block-iframe-no-inherit.php,http/tests/security/xssAuditor/full-block-post-from-iframe.html,http/tests/security/xssAuditor/get-from-iframe.html,http/tests/security/xssAuditor/javascript-link-safe.html,http/tests/security/xssAuditor/link-opens-new-window.html,http/tests/security/xssAuditor/malformed-xss-protection-header.html,http/tests/security/xssAuditor/post-from-iframe.html,http/tests/security/xssAuditor/script-tag-addslashes-backslash.html,http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html,http/tests/security/xssAuditor/script-tag-addslashes-null-char.html,http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html,http/tests/security/xssAuditor/script-tag-control-char.html,http/tests/security/xssAuditor/script-tag-convoluted.html,http/tests/security/xssAuditor/script-tag-entities.html,http/tests/security/xssAuditor/script-tag-null-char.html,http/tests/security/xssAuditor/script-tag-open-redirect.html,http/tests/security/xssAuditor/script-tag-post-control-char.html,http/tests/security/xssAuditor/script-tag-post-null-char.html,http/tests/security/xssAuditor/script-tag-post.html,http/tests/security/xssAuditor/script-tag-redirect.html,http/tests/security/xssAuditor/script-tag.html,http/tests/security/xssAuditor/xss-protection-parsing-01.html,http/tests/security/xssAuditor/full-block-script-tag.html They all fail with ALERT: /XSS/. I think the issue is just a bad if statement in trunk/WebCore/bindings/v8/ScriptController.cpp, patch upcoming.
Created attachment 56809 [details] Patch - Just making the v8 if statement match jsc one. Running this change with Chromium makes the failing tests pass, but granted, I don't know anything about this code, so please make sure this makes sense!
Comment on attachment 56809 [details] Patch - Just making the v8 if statement match jsc one. LGTM. I must have missed that in the review, thanks.
Committed in http://trac.webkit.org/changeset/60028.
http://trac.webkit.org/changeset/60028 might have broken SnowLeopard Intel Release (Tests)
I take responsibility. I first made shouldAllowXSS a boolean then switched to an enum for clarity and missed changing the V8 code. Thanks Julie Parent and Adam Barth for following up.