RESOLVED FIXED 39560
REGRESSION: xssAuditor tests failing in Chromium 
https://bugs.webkit.org/show_bug.cgi?id=39560
Summary REGRESSION: xssAuditor tests failing in Chromium
Julie Parent
Reported 2010-05-22 23:00:50 PDT
A bunch of xssAuditor tests are failing in Chromium (all platforms) after http://trac.webkit.org/changeset/60014/. Failing tests: http/tests/security/xssAuditor/anchor-url-dom-write-location.html,http/tests/security/xssAuditor/dom-write-URL.html,http/tests/security/xssAuditor/dom-write-location.html,http/tests/security/xssAuditor/full-block-get-from-iframe.html,http/tests/security/xssAuditor/full-block-iframe-no-inherit.php,http/tests/security/xssAuditor/full-block-post-from-iframe.html,http/tests/security/xssAuditor/get-from-iframe.html,http/tests/security/xssAuditor/javascript-link-safe.html,http/tests/security/xssAuditor/link-opens-new-window.html,http/tests/security/xssAuditor/malformed-xss-protection-header.html,http/tests/security/xssAuditor/post-from-iframe.html,http/tests/security/xssAuditor/script-tag-addslashes-backslash.html,http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html,http/tests/security/xssAuditor/script-tag-addslashes-null-char.html,http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html,http/tests/security/xssAuditor/script-tag-control-char.html,http/tests/security/xssAuditor/script-tag-convoluted.html,http/tests/security/xssAuditor/script-tag-entities.html,http/tests/security/xssAuditor/script-tag-null-char.html,http/tests/security/xssAuditor/script-tag-open-redirect.html,http/tests/security/xssAuditor/script-tag-post-control-char.html,http/tests/security/xssAuditor/script-tag-post-null-char.html,http/tests/security/xssAuditor/script-tag-post.html,http/tests/security/xssAuditor/script-tag-redirect.html,http/tests/security/xssAuditor/script-tag.html,http/tests/security/xssAuditor/xss-protection-parsing-01.html,http/tests/security/xssAuditor/full-block-script-tag.html They all fail with ALERT: /XSS/. I think the issue is just a bad if statement in trunk/WebCore/bindings/v8/ScriptController.cpp, patch upcoming.
Attachments
Patch - Just making the v8 if statement match jsc one. (1.28 KB, patch)
2010-05-22 23:07 PDT, Julie Parent 		abarth: review+
abarth: commit-queue+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Julie Parent
Comment 1 2010-05-22 23:07:16 PDT
Created attachment 56809 [details] Patch - Just making the v8 if statement match jsc one. Running this change with Chromium makes the failing tests pass, but granted, I don't know anything about this code, so please make sure this makes sense!
Adam Barth
Comment 2 2010-05-22 23:10:20 PDT
Comment on attachment 56809 [details] Patch - Just making the v8 if statement match jsc one. LGTM. I must have missed that in the review, thanks.
Julie Parent
Comment 3 2010-05-22 23:46:30 PDT
Committed in http://trac.webkit.org/changeset/60028.
WebKit Review Bot
Comment 4 2010-05-23 00:22:19 PDT
http://trac.webkit.org/changeset/60028 might have broken SnowLeopard Intel Release (Tests)
Daniel Bates
Comment 5 2010-05-23 00:49:20 PDT
I take responsibility. I first made shouldAllowXSS a boolean then switched to an enum for clarity and missed changing the V8 code. Thanks Julie Parent and Adam Barth for following up.
Note You need to log in before you can comment on or make changes to this bug.