Bug 40287 - HTML5 Parser needs to integrate with the XSSAuditor
Summary: HTML5 Parser needs to integrate with the XSSAuditor
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: Eric Seidel (no email)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-08 01:12 PDT by Eric Seidel (no email)
Modified: 2010-06-09 10:09 PDT (History)
2 users (show)

See Also:

Attachments
patch (4.68 KB, patch)
2010-06-08 01:18 PDT, Eric Seidel (no email) 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Seidel (no email) 2010-06-08 01:12:10 PDT 
HTML5 Parser needs to integrate with the XSSAuditor
Comment 1 Eric Seidel (no email) 2010-06-08 01:18:38 PDT 
Created attachment 58123 [details]
patch
Comment 2 Eric Seidel (no email) 2010-06-08 02:19:29 PDT 
Comment on attachment 58123 [details]
patch

This fixes 4 or 5 tests and will give Adam a place to start from when he goes back to make the XSS auditor fully work with the HTML5 parser.
Comment 3 Adam Barth 2010-06-08 10:11:33 PDT 
Comment on attachment 58123 [details]
patch

I don't really understand how this patch builds.  I guess we must inherit m_XSSAuditor from the Tokenizer?  I don't remember writing or reviewing that patch.  I probably would have named it m_xssAuditor...  In any case, if the commit-queue lands this patch, then it must both build and be correct.  ;)
Comment 4 Eric Seidel (no email) 2010-06-08 10:50:51 PDT 
It builds using my powers of awesome:
http://trac.webkit.org/browser/trunk/WebCore/dom/Tokenizer.h#L83
Comment 5 Adam Barth 2010-06-08 10:53:34 PDT 
Woah.  Apparently I did write that code.  We usually talk to it using xssAuditor(), which is probably why I thought it had a lower case XSS.  ;)
Comment 6 Adam Barth 2010-06-09 10:09:16 PDT 
Comment on attachment 58123 [details]
patch

Clearing flags on attachment: 58123

Committed r60898: <http://trac.webkit.org/changeset/60898>
Comment 7 Adam Barth 2010-06-09 10:09:23 PDT 
All reviewed patches have been landed.  Closing bug.