XSSFilter should log to the console when it blocks something
Created attachment 80524 [details] Patch
Comment on attachment 80524 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=80524&action=review How do we test this? > Source/WebCore/html/parser/XSSFilter.cpp:151 > + return filterMetaToken(token) || didBlockScript; I like the other |= format here, mostly because you used it everywhere else in the file and it's nice to be consistent. Then you wouldn't return after any of these, just a long else if chain.
> How do we test this? We have a lot of tests here: http://trac.webkit.org/browser/trunk/LayoutTests/http/tests/security/xssAuditor Theoretically we should be able to pass some of them after this patch!
Created attachment 80527 [details] Patch for landing
Comment on attachment 80527 [details] Patch for landing Rejecting attachment 80527 [details] from commit-queue. Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'apply-..." exit_code: 2 Last 500 characters of output: ools/Scripts/svn-apply', u'--force']" exit_code: 1 Parsed 3 diffs from patch file(s). patching file Source/WebCore/ChangeLog Hunk #1 FAILED at 1. Hunk #2 FAILED at 40. Hunk #3 FAILED at 58. Hunk #4 FAILED at 80. 4 out of 4 hunks FAILED -- saving rejects to file Source/WebCore/ChangeLog.rej patching file Source/WebCore/html/parser/XSSFilter.cpp patching file Source/WebCore/html/parser/XSSFilter.h Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--force']" exit_code: 1 Full output: http://queues.webkit.org/results/7522360
Committed r77041: <http://trac.webkit.org/changeset/77041>