XSSAuditor::decodedSnippetForJavaScript stopping when comma encountered.
authortsepez@chromium.org <tsepez@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Nov 2012 18:49:07 +0000 (18:49 +0000)
committertsepez@chromium.org <tsepez@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Nov 2012 18:49:07 +0000 (18:49 +0000)
commit00cb9a3933476ed68decf52977d1b2a9ff1a0e8b
tree360679d305db237d60ac108d5203a16c6dcc5f89
parent1738dc8018cb6d0f956805906cda38efbf14fdb6
XSSAuditor::decodedSnippetForJavaScript stopping when comma encountered.
https://bugs.webkit.org/show_bug.cgi?id=102587

Reviewed by Adam Barth.

Source/WebCore:

Rather than returning an empty fragment, continue processing the body
of a script tag when the decoded fragment reduces to nothing.

Test: http/tests/security/xssAuditor/script-tag-with-actual-comma.html

* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::decodedSnippetForJavaScript):

LayoutTests:

* http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-with-actual-comma.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@135299 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/script-tag-with-actual-comma.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSAuditor.cpp