2011-01-28 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 28 Jan 2011 21:29:31 +0000 (21:29 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 28 Jan 2011 21:29:31 +0000 (21:29 +0000)
commit0457d05731635da183889d471ef0a1bce572a7de
tree6188c30a8034b2b441990b6dabc8d49b671f4a7d
parenta67acec2ce1ca1a2facb146fd7a2345dcd6ddbb0
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Sketch out new XSS filter design (disabled by default)
        https://bugs.webkit.org/show_bug.cgi?id=53205

        This patch adds a basic sketch of the new XSS filter design.  Rather
        than watching scripts as they execute, in this design, we watch tokens
        emitted by the tokenizer.  We then map the tokens directly back into
        input characters, which lets us skip all the complicated logic related
        to HTML entities and double-decoding of JavaScript URLs.

        This patch contains only the bare essentially machinery.  I'll add more
        in future patches and eventually remove the previous code once this
        code is up and running correctly.

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::HTMLDocumentParser):
        (WebCore::HTMLDocumentParser::pumpTokenizer):
        (WebCore::HTMLDocumentParser::sourceForToken):
        * html/parser/HTMLDocumentParser.h:
        * html/parser/XSSFilter.cpp: Added.
        * html/parser/XSSFilter.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76980 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
Source/WebCore/Android.mk
Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/GNUmakefile.am
Source/WebCore/WebCore.gypi
Source/WebCore/WebCore.pro
Source/WebCore/WebCore.vcproj/WebCore.vcproj
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/html/parser/HTMLDocumentParser.cpp
Source/WebCore/html/parser/HTMLDocumentParser.h
Source/WebCore/html/parser/XSSFilter.cpp [new file with mode: 0644]
Source/WebCore/html/parser/XSSFilter.h [new file with mode: 0644]