XSSAuditor is silent
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Nov 2011 21:05:10 +0000 (21:05 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Nov 2011 21:05:10 +0000 (21:05 +0000)
commit377d725bc87c82be73aa0c41753f09336374a8c3
treedf5026fda0149531edfeab064b8caaa7b6c07bfc
parent0b4ffbaf6b85e953c97c21d61c891c6a4aa0e0ab
XSSAuditor is silent
https://bugs.webkit.org/show_bug.cgi?id=70973

Patch by Tom Sepez <tsepez@chromium.org> on 2011-11-02
Reviewed by Adam Barth.

Source/WebCore:

Test: http/tests/security/xssAuditor/script-tag-with-callbacks.html

* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::XSSAuditor):
(WebCore::XSSAuditor::filterToken):
* html/parser/XSSAuditor.h:
* loader/EmptyClients.h:
(WebCore::EmptyFrameLoaderClient::didDetectXSS):
* loader/FrameLoaderClient.h:

Source/WebKit/chromium:

* public/WebFrameClient.h:
(WebKit::WebFrameClient::didDetectXSS):
* src/FrameLoaderClientImpl.cpp:
(WebKit::FrameLoaderClientImpl::didDetectXSS):
* src/FrameLoaderClientImpl.h:

Source/WebKit/efl:

* WebCoreSupport/FrameLoaderClientEfl.cpp:
(WebCore::FrameLoaderClientEfl::didDetectXSS):
* WebCoreSupport/FrameLoaderClientEfl.h:

Source/WebKit/gtk:

* WebCoreSupport/FrameLoaderClientGtk.cpp:
(WebKit::FrameLoaderClient::didDetectXSS):
* WebCoreSupport/FrameLoaderClientGtk.h:

Source/WebKit/mac:

* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::didRunInsecureContent):
(WebFrameLoaderClient::didDetectXSS):
* WebView/WebDelegateImplementationCaching.h:
* WebView/WebFrameLoadDelegatePrivate.h:
* WebView/WebView.mm:
(-[WebView _cacheFrameLoadDelegateImplementations]):

Source/WebKit/qt:

* WebCoreSupport/FrameLoaderClientQt.cpp:
(WebCore::FrameLoaderClientQt::didDetectXSS):
* WebCoreSupport/FrameLoaderClientQt.h:

Source/WebKit/win:

* WebCoreSupport/WebFrameLoaderClient.cpp:
(WebFrameLoaderClient::didDetectXSS):
* WebCoreSupport/WebFrameLoaderClient.h:

Source/WebKit/wince:

* WebCoreSupport/FrameLoaderClientWinCE.cpp:
(WebKit::FrameLoaderClientWinCE::didDetectXSS):
* WebCoreSupport/FrameLoaderClientWinCE.h:

Source/WebKit/wx:

* WebKitSupport/FrameLoaderClientWx.cpp:
(WebCore::FrameLoaderClientWx::didDetectXSS):
* WebKitSupport/FrameLoaderClientWx.h:

Source/WebKit2:

* UIProcess/API/C/WKPage.h:
* UIProcess/API/gtk/WebKitWebLoaderClient.cpp:
(webkitWebLoaderClientAttachLoaderClientToPage):
* UIProcess/WebLoaderClient.cpp:
(WebKit::WebLoaderClient::didDetectXSSForFrame):
* UIProcess/WebLoaderClient.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didDetectXSSForFrame):
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* WebProcess/InjectedBundle/API/c/WKBundlePage.h:
* WebProcess/InjectedBundle/InjectedBundlePageLoaderClient.cpp:
(WebKit::InjectedBundlePageLoaderClient::didDetectXSSForFrame):
* WebProcess/InjectedBundle/InjectedBundlePageLoaderClient.h:
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::didDetectXSS):
* WebProcess/WebCoreSupport/WebFrameLoaderClient.h:

Tools:

* DumpRenderTree/chromium/WebViewHost.cpp:
(WebViewHost::didDetectXSS):
* DumpRenderTree/chromium/WebViewHost.h:
* DumpRenderTree/mac/FrameLoadDelegate.mm:
(-[FrameLoadDelegate webView:didDetectXSS:]):
* MiniBrowser/mac/BrowserWindowController.m:
(didDetectXSSForFrame):
(-[BrowserWindowController awakeFromNib]):
* WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:
(WTR::InjectedBundlePage::InjectedBundlePage):
(WTR::InjectedBundlePage::didDetectXSSForFrame):
* WebKitTestRunner/InjectedBundle/InjectedBundlePage.h:

LayoutTests:

* http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-with-callbacks.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@99096 268f45cc-cd09-0410-ab3c-d52691b4dbfc
56 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/script-tag-with-callbacks.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSAuditor.cpp
Source/WebCore/html/parser/XSSAuditor.h
Source/WebCore/loader/EmptyClients.h
Source/WebCore/loader/FrameLoaderClient.h
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/public/WebFrameClient.h
Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp
Source/WebKit/chromium/src/FrameLoaderClientImpl.h
Source/WebKit/efl/ChangeLog
Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.cpp
Source/WebKit/efl/WebCoreSupport/FrameLoaderClientEfl.h
Source/WebKit/gtk/ChangeLog
Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.h
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.h
Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm
Source/WebKit/mac/WebView/WebDelegateImplementationCaching.h
Source/WebKit/mac/WebView/WebFrameLoadDelegatePrivate.h
Source/WebKit/mac/WebView/WebView.mm
Source/WebKit/qt/ChangeLog
Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp
Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.h
Source/WebKit/win/ChangeLog
Source/WebKit/win/WebCoreSupport/WebFrameLoaderClient.cpp
Source/WebKit/win/WebCoreSupport/WebFrameLoaderClient.h
Source/WebKit/wince/ChangeLog
Source/WebKit/wince/WebCoreSupport/FrameLoaderClientWinCE.cpp
Source/WebKit/wince/WebCoreSupport/FrameLoaderClientWinCE.h
Source/WebKit/wx/ChangeLog
Source/WebKit/wx/WebKitSupport/FrameLoaderClientWx.cpp
Source/WebKit/wx/WebKitSupport/FrameLoaderClientWx.h
Source/WebKit2/ChangeLog
Source/WebKit2/UIProcess/API/C/WKPage.h
Source/WebKit2/UIProcess/API/gtk/WebKitWebLoaderClient.cpp
Source/WebKit2/UIProcess/WebLoaderClient.cpp
Source/WebKit2/UIProcess/WebLoaderClient.h
Source/WebKit2/UIProcess/WebPageProxy.cpp
Source/WebKit2/UIProcess/WebPageProxy.h
Source/WebKit2/UIProcess/WebPageProxy.messages.in
Source/WebKit2/WebProcess/InjectedBundle/API/c/WKBundlePage.h
Source/WebKit2/WebProcess/InjectedBundle/InjectedBundlePageLoaderClient.cpp
Source/WebKit2/WebProcess/InjectedBundle/InjectedBundlePageLoaderClient.h
Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h
Tools/ChangeLog
Tools/DumpRenderTree/chromium/WebViewHost.cpp
Tools/DumpRenderTree/chromium/WebViewHost.h
Tools/DumpRenderTree/mac/FrameLoadDelegate.mm
Tools/MiniBrowser/mac/BrowserWindowController.m
Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp
Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.h