2011-01-29 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jan 2011 09:22:18 +0000 (09:22 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jan 2011 09:22:18 +0000 (09:22 +0000)
commit41f95e3fe344ce85d55d72c5f74d042183619089
tree9eb858f6ce49d15d126a8e90ae424a306a2b268f
parent69506ce3a2cf72e4790ca97994cdea2865004236
2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should replace URLs with about:blank instead of the empty string
        https://bugs.webkit.org/show_bug.cgi?id=53370

        Using the empty string will make the URL complete to the current
        document's URL, which isn't really what we want.  Instead, we want to
        use about:blank, which is safe.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77060 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSFilter.cpp