Fix XSS auditor bypass when inline handlers contain comments.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Sep 2011 01:19:04 +0000 (01:19 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Sep 2011 01:19:04 +0000 (01:19 +0000)
commit6b18cade1a9e76f95af114abc91bbf785fd3a04f
tree56ea84a0188424309e75964ff4d499ad990fd976
parent0a2ccf51fec3e92a147c5a4ba3373b33783d4663
Fix XSS auditor bypass when inline handlers contain comments.
https://bugs.webkit.org/show_bug.cgi?id=27895

Patch by Tom Sepez <tsepez@chromium.org> on 2011-09-13
Reviewed by Adam Barth.

Source/WebCore:

Tests: http/tests/security/xssAuditor/property-escape-comment.html
       http/tests/security/xssAuditor/property-escape-entity.html
       http/tests/security/xssAuditor/property-escape-quote.html

* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::snippetForAttribute):

LayoutTests:

* http/tests/security/xssAuditor/malformed-HTML-expected.txt:
* http/tests/security/xssAuditor/open-attribute-body-expected.txt:
* http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt:
* http/tests/security/xssAuditor/property-escape-comment-expected.txt: Added.
* http/tests/security/xssAuditor/property-escape-comment.html: Added.
* http/tests/security/xssAuditor/property-escape-entity-expected.txt: Added.
* http/tests/security/xssAuditor/property-escape-entity.html: Added.
* http/tests/security/xssAuditor/property-escape-quote-expected.txt: Added.
* http/tests/security/xssAuditor/property-escape-quote.html: Added.
* http/tests/security/xssAuditor/resources/echo-property.pl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@95065 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/malformed-HTML-expected.txt
LayoutTests/http/tests/security/xssAuditor/open-attribute-body-expected.txt
LayoutTests/http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt
LayoutTests/http/tests/security/xssAuditor/property-escape-comment-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/property-escape-comment.html [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/property-escape-entity-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/property-escape-entity.html [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/property-escape-quote-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/property-escape-quote.html [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/resources/echo-property.pl
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSAuditor.cpp