XSSAuditor should strip formaction attributes from input and button elements.
authormkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Feb 2013 12:22:11 +0000 (12:22 +0000)
committermkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Feb 2013 12:22:11 +0000 (12:22 +0000)
commita565cb99a08a7e4bf63671fabef811d85f8817bd
treead83ab04eda28106b7948aaedffb89aeae120eec
parent048efe198e6b3f7474962051bf73f61afff23edf
XSSAuditor should strip formaction attributes from input and button elements.
https://bugs.webkit.org/show_bug.cgi?id=110975

Reviewed by Daniel Bates.

Source/WebCore:

The 'formaction' attribute of 'input' and 'button' elements is just as
dangerous as the 'action' attribute of 'form' elements. This patch
teaches the XSSAuditor how to avoid them.

Tests: http/tests/security/xssAuditor/formaction-on-button.html
       http/tests/security/xssAuditor/formaction-on-input.html

* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::filterStartToken):
(WebCore::XSSAuditor::filterInputToken): Added.
(WebCore::XSSAuditor::filterButtonToken): Added.
* html/parser/XSSAuditor.h:
    Create filters for 'input' and 'button' elements, which currently
    only have the effect of filtering the 'formaction' attribute.

LayoutTests:

* http/tests/security/xssAuditor/formaction-on-button-expected.txt: Added.
* http/tests/security/xssAuditor/formaction-on-button.html: Added.
* http/tests/security/xssAuditor/formaction-on-input-expected.txt: Added.
* http/tests/security/xssAuditor/formaction-on-input.html: Added.
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
    Support 'showFormaction' as a new option to write out formaction values.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@144292 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/formaction-on-button-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/formaction-on-button.html [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/formaction-on-input-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/formaction-on-input.html [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSAuditor.cpp
Source/WebCore/html/parser/XSSAuditor.h