Unreviewed, rolling out r234489.
[WebKit-https.git] / Source / WebCore / html / parser / XSSAuditor.cpp
2018-08-02 david_fenton@apple.comUnreviewed, rolling out r234489.
2018-08-02 tpopela@redhat.com[WTF] Rename String::format to String::deprecatedFormat
2018-04-04 youenn@apple.comRemove unused HTTP header names
2017-11-23 darin@apple.comReduce WTF::String operations that do unnecessary Unico...
2017-10-19 jiewen_tan@apple.comReplace some stack raw pointers with RefPtrs within...
2017-07-01 rniwa@webkit.orgFrame.h doesn't need to include FrameLoader.h, IntRect...
2017-05-04 mark.lam@apple.comNeverDestroyed<String>(ASCIILiteral(...)) is not thread...
2017-05-02 dbates@webkit.orgUsing StringView.split() instead of String.split()...
2016-09-22 dbates@webkit.org[XSS Auditor] HTML5 entities can bypass XSS Auditor
2016-09-22 dbates@webkit.org[XSS Auditor] Truncate data URLs at quotes
2016-04-14 dbates@webkit.orgCSP: Remove experimental directive reflected-xss
2016-03-18 bfulgham@apple.com[XSS Auditor] Off by one in XSSAuditor::canonicalizedSn...
2016-01-22 darin@apple.comReduce use of equalIgnoringCase to just ignore ASCII...
2016-01-14 dbates@webkit.org[XSS Auditor] Extract attribute truncation logic and...
2016-01-14 dbates@webkit.org[XSS Auditor] Partial bypass when web server collapses...
2016-01-13 commit-queue@webki... Cleanup: XSS Auditor should avoid re-evaluating the...
2016-01-13 commit-queue@webki... [XSS Auditor] Do not include trailing comment character...
2016-01-09 akling@apple.comUse NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_...
2015-10-06 commit-queue@webki... Use modern for-loops in WebCore/html.
2015-05-07 commit-queue@webki... Rename URL::copy() to URL::isolatedCopy() to match...
2015-01-12 darin@apple.comModernize and streamline HTMLTokenizer
2015-01-09 commit-queue@webki... Unreviewed, rolling out r178154, r178163, and r178164.
2015-01-09 darin@apple.comModernize and streamline HTMLTokenizer
2015-01-06 darin@apple.comModernize and streamline HTMLToken and AtomicHTMLToken
2014-12-08 cdumez@apple.comRevert r176293 & r176275
2014-11-18 cdumez@apple.comUpdate the Vector API to deal with unsigned types inste...
2014-09-04 commit-queue@webki... Use WTFString::find(char) in more places
2014-03-24 dbates@webkit.orgXSS Auditor doesn't block <script> injected before...
2014-03-20 dbates@webkit.orgPreserve original document URL for XSSAuditor reports
2014-03-20 dbates@webkit.orgXSSAuditor bypass with frameset tags
2014-03-14 svillar@igalia.comRename DEFINE_STATIC_LOCAL to DEPRECATED_DEFINE_STATIC_...
2014-02-06 joepeck@webkit.orgWeb Inspector: Add Console support to JSContext Inspection
2014-02-05 ossy@webkit.orgRemove ENABLE(SVG) guards
2014-01-18 andersca@apple.comModernize HTML parser code
2013-12-11 joepeck@webkit.orgWeb Inspector: Push More Inspector Required Classes...
2013-11-13 ossy@webkit.orgCleanup the build from unused parameters in WebCore
2013-11-05 dbates@webkit.orgXSSAuditor should catch reflected srcdoc properties...
2013-11-05 commit-queue@webki... [webcore/html] remove extra header includes from cpp...
2013-09-27 darin@apple.comrename KURL to URL
2013-09-21 darin@apple.comShink attribute event listener code
2013-09-17 andersca@apple.comStop explicitly using PassOwnPtr in WebCore/html
2013-08-17 akling@apple.com<https://webkit.org/b/119903> Make Settings ref-counted...
2013-08-15 andersca@apple.com<https://webkit.org/b/119859> Frame::loader() should...
2013-06-25 gyuyoung.kim@samsu... Remove unneeded include header files from WebCore
2013-05-10 andersca@apple.comStop including SecurityOrigin.h where unnecessary
2013-04-23 akling@apple.comXSSAuditor performance regression due to threaded parse...
2013-03-22 tsepez@chromium.orgBypass XSSAuditor for asp.net servers.
2013-03-13 mkwst@chromium.orgPass the XSSAuditor's report URL to the XSSAuditorDeleg...
2013-03-12 mkwst@chromium.orgXSSAuditor should send only one console error when...
2013-03-11 mkwst@chromium.orgXSSAuditor doesn't need a copy of the original document...
2013-03-10 mkwst@chromium.orgXSSAuditor doesn't need a copy of the original document...
2013-03-07 rafaelw@chromium.orgUnreviewed, rolling out r145083.
2013-03-07 mkwst@chromium.orgXSSAuditor should send only one console error when...
2013-03-06 commit-queue@webki... Introduce new message sources for logging.
2013-03-04 roger_fong@apple.comUnreviewed. AppleWin build fix.
2013-03-04 tsepez@chromium.orgXSSAuditor bypass with --> comment syntax.
2013-03-04 mkwst@chromium.orgXSSAuditor should strip dangerous attributes from SMIL...
2013-03-03 abarth@webkit.orgUnreviewed rollout of trac.webkit.org/r144530
2013-03-03 abarth@webkit.orgXSSAuditor has a subtle race condition when used with...
2013-03-02 eric@webkit.orgRemove two unnecessary mallocs from the main-thread...
2013-03-02 ap@apple.com Reduce amount of rebuilding when touching netwo...
2013-03-01 commit-queue@webki... Unreviewed, rolling out r144422 and r144424.
2013-03-01 mkwst@chromium.orgXSSAuditor should use threadSafeMatch when relevant.
2013-03-01 ap@apple.comReduce amount of rebuilding when touching networking...
2013-02-28 mkwst@chromium.orgXSSAuditor should strip formaction attributes from...
2013-02-26 mkwst@chromium.orgXSSAuditor: Don't rely on implicit casting when copying...
2013-02-24 mkwst@chromium.orgCSP 1.1: Experiment with 'reflected-xss' directive.
2013-02-13 eric@webkit.orgFix HTMLToken::Attribute member naming and update calls...
2013-02-12 eric@webkit.orgRemove HTMLTokenTypes header (and split out AtomicHTMLT...
2013-02-07 tonyg@chromium.orgCall XSSAuditor.filterToken() from threaded HTML parser
2013-02-06 tonyg@chromium.orgCall XSSAuditor's didBlockScript() for the threaded...
2013-02-05 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-05 commit-queue@webki... Unreviewed, rolling out r141905.
2013-02-05 tonyg@chromium.orgCall XSSAuditor's didBlockScript() for the threaded...
2013-02-05 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-04 commit-queue@webki... XSS Auditor bypass via svg tags and xlink:href
2013-02-02 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove unsafe...
2013-02-01 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-01 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-01-31 tonyg@chromium.orgBegin to make XSSAuditor thread aware
2012-12-11 mkwst@chromium.orgWeb Inspector: ConsoleTypes should not expose MessageTy...
2012-11-28 tsepez@chromium.orgXSSAuditor bypass with script src=data: URL ending...
2012-11-20 tsepez@chromium.orgXSSAuditor::decodedSnippetForJavaScript stopping when...
2012-11-02 tsepez@chromium.orgSupport X-XSS-Protection: report=URL header syntax...
2012-11-02 tsepez@chromium.orgXSS blocker false positive when page contains <iframe...
2012-10-31 tsepez@chromium.orgSource/WebCore: Malformed X-XSS-Protection headers...
2012-10-25 tsepez@chromium.orgXSSAuditor must replace form action with about:blank...
2012-08-29 abarth@webkit.orgDeploy ASCIILiteral hotness throughout WebCore
2012-08-21 tsepez@chromium.orgXSSAuditor too tolerant of injected data: URLs from...
2012-06-01 tsepez@chromium.orgXSSAuditor bypass with leading /*///*/ comment
2012-04-26 benjamin@webkit.orgAdd a version of StringImpl::find() without offset
2012-04-05 abarth@webkit.orgXSSAuditor doesn't catch injected srcdoc attributes
2012-04-04 tsepez@chromium.orgXSSAuditor bypass through HTTP Parameter Pollution.
2012-03-23 tsepez@chromium.orgXSS Auditor bypass via script tag src=data:, URLS.
2012-02-25 tsepez@chromium.orgXSS Auditor targeting legitimate frames as false positives.
2012-02-23 tsepez@chromium.org[chromium] XSS Auditor bypass via javascript url and...
2012-02-22 tsepez@chromium.orgXSSAuditor bypass with <svg> tags and html-entities.
2012-02-16 tsepez@chromium.orgXSS Auditor bypass with U+2028/2029
2012-01-09 tsepez@chromium.orgTreat code="" attribute in embed tags similarly to...
2011-12-03 tsepez@chromium.orgXSSAuditor includes more terminating characters when...
next