Rename URL::copy() to URL::isolatedCopy() to match String.
[WebKit-https.git] / Source / WebCore / html / parser / XSSAuditor.cpp
2015-05-07 commit-queue@webki... Rename URL::copy() to URL::isolatedCopy() to match...
2015-01-12 darin@apple.comModernize and streamline HTMLTokenizer
2015-01-09 commit-queue@webki... Unreviewed, rolling out r178154, r178163, and r178164.
2015-01-09 darin@apple.comModernize and streamline HTMLTokenizer
2015-01-06 darin@apple.comModernize and streamline HTMLToken and AtomicHTMLToken
2014-12-08 cdumez@apple.comRevert r176293 & r176275
2014-11-18 cdumez@apple.comUpdate the Vector API to deal with unsigned types inste...
2014-09-04 commit-queue@webki... Use WTFString::find(char) in more places
2014-03-24 dbates@webkit.orgXSS Auditor doesn't block <script> injected before...
2014-03-20 dbates@webkit.orgPreserve original document URL for XSSAuditor reports
2014-03-20 dbates@webkit.orgXSSAuditor bypass with frameset tags
2014-03-14 svillar@igalia.comRename DEFINE_STATIC_LOCAL to DEPRECATED_DEFINE_STATIC_...
2014-02-06 joepeck@webkit.orgWeb Inspector: Add Console support to JSContext Inspection
2014-02-05 ossy@webkit.orgRemove ENABLE(SVG) guards
2014-01-18 andersca@apple.comModernize HTML parser code
2013-12-11 joepeck@webkit.orgWeb Inspector: Push More Inspector Required Classes...
2013-11-13 ossy@webkit.orgCleanup the build from unused parameters in WebCore
2013-11-05 dbates@webkit.orgXSSAuditor should catch reflected srcdoc properties...
2013-11-05 commit-queue@webki... [webcore/html] remove extra header includes from cpp...
2013-09-27 darin@apple.comrename KURL to URL
2013-09-21 darin@apple.comShink attribute event listener code
2013-09-17 andersca@apple.comStop explicitly using PassOwnPtr in WebCore/html
2013-08-17 akling@apple.com<https://webkit.org/b/119903> Make Settings ref-counted...
2013-08-15 andersca@apple.com<https://webkit.org/b/119859> Frame::loader() should...
2013-06-25 gyuyoung.kim@samsu... Remove unneeded include header files from WebCore
2013-05-10 andersca@apple.comStop including SecurityOrigin.h where unnecessary
2013-04-23 akling@apple.comXSSAuditor performance regression due to threaded parse...
2013-03-22 tsepez@chromium.orgBypass XSSAuditor for asp.net servers.
2013-03-13 mkwst@chromium.orgPass the XSSAuditor's report URL to the XSSAuditorDeleg...
2013-03-12 mkwst@chromium.orgXSSAuditor should send only one console error when...
2013-03-11 mkwst@chromium.orgXSSAuditor doesn't need a copy of the original document...
2013-03-10 mkwst@chromium.orgXSSAuditor doesn't need a copy of the original document...
2013-03-07 rafaelw@chromium.orgUnreviewed, rolling out r145083.
2013-03-07 mkwst@chromium.orgXSSAuditor should send only one console error when...
2013-03-06 commit-queue@webki... Introduce new message sources for logging.
2013-03-04 roger_fong@apple.comUnreviewed. AppleWin build fix.
2013-03-04 tsepez@chromium.orgXSSAuditor bypass with --> comment syntax.
2013-03-04 mkwst@chromium.orgXSSAuditor should strip dangerous attributes from SMIL...
2013-03-03 abarth@webkit.orgUnreviewed rollout of trac.webkit.org/r144530
2013-03-03 abarth@webkit.orgXSSAuditor has a subtle race condition when used with...
2013-03-02 eric@webkit.orgRemove two unnecessary mallocs from the main-thread...
2013-03-02 ap@apple.com Reduce amount of rebuilding when touching netwo...
2013-03-01 commit-queue@webki... Unreviewed, rolling out r144422 and r144424.
2013-03-01 mkwst@chromium.orgXSSAuditor should use threadSafeMatch when relevant.
2013-03-01 ap@apple.comReduce amount of rebuilding when touching networking...
2013-02-28 mkwst@chromium.orgXSSAuditor should strip formaction attributes from...
2013-02-26 mkwst@chromium.orgXSSAuditor: Don't rely on implicit casting when copying...
2013-02-24 mkwst@chromium.orgCSP 1.1: Experiment with 'reflected-xss' directive.
2013-02-13 eric@webkit.orgFix HTMLToken::Attribute member naming and update calls...
2013-02-12 eric@webkit.orgRemove HTMLTokenTypes header (and split out AtomicHTMLT...
2013-02-07 tonyg@chromium.orgCall XSSAuditor.filterToken() from threaded HTML parser
2013-02-06 tonyg@chromium.orgCall XSSAuditor's didBlockScript() for the threaded...
2013-02-05 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-05 commit-queue@webki... Unreviewed, rolling out r141905.
2013-02-05 tonyg@chromium.orgCall XSSAuditor's didBlockScript() for the threaded...
2013-02-05 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-04 commit-queue@webki... XSS Auditor bypass via svg tags and xlink:href
2013-02-02 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove unsafe...
2013-02-01 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-02-01 tonyg@chromium.orgContinue making XSSAuditor thread safe: Remove dependen...
2013-01-31 tonyg@chromium.orgBegin to make XSSAuditor thread aware
2012-12-11 mkwst@chromium.orgWeb Inspector: ConsoleTypes should not expose MessageTy...
2012-11-28 tsepez@chromium.orgXSSAuditor bypass with script src=data: URL ending...
2012-11-20 tsepez@chromium.orgXSSAuditor::decodedSnippetForJavaScript stopping when...
2012-11-02 tsepez@chromium.orgSupport X-XSS-Protection: report=URL header syntax...
2012-11-02 tsepez@chromium.orgXSS blocker false positive when page contains <iframe...
2012-10-31 tsepez@chromium.orgSource/WebCore: Malformed X-XSS-Protection headers...
2012-10-25 tsepez@chromium.orgXSSAuditor must replace form action with about:blank...
2012-08-29 abarth@webkit.orgDeploy ASCIILiteral hotness throughout WebCore
2012-08-21 tsepez@chromium.orgXSSAuditor too tolerant of injected data: URLs from...
2012-06-01 tsepez@chromium.orgXSSAuditor bypass with leading /*///*/ comment
2012-04-26 benjamin@webkit.orgAdd a version of StringImpl::find() without offset
2012-04-05 abarth@webkit.orgXSSAuditor doesn't catch injected srcdoc attributes
2012-04-04 tsepez@chromium.orgXSSAuditor bypass through HTTP Parameter Pollution.
2012-03-23 tsepez@chromium.orgXSS Auditor bypass via script tag src=data:, URLS.
2012-02-25 tsepez@chromium.orgXSS Auditor targeting legitimate frames as false positives.
2012-02-23 tsepez@chromium.org[chromium] XSS Auditor bypass via javascript url and...
2012-02-22 tsepez@chromium.orgXSSAuditor bypass with <svg> tags and html-entities.
2012-02-16 tsepez@chromium.orgXSS Auditor bypass with U+2028/2029
2012-01-09 tsepez@chromium.orgTreat code="" attribute in embed tags similarly to...
2011-12-03 tsepez@chromium.orgXSSAuditor includes more terminating characters when...
2011-11-08 abarth@webkit.orgaddMessage's last few arguments should be optional
2011-11-02 commit-queue@webki... XSSAuditor is silent
2011-10-18 commit-queue@webki... XSSAuditor bypass with remote script ending in ? character
2011-10-01 isherman@chromium.orgFix assertion failure in XSS Auditor
2011-09-28 commit-queue@webki... Revert change which broke displaying end script tags...
2011-09-23 commit-queue@webki... Make XSSAuditor extract meaningful snippet from script...
2011-09-17 commit-queue@webki... Make XSSAuditor truncate inline snippets at a reasonabl...
2011-09-14 commit-queue@webki... Fix XSS auditor bypass when inline handlers contain...
2011-09-09 dbates@webkit.orgXSS filter bypass via non-standard URL encoding
2011-08-31 commit-queue@webki... Fix XSS filter bypass by multiply decoding both the...
2011-07-20 jpfau@apple.comNew Token class for XML
2011-05-31 dbates@webkit.org2011-05-30 Daniel Bates <dbates@webkit.org>