2011-02-03 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Feb 2011 03:56:40 +0000 (03:56 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Feb 2011 03:56:40 +0000 (03:56 +0000)
commit73f376672ce40fd52a05d22f66392ded236e9e56
tree578b7c5443d19383dbe0e31cbb8efb987f7f6dcd
parent56e3408e8c6fa42495a69397116fe4125a52d9c2
2011-02-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSS Auditor severely affects loading performance after submitting a large form
        https://bugs.webkit.org/show_bug.cgi?id=49845

        The XSSFilter catches some more cases and has different console
        messages than the XSSAuditor.  We might want to improve these messages
        in the future.

        * http/tests/security/xssAuditor/base-href-control-char-expected.txt:
        * http/tests/security/xssAuditor/base-href-expected.txt:
        * http/tests/security/xssAuditor/base-href-null-char-expected.txt:
        * http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
        * http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
        * http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
        * http/tests/security/xssAuditor/full-block-base-href-expected.txt:
        * http/tests/security/xssAuditor/full-block-object-tag-expected.txt:
        * http/tests/security/xssAuditor/link-onclick-entities-expected.txt:
        * http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
        * http/tests/security/xssAuditor/object-embed-tag-expected.txt:
        * http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
        * http/tests/security/xssAuditor/object-tag-expected.txt:
        * http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
        * http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt:
2011-02-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSS Auditor severely affects loading performance after submitting a large form
        https://bugs.webkit.org/show_bug.cgi?id=49845

        Switch over from the XSSAuditor to the XSSFilter, improving performance
        on this example.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::isEnabled):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77588 268f45cc-cd09-0410-ab3c-d52691b4dbfc
22 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt
LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt
LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt
LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt
LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt
LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt
LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt
LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt
LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt
LayoutTests/http/tests/security/xssAuditor/full-block-base-href-expected.txt
LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt
LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt
LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt
LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt
LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt
LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt
LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt
LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSFilter.cpp
Source/WebCore/page/XSSAuditor.cpp