Changeset 141605 in webkit
- Timestamp:
- Feb 1, 2013 10:40:20 AM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r141603 r141605 1 2013-02-01 Tony Gentilcore <tonyg@chromium.org> 2 3 Continue making XSSAuditor thread safe: Remove dependencies on m_parser from init() 4 https://bugs.webkit.org/show_bug.cgi?id=108531 5 6 Reviewed by Adam Barth. 7 8 The threaded HTML parser will create and init() the XSSAuditor on the main thread, but filterToken() will be called on the background. 9 10 No new tests because no change in functionality. 11 12 * html/parser/HTMLDocumentParser.cpp: 13 (WebCore::HTMLDocumentParser::pumpTokenizer): 14 * html/parser/XSSAuditor.cpp: 15 (WebCore::XSSAuditor::XSSAuditor): 16 (WebCore::XSSAuditor::init): 17 (WebCore::XSSAuditor::filterToken): 18 * html/parser/XSSAuditor.h: 19 (WebCore): 20 (XSSAuditor): 21 1 22 2013-02-01 Brady Eidson <beidson@apple.com> 2 23 -
trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp
r141494 r141605 365 365 InspectorInstrumentationCookie cookie = InspectorInstrumentation::willWriteHTML(document(), m_input.current().length(), m_input.current().currentLine().zeroBasedInt()); 366 366 367 m_xssAuditor.init(document()); 368 367 369 while (canTakeNextToken(mode, session) && !session.needsYield) { 368 370 if (!isParsingFragment()) -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r141494 r141605 177 177 , m_scriptTagNestingLevel(0) 178 178 { 179 ASSERT(isMainThread()); 179 180 ASSERT(m_parser); 180 181 if (Frame* frame = parser->document()->frame()) { … … 186 187 } 187 188 188 void XSSAuditor::init( )189 void XSSAuditor::init(Document* document) 189 190 { 190 191 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. 191 192 const int suffixTreeDepth = 5; 192 193 194 ASSERT(isMainThread()); 195 if (m_state == Initialized) 196 return; 193 197 ASSERT(m_state == Uninitialized); 194 198 m_state = Initialized; … … 199 203 // In theory, the Document could have detached from the Frame after the 200 204 // XSSAuditor was constructed. 201 if (! m_parser->document()->frame()) {205 if (!document->frame()) { 202 206 m_isEnabled = false; 203 207 return; 204 208 } 205 209 206 const KURL& url = m_parser->document()->url();210 const KURL& url = document->url(); 207 211 208 212 if (url.isEmpty()) { … … 217 221 } 218 222 219 TextResourceDecoder* decoder = m_parser->document()->decoder();223 TextResourceDecoder* decoder = document->decoder(); 220 224 m_decodedURL = fullyDecodeString(url.string(), decoder); 221 225 if (m_decodedURL.find(isRequiredForInjection) == notFound) … … 223 227 224 228 String httpBodyAsString; 225 if (DocumentLoader* documentLoader = m_parser->document()->frame()->loader()->documentLoader()) {229 if (DocumentLoader* documentLoader = document->frame()->loader()->documentLoader()) { 226 230 DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, (ASCIILiteral("X-XSS-Protection"))); 227 231 String headerValue = documentLoader->response().httpHeaderField(XSSProtectionHeader); … … 232 236 233 237 if ((m_xssProtection == XSSProtectionEnabled || m_xssProtection == XSSProtectionBlockEnabled) && !reportURL.isEmpty()) { 234 m_reportURL = m_parser->document()->completeURL(reportURL);235 if (MixedContentChecker::isMixedContent( m_parser->document()->securityOrigin(), m_reportURL)) {238 m_reportURL = document->completeURL(reportURL); 239 if (MixedContentChecker::isMixedContent(document->securityOrigin(), m_reportURL)) { 236 240 errorDetails = "insecure reporting URL for secure page"; 237 241 m_xssProtection = XSSProtectionInvalid; … … 241 245 242 246 if (m_xssProtection == XSSProtectionInvalid) { 243 m_parser->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Error parsing header X-XSS-Protection: " + headerValue + ": " + errorDetails + " at character position " + String::format("%u", errorPosition) + ". The default protections will be applied.");247 document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Error parsing header X-XSS-Protection: " + headerValue + ": " + errorDetails + " at character position " + String::format("%u", errorPosition) + ". The default protections will be applied."); 244 248 m_xssProtection = XSSProtectionEnabled; 245 249 } … … 272 276 PassOwnPtr<DidBlockScriptRequest> XSSAuditor::filterToken(HTMLToken& token) 273 277 { 274 if (m_state == Uninitialized)275 init();276 277 278 ASSERT(m_state == Initialized); 278 279 if (!m_isEnabled || m_xssProtection == XSSProtectionDisabled) -
trunk/Source/WebCore/html/parser/XSSAuditor.h
r141494 r141605 35 35 36 36 class DidBlockScriptRequest; 37 class Document; 37 38 class HTMLDocumentParser; 38 39 … … 42 43 explicit XSSAuditor(HTMLDocumentParser*); 43 44 45 void init(Document*); 44 46 PassOwnPtr<DidBlockScriptRequest> filterToken(HTMLToken&); 45 47 … … 57 59 ScriptLikeAttribute 58 60 }; 59 60 void init();61 61 62 62 bool filterStartToken(HTMLToken&);
Note: See TracChangeset
for help on using the changeset viewer.