Changeset 141686 in webkit


Ignore:
Timestamp:
Feb 2, 2013 12:25:21 AM (11 years ago)
Author:
tonyg@chromium.org
Message:

Continue making XSSAuditor thread safe: Remove unsafe AtomicString compares
https://bugs.webkit.org/show_bug.cgi?id=108557

Reviewed by Adam Barth.

Unfortunately HTMLNames comparisons will always be false on a non-main thread
with our current design, so we have to use some "threadSafeMatch" helpers written
for the HTMLBackgroundParser.

Also factor out threadSafeMatch() methods to HTMLParserIdioms.

No new tests because no new functionality.

  • html/parser/BackgroundHTMLParser.cpp:

(WebCore):

  • html/parser/HTMLParserIdioms.cpp:

(WebCore::threadSafeEqual):
(WebCore):
(WebCore::threadSafeMatch):

  • html/parser/HTMLParserIdioms.h:

(WebCore):

  • html/parser/XSSAuditor.cpp:

(WebCore::XSSAuditor::eraseAttributeIfInjected):

Location:
trunk/Source/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r141684 r141686  
     12013-02-02  Tony Gentilcore  <tonyg@chromium.org>
     2
     3        Continue making XSSAuditor thread safe: Remove unsafe AtomicString compares
     4        https://bugs.webkit.org/show_bug.cgi?id=108557
     5
     6        Reviewed by Adam Barth.
     7
     8        Unfortunately HTMLNames comparisons will always be false on a non-main thread
     9        with our current design, so we have to use some "threadSafeMatch" helpers written
     10        for the HTMLBackgroundParser.
     11
     12        Also factor out threadSafeMatch() methods to HTMLParserIdioms.
     13
     14        No new tests because no new functionality.
     15
     16        * html/parser/BackgroundHTMLParser.cpp:
     17        (WebCore):
     18        * html/parser/HTMLParserIdioms.cpp:
     19        (WebCore::threadSafeEqual):
     20        (WebCore):
     21        (WebCore::threadSafeMatch):
     22        * html/parser/HTMLParserIdioms.h:
     23        (WebCore):
     24        * html/parser/XSSAuditor.cpp:
     25        (WebCore::XSSAuditor::eraseAttributeIfInjected):
     26
    1272013-02-01  James Simonsen  <simonjam@chromium.org>
    228

  • trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp

    r141494 r141686  
    3232#include "HTMLDocumentParser.h"
    3333#include "HTMLNames.h"
     34#include "HTMLParserIdioms.h"
    3435#include "HTMLParserThread.h"
    3536#include "HTMLTokenizer.h"
     
    5657// FIXME: Tune this constant based on a benchmark. The current value was choosen arbitrarily.
    5758static const size_t pendingTokenLimit = 4000;
    58 
    59 static bool threadSafeEqual(StringImpl* a, StringImpl* b)
    60 {
    61     if (a->hash() != b->hash())
    62         return false;
    63     return StringHash::equal(a, b);
    64 }
    65 
    66 static bool threadSafeMatch(const String& localName, const QualifiedName& qName)
    67 {
    68     return threadSafeEqual(localName.impl(), qName.localName().impl());
    69 }
    7059
    7160ParserMap& parserMap()

  • trunk/Source/WebCore/html/parser/HTMLParserIdioms.cpp

    r135495 r141686  
    2727
    2828#include "Decimal.h"
     29#include "QualifiedName.h"
    2930#include <limits>
    3031#include <wtf/MathExtras.h>
    3132#include <wtf/text/AtomicString.h>
    3233#include <wtf/text/StringBuilder.h>
     34#include <wtf/text/StringHash.h>
    3335
    3436namespace WebCore {
     
    276278}
    277279
    278 }
     280static bool threadSafeEqual(StringImpl* a, StringImpl* b)
     281{
     282    if (a->hash() != b->hash())
     283        return false;
     284    return StringHash::equal(a, b);
     285}
     286
     287bool threadSafeMatch(const QualifiedName& a, const QualifiedName& b)
     288{
     289    return threadSafeEqual(a.localName().impl(), b.localName().impl());
     290}
     291
     292bool threadSafeMatch(const String& localName, const QualifiedName& qName)
     293{
     294    return threadSafeEqual(localName.impl(), qName.localName().impl());
     295}
     296
     297}

  • trunk/Source/WebCore/html/parser/HTMLParserIdioms.h

    r131826 r141686  
    3232
    3333class Decimal;
     34class QualifiedName;
    3435
    3536// Space characters as defined by the HTML specification.
     
    8687}
    8788
     89bool threadSafeMatch(const QualifiedName&, const QualifiedName&);
     90bool threadSafeMatch(const String&, const QualifiedName&);
     91
    8892}
    8993

  • trunk/Source/WebCore/html/parser/XSSAuditor.cpp

    r141633 r141686  
    487487        const HTMLToken::Attribute& attribute = token.attributes().at(indexOfAttribute);
    488488        if (isContainedInRequest(decodedSnippetForAttribute(token, attribute, treatment))) {
    489             if (attributeName == srcAttr && isLikelySafeResource(String(attribute.m_value.data(), attribute.m_value.size())))
     489            if (threadSafeMatch(attributeName, srcAttr) && isLikelySafeResource(String(attribute.m_value.data(), attribute.m_value.size())))
    490490                return false;
    491             if (attributeName == http_equivAttr && !isDangerousHTTPEquiv(String(attribute.m_value.data(), attribute.m_value.size())))
     491            if (threadSafeMatch(attributeName, http_equivAttr) && !isDangerousHTTPEquiv(String(attribute.m_value.data(), attribute.m_value.size())))
    492492                return false;
    493493            token.eraseValueOfAttribute(indexOfAttribute);
Note: See TracChangeset for help on using the changeset viewer.