Changeset 141905 in webkit
- Timestamp:
- Feb 5, 2013 11:06:26 AM (11 years ago)
- Location:
- trunk/Source
- Files:
-
- 21 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r141819 r141905 1 2013-02-05 Tony Gentilcore <tonyg@chromium.org> 2 3 Call XSSAuditor's didBlockScript() for the threaded HTML parser 4 https://bugs.webkit.org/show_bug.cgi?id=108726 5 6 Reviewed by Adam Barth. 7 8 This patch adds isSafeToSendToAnotherThread() methods to CString, String, ParsedURL and URLString. 9 These methods check to ensure there are 0 or 1 references. 10 11 * wtf/text/CString.cpp: 12 (WTF::CString::isSafeToSendToAnotherThread): Added. 13 (WTF): 14 * wtf/text/CString.h: 15 (CString): 16 * wtf/text/WTFString.cpp: 17 (WTF::String::isSafeToSendToAnotherThread): Added. 18 (WTF): 19 * wtf/text/WTFString.h: 20 (String): 21 * wtf/url/api/ParsedURL.h: 22 (WTF::ParsedURL::isSafeToSendToAnotherThread): Added. 23 * wtf/url/api/URLString.h: 24 (WTF::URLString::isSafeToSendToAnotherThread): Added. 25 1 26 2013-02-04 Benjamin Poulain <bpoulain@apple.com> 2 27 -
trunk/Source/WTF/wtf/text/CString.cpp
r126191 r141905 100 100 } 101 101 102 bool CString::isSafeToSendToAnotherThread() const 103 { 104 return !m_buffer || m_buffer->hasOneRef(); 105 } 106 102 107 bool operator==(const CString& a, const CString& b) 103 108 { -
trunk/Source/WTF/wtf/text/CString.h
r130144 r141905 73 73 74 74 bool isNull() const { return !m_buffer; } 75 bool isSafeToSendToAnotherThread() const; 75 76 76 77 CStringBuffer* buffer() const { return m_buffer.get(); } -
trunk/Source/WTF/wtf/text/WTFString.cpp
r136601 r141905 662 662 } 663 663 664 bool String::isSafeToSendToAnotherThread() const 665 { 666 if (!impl()) 667 return true; 668 if (impl()->hasOneRef()) 669 return true; 670 if (isEmpty()) 671 return true; 672 return false; 673 } 674 664 675 void String::split(const String& separator, bool allowEmptyEntries, Vector<String>& result) const 665 676 { -
trunk/Source/WTF/wtf/text/WTFString.h
r136601 r141905 395 395 396 396 WTF_EXPORT_STRING_API String isolatedCopy() const; 397 bool isSafeToSendToAnotherThread() const; 397 398 398 399 // Prevent Strings from being implicitly convertable to bool as it will be ambiguous on any platform that -
trunk/Source/WTF/wtf/url/api/ParsedURL.h
r132261 r141905 50 50 51 51 WTF_EXPORT_PRIVATE ParsedURL isolatedCopy() const; 52 bool isSafeToSendToAnotherThread() const { return m_spec.isSafeToSendToAnotherThread(); } 52 53 53 54 bool isValid() const { return !m_spec.string().isNull(); } -
trunk/Source/WTF/wtf/url/api/URLString.h
r130187 r141905 40 40 41 41 const String& string() const { return m_string;} 42 bool isSafeToSendToAnotherThread() const { return m_string.isSafeToSendToAnotherThread(); } 42 43 43 44 #ifndef NDEBUG -
trunk/Source/WebCore/ChangeLog
r141901 r141905 1 2013-02-05 Tony Gentilcore <tonyg@chromium.org> 2 3 Call XSSAuditor's didBlockScript() for the threaded HTML parser 4 https://bugs.webkit.org/show_bug.cgi?id=108726 5 6 Reviewed by Adam Barth. 7 8 This patch causes us to call didBlockScript() on the main thread if the CompactHTML token has XSSInfo. 9 To do so, we: 10 1. Rename DidBlockScriptRequest to XSSInfo. 11 2. Add an OwnPtr<XSSInfo> field to CompactHTMLToken. 12 3. Add an isSafeToSendToAnotherThread() method to String and KURL. 13 14 We don't yet populate didBlockScriptRequest on the background thread, but this should just work once we do. 15 16 No new tests because no new functionality. 17 18 * html/parser/BackgroundHTMLParser.cpp: 19 (WebCore::BackgroundHTMLParser::pumpTokenizer): Update comment for rename. 20 * html/parser/CompactHTMLToken.cpp: 21 (SameSizeAsCompactHTMLToken): 22 (WebCore::CompactHTMLToken::CompactHTMLToken): Add a copy constructor used by Vector. 23 (WebCore::CompactHTMLToken::isSafeToSendToAnotherThread): Include new m_xssInfo field in safety check. 24 (WebCore): 25 (WebCore::CompactHTMLToken::xssInfo): Added. 26 (WebCore::CompactHTMLToken::setXSSInfo): Added. 27 * html/parser/CompactHTMLToken.h: Add an OwnPtr<XSSInfo> field to CompactHTMLToken. 28 (WebCore): 29 (CompactHTMLToken): 30 (WTF): Add VectorTraits necessary for copying Vector fields objects that contain an OwnPtr. 31 * html/parser/HTMLDocumentParser.cpp: 32 (WebCore::HTMLDocumentParser::processParsedChunkFromBackgroundParser): Add new didBlockScript() call. 33 (WebCore::HTMLDocumentParser::pumpTokenizer): 34 * html/parser/XSSAuditor.cpp: Renaming. 35 (WebCore::XSSAuditor::filterToken): 36 * html/parser/XSSAuditor.h: Renaming. 37 (WebCore): 38 (XSSAuditor): 39 * html/parser/XSSAuditorDelegate.cpp: 40 (WebCore::XSSInfo::isSafeToSendToAnotherThread): 41 (WebCore): 42 (WebCore::XSSAuditorDelegate::didBlockScript): 43 * html/parser/XSSAuditorDelegate.h: 44 (WebCore::XSSInfo::create): 45 (XSSInfo): 46 (WebCore::XSSInfo::XSSInfo): 47 (XSSAuditorDelegate): 48 * platform/KURL.cpp: 49 (WebCore::KURL::isSafeToSendToAnotherThread): Added. 50 (WebCore): 51 * platform/KURL.h: 52 (KURL): 53 * platform/KURLGoogle.cpp: 54 (WebCore): 55 (WebCore::KURLGooglePrivate::isSafeToSendToAnotherThread): Added. 56 * platform/KURLGooglePrivate.h: 57 (KURLGooglePrivate): 58 * platform/KURLWTFURLImpl.h: 59 (WebCore::KURLWTFURLImpl::isSafeToSendToAnotherThread): Added. 60 1 61 2013-02-05 Anton Vayvod <avayvod@chromium.org> 2 62 -
trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp
r141686 r141905 154 154 { 155 155 while (m_tokenizer->nextToken(m_input.current(), *m_token.get())) { 156 // FIXME: Call m_xssAuditor.filterToken(m_token) and put resulting DidBlockScriptRequestinto CompactHTMLToken.156 // FIXME: Call m_xssAuditor.filterToken(m_token) and put resulting XSSInfo into CompactHTMLToken. 157 157 m_pendingTokens->append(CompactHTMLToken(m_token.get(), TextPosition(m_input.current().currentLine(), m_input.current().currentColumn()))); 158 158 m_token->clear(); -
trunk/Source/WebCore/html/parser/CompactHTMLToken.cpp
r141070 r141905 31 31 32 32 #include "HTMLToken.h" 33 #include "XSSAuditorDelegate.h" 33 34 34 35 namespace WebCore { … … 39 40 Vector<CompactAttribute> vector; 40 41 TextPosition textPosition; 42 OwnPtr<XSSInfo> xssInfo; 41 43 }; 42 44 … … 87 89 } 88 90 89 static bool isStringSafeToSendToAnotherThread(const String& string) 91 CompactHTMLToken::CompactHTMLToken(const CompactHTMLToken& other) 92 : m_type(other.type()) 93 , m_isAll8BitData(other.isAll8BitData()) 94 , m_doctypeForcesQuirks(other.doctypeForcesQuirks()) 95 , m_textPosition(other.textPosition()) 90 96 { 91 StringImpl* impl = string.impl(); 92 if (!impl) 93 return true; 94 if (impl->hasOneRef()) 95 return true; 96 if (string.isEmpty()) 97 return true; 98 return false; 97 if (other.xssInfo()) 98 m_xssInfo = adoptPtr(new XSSInfo(*other.xssInfo())); 99 99 } 100 100 … … 102 102 { 103 103 for (Vector<CompactAttribute>::const_iterator it = m_attributes.begin(); it != m_attributes.end(); ++it) { 104 if (!i sStringSafeToSendToAnotherThread(it->name()))104 if (!it->name().isSafeToSendToAnotherThread()) 105 105 return false; 106 if (!i sStringSafeToSendToAnotherThread(it->value()))106 if (!it->value().isSafeToSendToAnotherThread()) 107 107 return false; 108 108 } 109 return isStringSafeToSendToAnotherThread(m_data); 109 if (m_xssInfo && !m_xssInfo->isSafeToSendToAnotherThread()) 110 return false; 111 return m_data.isSafeToSendToAnotherThread(); 112 } 113 114 XSSInfo* CompactHTMLToken::xssInfo() const 115 { 116 return m_xssInfo.get(); 117 } 118 119 void CompactHTMLToken::setXSSInfo(PassOwnPtr<XSSInfo> xssInfo) 120 { 121 m_xssInfo = xssInfo; 110 122 } 111 123 -
trunk/Source/WebCore/html/parser/CompactHTMLToken.h
r141070 r141905 30 30 31 31 #include "HTMLTokenTypes.h" 32 #include <wtf/OwnPtr.h> 33 #include <wtf/PassOwnPtr.h> 32 34 #include <wtf/RefCounted.h> 33 35 #include <wtf/RefPtr.h> … … 39 41 40 42 class HTMLToken; 43 class XSSInfo; 41 44 42 45 class CompactAttribute { … … 59 62 public: 60 63 CompactHTMLToken(const HTMLToken*, const TextPosition&); 64 CompactHTMLToken(const CompactHTMLToken&); 61 65 62 66 bool isSafeToSendToAnotherThread() const; … … 74 78 const String& systemIdentifier() const { return m_attributes[0].value(); } 75 79 bool doctypeForcesQuirks() const { return m_doctypeForcesQuirks; } 80 XSSInfo* xssInfo() const; 81 void setXSSInfo(PassOwnPtr<XSSInfo>); 76 82 77 83 private: … … 84 90 Vector<CompactAttribute> m_attributes; 85 91 TextPosition m_textPosition; 92 OwnPtr<XSSInfo> m_xssInfo; 86 93 }; 87 94 … … 90 97 } 91 98 99 namespace WTF { 100 // This is required for a struct with OwnPtr. We know CompactHTMLToken is simple enough that 101 // initializing to 0 and moving with memcpy (and then not destructing the original) will work. 102 template<> struct VectorTraits<WebCore::CompactHTMLToken> : SimpleClassVectorTraits { }; 103 } 104 92 105 #endif // ENABLE(THREADED_HTML_PARSER) 93 106 -
trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp
r141897 r141905 303 303 ASSERT(shouldUseThreading()); 304 304 305 // didReceiveTokensFromBackgroundParsercan cause this parser to be detached from the Document,305 // This method can cause this parser to be detached from the Document, 306 306 // but we need to ensure it isn't deleted yet. 307 307 RefPtr<HTMLDocumentParser> protect(this); … … 317 317 ASSERT(!isWaitingForScripts()); 318 318 319 // FIXME: Call m_xssAuditorDelegate.didBlockScript() with DidBlockScriptRequest from the CompactHTMLToken.320 319 m_textPosition = it->textPosition(); 320 321 if (XSSInfo* xssInfo = it->xssInfo()) 322 m_xssAuditorDelegate.didBlockScript(*xssInfo); 321 323 constructTreeFromCompactHTMLToken(*it); 322 324 … … 379 381 // We do not XSS filter innerHTML, which means we (intentionally) fail 380 382 // http/tests/security/xssAuditor/dom-write-innerHTML.html 381 OwnPtr< DidBlockScriptRequest> request= m_xssAuditor.filterToken(FilterTokenRequest(token(), m_sourceTracker, document()->decoder()));382 if ( request)383 m_xssAuditorDelegate.didBlockScript( request.release());383 OwnPtr<XSSInfo> xssInfo = m_xssAuditor.filterToken(FilterTokenRequest(token(), m_sourceTracker, document()->decoder())); 384 if (xssInfo) 385 m_xssAuditorDelegate.didBlockScript(*xssInfo); 384 386 } 385 387 -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r141897 r141905 279 279 } 280 280 281 PassOwnPtr< DidBlockScriptRequest> XSSAuditor::filterToken(const FilterTokenRequest& request)281 PassOwnPtr<XSSInfo> XSSAuditor::filterToken(const FilterTokenRequest& request) 282 282 { 283 283 ASSERT(m_state == Initialized); … … 297 297 if (didBlockScript) { 298 298 bool didBlockEntirePage = (m_xssProtection == XSSProtectionBlockEnabled); 299 OwnPtr< DidBlockScriptRequest> didBlockScriptRequest = DidBlockScriptRequest::create(m_reportURL, m_originalURL, m_originalHTTPBody, didBlockEntirePage);299 OwnPtr<XSSInfo> xssInfo = XSSInfo::create(m_reportURL, m_originalURL, m_originalHTTPBody, didBlockEntirePage); 300 300 if (!m_reportURL.isEmpty()) { 301 301 m_reportURL = KURL(); … … 303 303 m_originalHTTPBody = String(); 304 304 } 305 return didBlockScriptRequest.release();305 return xssInfo.release(); 306 306 } 307 307 return nullptr; -
trunk/Source/WebCore/html/parser/XSSAuditor.h
r141897 r141905 34 34 namespace WebCore { 35 35 36 class DidBlockScriptRequest;37 36 class Document; 38 37 class HTMLDocumentParser; 39 38 class HTMLSourceTracker; 40 39 class TextResourceDecoder; 40 class XSSInfo; 41 41 42 42 struct FilterTokenRequest { … … 58 58 59 59 void init(Document*); 60 PassOwnPtr< DidBlockScriptRequest> filterToken(const FilterTokenRequest&);60 PassOwnPtr<XSSInfo> filterToken(const FilterTokenRequest&); 61 61 62 62 private: -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
r141494 r141905 33 33 #include "Frame.h" 34 34 #include "FrameLoaderClient.h" 35 #include "HTMLParserIdioms.h" 35 36 #include "InspectorValues.h" 36 37 #include "PingLoader.h" … … 38 39 39 40 namespace WebCore { 41 42 bool XSSInfo::isSafeToSendToAnotherThread() const 43 { 44 return m_reportURL.isSafeToSendToAnotherThread() 45 && m_originalURL.isSafeToSendToAnotherThread() 46 && m_originalHTTPBody.isSafeToSendToAnotherThread(); 47 } 40 48 41 49 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) … … 47 55 } 48 56 49 void XSSAuditorDelegate::didBlockScript( PassOwnPtr<DidBlockScriptRequest> request)57 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) 50 58 { 51 59 ASSERT(isMainThread()); … … 55 63 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, consoleMessage); 56 64 57 if ( request->m_didBlockEntirePage)65 if (xssInfo.m_didBlockEntirePage) 58 66 m_document->frame()->loader()->stopAllLoaders(); 59 67 60 68 if (!m_didNotifyClient) { 61 m_document->frame()->loader()->client()->didDetectXSS(m_document->url(), request->m_didBlockEntirePage);69 m_document->frame()->loader()->client()->didDetectXSS(m_document->url(), xssInfo.m_didBlockEntirePage); 62 70 m_didNotifyClient = true; 63 71 } 64 72 65 if (! request->m_reportURL.isEmpty()) {73 if (!xssInfo.m_reportURL.isEmpty()) { 66 74 RefPtr<InspectorObject> reportDetails = InspectorObject::create(); 67 reportDetails->setString("request-url", request->m_originalURL);68 reportDetails->setString("request-body", request->m_originalHTTPBody);75 reportDetails->setString("request-url", xssInfo.m_originalURL); 76 reportDetails->setString("request-body", xssInfo.m_originalHTTPBody); 69 77 70 78 RefPtr<InspectorObject> reportObject = InspectorObject::create(); … … 72 80 73 81 RefPtr<FormData> report = FormData::create(reportObject->toJSONString().utf8().data()); 74 PingLoader::sendViolationReport(m_document->frame(), request->m_reportURL, report);82 PingLoader::sendViolationReport(m_document->frame(), xssInfo.m_reportURL, report); 75 83 } 76 84 77 if ( request->m_didBlockEntirePage)85 if (xssInfo.m_didBlockEntirePage) 78 86 m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), blankURL(), String()); 79 87 } -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.h
r141494 r141905 35 35 class Document; 36 36 37 class DidBlockScriptRequest{37 class XSSInfo { 38 38 public: 39 static PassOwnPtr< DidBlockScriptRequest> create(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage)39 static PassOwnPtr<XSSInfo> create(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage) 40 40 { 41 return adoptPtr(new DidBlockScriptRequest(reportURL, originalURL, originalHTTPBody, didBlockEntirePage));41 return adoptPtr(new XSSInfo(reportURL, originalURL, originalHTTPBody, didBlockEntirePage)); 42 42 } 43 44 bool isSafeToSendToAnotherThread() const; 43 45 44 46 KURL m_reportURL; … … 48 50 49 51 private: 50 DidBlockScriptRequest(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage)52 XSSInfo(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage) 51 53 : m_reportURL(reportURL) 52 54 , m_originalURL(originalURL) … … 61 63 explicit XSSAuditorDelegate(Document*); 62 64 63 void didBlockScript( PassOwnPtr<DidBlockScriptRequest>);65 void didBlockScript(const XSSInfo&); 64 66 65 67 private: -
trunk/Source/WebCore/platform/KURL.cpp
r141570 r141905 1936 1936 } 1937 1937 1938 } 1938 bool KURL::isSafeToSendToAnotherThread() const 1939 { 1940 #if USE(GOOGLEURL) 1941 return m_url.isSafeToSendToAnotherThread(); 1942 #elif USE(WTFURL) 1943 return m_urlImpl.isSafeToSendToAnotherThread(); 1944 #else // !USE(GOOGLEURL) 1945 return m_string.isSafeToSendToAnotherThread(); 1946 #endif 1947 } 1948 1949 } -
trunk/Source/WebCore/platform/KURL.h
r137573 r141905 228 228 229 229 void reportMemoryUsage(MemoryObjectInfo*) const; 230 bool isSafeToSendToAnotherThread() const; 230 231 231 232 private: -
trunk/Source/WebCore/platform/KURLGoogle.cpp
r141570 r141905 400 400 info.addMember(m_parsed, "parsed"); 401 401 } 402 403 bool KURLGooglePrivate::isSafeToSendToAnotherThread() const 404 { 405 return m_string.isSafeToSendToAnotherThread() 406 && m_utf8.isSafeToSendToAnotherThread() 407 && (!m_innerURL || m_innerURL->isSafeToSendToAnotherThread()); 408 } 409 402 410 // KURL ------------------------------------------------------------------------ 403 411 -
trunk/Source/WebCore/platform/KURLGooglePrivate.h
r128448 r141905 102 102 103 103 void reportMemoryUsage(MemoryObjectInfo*) const; 104 bool isSafeToSendToAnotherThread() const; 104 105 105 106 private: -
trunk/Source/WebCore/platform/KURLWTFURLImpl.h
r141570 r141905 50 50 info.addMember(m_invalidUrlString, "invalidUrlString"); 51 51 } 52 bool isSafeToSendToAnotherThread() const 53 { 54 return m_invalidUrlString.isSafeToSendToAnotherThread() 55 && m_parsedURL.isSafeToSendToAnotherThread(); 56 } 52 57 PassRefPtr<KURLWTFURLImpl> copy() const; 53 58 };
Note: See TracChangeset
for help on using the changeset viewer.