Changeset 141938 in webkit
- Timestamp:
- Feb 5, 2013 2:39:00 PM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r141937 r141938 1 2013-02-05 Tony Gentilcore <tonyg@chromium.org> 2 3 Continue making XSSAuditor thread safe: Remove dependency on the parser's tokenizer 4 https://bugs.webkit.org/show_bug.cgi?id=108666 5 6 Reviewed by Adam Barth. 7 8 This is the final dependency on the parser, so we remove that as well. Yay! 9 10 No new tests because no new functionality. 11 12 * html/parser/HTMLDocumentParser.cpp: 13 (WebCore::HTMLDocumentParser::HTMLDocumentParser): 14 (WebCore::HTMLDocumentParser::pumpTokenizer): Pass m_tokenizer->shouldAllowCDATA() 15 * html/parser/XSSAuditor.cpp: 16 (WebCore::XSSAuditor::XSSAuditor): Remove isMainThread() check because we have one in init() anyway. 17 Move m_isEnabled and m_documentURL initialization to init() because we have a Document* there. 18 (WebCore::XSSAuditor::init): 19 (WebCore::XSSAuditor::filterToken): 20 (WebCore::XSSAuditor::filterStartToken): 21 (WebCore::XSSAuditor::filterEndToken): 22 (WebCore::XSSAuditor::filterScriptToken): 23 (WebCore::XSSAuditor::decodedSnippetForJavaScript): 24 * html/parser/XSSAuditor.h: 25 (WebCore::FilterTokenRequest::FilterTokenRequest): 26 (FilterTokenRequest): 27 (XSSAuditor): 28 1 29 2013-02-05 Enrica Casucci <enrica@apple.com> 2 30 -
trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp
r141909 r141938 83 83 , m_treeBuilder(HTMLTreeBuilder::create(this, document, reportErrors, m_options)) 84 84 , m_parserScheduler(HTMLParserScheduler::create(this)) 85 , m_xssAuditor(this)86 85 , m_xssAuditorDelegate(document) 87 86 #if ENABLE(THREADED_HTML_PARSER) … … 103 102 , m_tokenizer(HTMLTokenizer::create(m_options)) 104 103 , m_treeBuilder(HTMLTreeBuilder::create(this, fragment, contextElement, scriptingPermission, m_options)) 105 , m_xssAuditor(this)106 104 , m_xssAuditorDelegate(fragment->document()) 107 105 #if ENABLE(THREADED_HTML_PARSER) … … 379 377 // We do not XSS filter innerHTML, which means we (intentionally) fail 380 378 // http/tests/security/xssAuditor/dom-write-innerHTML.html 381 OwnPtr<DidBlockScriptRequest> request = m_xssAuditor.filterToken(FilterTokenRequest(token(), m_sourceTracker, document()->decoder())); 382 if (request) 379 if (OwnPtr<DidBlockScriptRequest> request = m_xssAuditor.filterToken(FilterTokenRequest(token(), m_sourceTracker, document()->decoder(), m_tokenizer->shouldAllowCDATA()))) 383 380 m_xssAuditorDelegate.didBlockScript(request.release()); 384 381 } -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r141909 r141938 175 175 } 176 176 177 XSSAuditor::XSSAuditor(HTMLDocumentParser* parser) 178 : m_parser(parser) 179 , m_documentURL(parser->document()->url()) 180 , m_isEnabled(false) 177 XSSAuditor::XSSAuditor() 178 : m_isEnabled(false) 181 179 , m_xssProtection(XSSProtectionEnabled) 182 180 , m_state(Uninitialized) 183 , m_shouldAllowCDATA(false)184 181 , m_scriptTagNestingLevel(0) 185 182 { 186 ASSERT(isMainThread());187 ASSERT(m_parser);188 if (Frame* frame = parser->document()->frame()) {189 if (Settings* settings = frame->settings())190 m_isEnabled = settings->xssAuditorEnabled();191 }192 183 // Although tempting to call init() at this point, the various objects 193 184 // we want to reference might not all have been constructed yet. … … 205 196 m_state = Initialized; 206 197 198 if (Frame* frame = document->frame()) 199 if (Settings* settings = frame->settings()) 200 m_isEnabled = settings->xssAuditorEnabled(); 201 207 202 if (!m_isEnabled) 208 203 return; 204 205 m_documentURL = document->url(); 209 206 210 207 // In theory, the Document could have detached from the Frame after the … … 292 289 didBlockScript = filterCharacterToken(request); 293 290 else if (request.token.type() == HTMLTokenTypes::EndTag) 294 filterEndToken(request .token);291 filterEndToken(request); 295 292 } 296 293 … … 314 311 if (hasName(request.token, scriptTag)) { 315 312 didBlockScript |= filterScriptToken(request); 316 ASSERT( m_shouldAllowCDATA || !m_scriptTagNestingLevel);313 ASSERT(request.shouldAllowCDATA || !m_scriptTagNestingLevel); 317 314 m_scriptTagNestingLevel++; 318 315 } else if (hasName(request.token, objectTag)) … … 336 333 } 337 334 338 void XSSAuditor::filterEndToken( HTMLToken& token)335 void XSSAuditor::filterEndToken(const FilterTokenRequest& request) 339 336 { 340 337 ASSERT(m_scriptTagNestingLevel); 341 if (hasName( token, scriptTag)) {338 if (hasName(request.token, scriptTag)) { 342 339 m_scriptTagNestingLevel--; 343 ASSERT( m_shouldAllowCDATA || !m_scriptTagNestingLevel);340 ASSERT(request.shouldAllowCDATA || !m_scriptTagNestingLevel); 344 341 } 345 342 } … … 362 359 363 360 m_cachedDecodedSnippet = decodedSnippetForName(request); 364 m_shouldAllowCDATA = m_parser->tokenizer()->shouldAllowCDATA();365 361 366 362 bool didBlockScript = false; … … 589 585 // these as a separate comment tokens. Having consumed whitespace, we need not look 590 586 // further for these. 591 if ( m_shouldAllowCDATA)587 if (request.shouldAllowCDATA) 592 588 break; 593 589 … … 616 612 // whitespace only. We should have enough text in these cases to avoid false positives. 617 613 for (foundPosition = startPosition; foundPosition < endPosition; foundPosition++) { 618 if (! m_shouldAllowCDATA) {614 if (!request.shouldAllowCDATA) { 619 615 if (startsSingleLineCommentAt(string, foundPosition) || startsMultiLineCommentAt(string, foundPosition)) { 620 616 foundPosition += 2; -
trunk/Source/WebCore/html/parser/XSSAuditor.h
r141909 r141938 41 41 42 42 struct FilterTokenRequest { 43 FilterTokenRequest(HTMLToken& token, HTMLSourceTracker& sourceTracker, const TextResourceDecoder* decoder )43 FilterTokenRequest(HTMLToken& token, HTMLSourceTracker& sourceTracker, const TextResourceDecoder* decoder, bool shouldAllowCDATA) 44 44 : token(token) 45 45 , sourceTracker(sourceTracker) 46 46 , decoder(decoder) 47 , shouldAllowCDATA(shouldAllowCDATA) 47 48 { } 48 49 … … 50 51 HTMLSourceTracker& sourceTracker; 51 52 const TextResourceDecoder* decoder; 53 bool shouldAllowCDATA; 52 54 }; 53 55 … … 55 57 WTF_MAKE_NONCOPYABLE(XSSAuditor); 56 58 public: 57 explicit XSSAuditor(HTMLDocumentParser*);59 XSSAuditor(); 58 60 59 61 void init(Document*); … … 75 77 76 78 bool filterStartToken(const FilterTokenRequest&); 77 void filterEndToken( HTMLToken&);79 void filterEndToken(const FilterTokenRequest&); 78 80 bool filterCharacterToken(const FilterTokenRequest&); 79 81 bool filterScriptToken(const FilterTokenRequest&); … … 98 100 bool isLikelySafeResource(const String& url); 99 101 100 // FIXME: Remove this dependency.101 HTMLDocumentParser* m_parser;102 102 KURL m_documentURL; 103 103 bool m_isEnabled; … … 112 112 State m_state; 113 113 String m_cachedDecodedSnippet; 114 bool m_shouldAllowCDATA;115 114 unsigned m_scriptTagNestingLevel; 116 115 KURL m_reportURL;
Note: See TracChangeset
for help on using the changeset viewer.