Changeset 142004 in webkit
- Timestamp:
- Feb 6, 2013 9:50:08 AM (11 years ago)
- Location:
- trunk/Source
- Files:
-
- 21 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r141992 r142004 1 2013-02-06 Tony Gentilcore <tonyg@chromium.org> 2 3 Call XSSAuditor's didBlockScript() for the threaded HTML parser 4 https://bugs.webkit.org/show_bug.cgi?id=108726 5 6 Reviewed by Adam Barth. 7 8 This patch adds isSafeToSendToAnotherThread() methods to CString, String, ParsedURL and URLString. 9 These methods check to ensure there are 0 or 1 references. 10 11 * wtf/text/CString.cpp: 12 (WTF::CString::isSafeToSendToAnotherThread): Added. 13 (WTF): 14 * wtf/text/CString.h: 15 (CString): 16 * wtf/text/WTFString.cpp: 17 (WTF::String::isSafeToSendToAnotherThread): Added. 18 (WTF): 19 * wtf/text/WTFString.h: 20 (String): 21 * wtf/url/api/ParsedURL.h: 22 (WTF::ParsedURL::isSafeToSendToAnotherThread): Added. 23 * wtf/url/api/URLString.h: 24 (WTF::URLString::isSafeToSendToAnotherThread): Added. 25 1 26 2013-02-06 Ilya Tikhonovsky <loislo@chromium.org> 2 27 -
trunk/Source/WTF/wtf/text/CString.cpp
r141909 r142004 100 100 } 101 101 102 bool CString::isSafeToSendToAnotherThread() const 103 { 104 return !m_buffer || m_buffer->hasOneRef(); 105 } 106 102 107 bool operator==(const CString& a, const CString& b) 103 108 { -
trunk/Source/WTF/wtf/text/CString.h
r141909 r142004 73 73 74 74 bool isNull() const { return !m_buffer; } 75 bool isSafeToSendToAnotherThread() const; 75 76 76 77 CStringBuffer* buffer() const { return m_buffer.get(); } -
trunk/Source/WTF/wtf/text/WTFString.cpp
r141909 r142004 662 662 } 663 663 664 bool String::isSafeToSendToAnotherThread() const 665 { 666 if (!impl()) 667 return true; 668 if (impl()->hasOneRef()) 669 return true; 670 if (isEmpty()) 671 return true; 672 return false; 673 } 674 664 675 void String::split(const String& separator, bool allowEmptyEntries, Vector<String>& result) const 665 676 { -
trunk/Source/WTF/wtf/text/WTFString.h
r141909 r142004 395 395 396 396 WTF_EXPORT_STRING_API String isolatedCopy() const; 397 WTF_EXPORT_STRING_API bool isSafeToSendToAnotherThread() const; 397 398 398 399 // Prevent Strings from being implicitly convertable to bool as it will be ambiguous on any platform that -
trunk/Source/WTF/wtf/url/api/ParsedURL.h
r141909 r142004 50 50 51 51 WTF_EXPORT_PRIVATE ParsedURL isolatedCopy() const; 52 bool isSafeToSendToAnotherThread() const { return m_spec.isSafeToSendToAnotherThread(); } 52 53 53 54 bool isValid() const { return !m_spec.string().isNull(); } -
trunk/Source/WTF/wtf/url/api/URLString.h
r141909 r142004 40 40 41 41 const String& string() const { return m_string;} 42 bool isSafeToSendToAnotherThread() const { return m_string.isSafeToSendToAnotherThread(); } 42 43 43 44 #ifndef NDEBUG -
trunk/Source/WebCore/ChangeLog
r142003 r142004 1 2013-02-06 Tony Gentilcore <tonyg@chromium.org> 2 3 Call XSSAuditor's didBlockScript() for the threaded HTML parser 4 https://bugs.webkit.org/show_bug.cgi?id=108726 5 6 Reviewed by Adam Barth. 7 8 This patch causes us to call didBlockScript() on the main thread if the CompactHTML token has XSSInfo. 9 To do so, we: 10 1. Rename DidBlockScriptRequest to XSSInfo. 11 2. Add an OwnPtr<XSSInfo> field to CompactHTMLToken. 12 3. Add an isSafeToSendToAnotherThread() method to String and KURL. 13 14 We don't yet populate didBlockScriptRequest on the background thread, but this should just work once we do. 15 16 No new tests because no new functionality. 17 18 * html/parser/BackgroundHTMLParser.cpp: 19 (WebCore::BackgroundHTMLParser::pumpTokenizer): Update comment for rename. 20 * html/parser/CompactHTMLToken.cpp: 21 (SameSizeAsCompactHTMLToken): 22 (WebCore::CompactHTMLToken::CompactHTMLToken): Add a copy constructor used by Vector. 23 (WebCore::CompactHTMLToken::isSafeToSendToAnotherThread): Include new m_xssInfo field in safety check. 24 (WebCore): 25 (WebCore::CompactHTMLToken::xssInfo): Added. 26 (WebCore::CompactHTMLToken::setXSSInfo): Added. 27 * html/parser/CompactHTMLToken.h: Add an OwnPtr<XSSInfo> field to CompactHTMLToken. 28 (WebCore): 29 (CompactHTMLToken): 30 (WTF): Add VectorTraits necessary for copying Vector fields objects that contain an OwnPtr. 31 * html/parser/HTMLDocumentParser.cpp: 32 (WebCore::HTMLDocumentParser::processParsedChunkFromBackgroundParser): Add new didBlockScript() call. 33 (WebCore::HTMLDocumentParser::pumpTokenizer): 34 * html/parser/XSSAuditor.cpp: Renaming. 35 (WebCore::XSSAuditor::filterToken): 36 * html/parser/XSSAuditor.h: Renaming. 37 (WebCore): 38 (XSSAuditor): 39 * html/parser/XSSAuditorDelegate.cpp: 40 (WebCore::XSSInfo::isSafeToSendToAnotherThread): 41 (WebCore): 42 (WebCore::XSSAuditorDelegate::didBlockScript): 43 * html/parser/XSSAuditorDelegate.h: 44 (WebCore::XSSInfo::create): 45 (XSSInfo): 46 (WebCore::XSSInfo::XSSInfo): 47 (XSSAuditorDelegate): 48 * platform/KURL.cpp: 49 (WebCore::KURL::isSafeToSendToAnotherThread): Added. 50 (WebCore): 51 * platform/KURL.h: 52 (KURL): 53 * platform/KURLGoogle.cpp: 54 (WebCore): 55 (WebCore::KURLGooglePrivate::isSafeToSendToAnotherThread): Added. 56 * platform/KURLGooglePrivate.h: 57 (KURLGooglePrivate): 58 * platform/KURLWTFURLImpl.h: 59 (WebCore::KURLWTFURLImpl::isSafeToSendToAnotherThread): Added. 60 1 61 2013-02-06 Dean Jackson <dino@apple.com> 2 62 -
trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp
r141909 r142004 154 154 { 155 155 while (m_tokenizer->nextToken(m_input.current(), *m_token.get())) { 156 // FIXME: Call m_xssAuditor.filterToken(m_token) and put resulting DidBlockScriptRequestinto CompactHTMLToken.156 // FIXME: Call m_xssAuditor.filterToken(m_token) and put resulting XSSInfo into CompactHTMLToken. 157 157 m_pendingTokens->append(CompactHTMLToken(m_token.get(), TextPosition(m_input.current().currentLine(), m_input.current().currentColumn()))); 158 158 m_token->clear(); -
trunk/Source/WebCore/html/parser/CompactHTMLToken.cpp
r141909 r142004 31 31 32 32 #include "HTMLToken.h" 33 #include "XSSAuditorDelegate.h" 33 34 34 35 namespace WebCore { … … 39 40 Vector<CompactAttribute> vector; 40 41 TextPosition textPosition; 42 OwnPtr<XSSInfo> xssInfo; 41 43 }; 42 44 … … 87 89 } 88 90 89 static bool isStringSafeToSendToAnotherThread(const String& string) 91 CompactHTMLToken::CompactHTMLToken(const CompactHTMLToken& other) 92 : m_type(other.type()) 93 , m_isAll8BitData(other.isAll8BitData()) 94 , m_doctypeForcesQuirks(other.doctypeForcesQuirks()) 95 , m_textPosition(other.textPosition()) 90 96 { 91 StringImpl* impl = string.impl(); 92 if (!impl) 93 return true; 94 if (impl->hasOneRef()) 95 return true; 96 if (string.isEmpty()) 97 return true; 98 return false; 97 if (other.xssInfo()) 98 m_xssInfo = adoptPtr(new XSSInfo(*other.xssInfo())); 99 99 } 100 100 … … 102 102 { 103 103 for (Vector<CompactAttribute>::const_iterator it = m_attributes.begin(); it != m_attributes.end(); ++it) { 104 if (!i sStringSafeToSendToAnotherThread(it->name()))104 if (!it->name().isSafeToSendToAnotherThread()) 105 105 return false; 106 if (!i sStringSafeToSendToAnotherThread(it->value()))106 if (!it->value().isSafeToSendToAnotherThread()) 107 107 return false; 108 108 } 109 return isStringSafeToSendToAnotherThread(m_data); 109 if (m_xssInfo && !m_xssInfo->isSafeToSendToAnotherThread()) 110 return false; 111 return m_data.isSafeToSendToAnotherThread(); 112 } 113 114 XSSInfo* CompactHTMLToken::xssInfo() const 115 { 116 return m_xssInfo.get(); 117 } 118 119 void CompactHTMLToken::setXSSInfo(PassOwnPtr<XSSInfo> xssInfo) 120 { 121 m_xssInfo = xssInfo; 110 122 } 111 123 -
trunk/Source/WebCore/html/parser/CompactHTMLToken.h
r141909 r142004 30 30 31 31 #include "HTMLTokenTypes.h" 32 #include <wtf/OwnPtr.h> 33 #include <wtf/PassOwnPtr.h> 32 34 #include <wtf/RefCounted.h> 33 35 #include <wtf/RefPtr.h> … … 39 41 40 42 class HTMLToken; 43 class XSSInfo; 41 44 42 45 class CompactAttribute { … … 59 62 public: 60 63 CompactHTMLToken(const HTMLToken*, const TextPosition&); 64 CompactHTMLToken(const CompactHTMLToken&); 61 65 62 66 bool isSafeToSendToAnotherThread() const; … … 74 78 const String& systemIdentifier() const { return m_attributes[0].value(); } 75 79 bool doctypeForcesQuirks() const { return m_doctypeForcesQuirks; } 80 XSSInfo* xssInfo() const; 81 void setXSSInfo(PassOwnPtr<XSSInfo>); 76 82 77 83 private: … … 84 90 Vector<CompactAttribute> m_attributes; 85 91 TextPosition m_textPosition; 92 OwnPtr<XSSInfo> m_xssInfo; 86 93 }; 87 94 … … 90 97 } 91 98 99 namespace WTF { 100 // This is required for a struct with OwnPtr. We know CompactHTMLToken is simple enough that 101 // initializing to 0 and moving with memcpy (and then not destructing the original) will work. 102 template<> struct VectorTraits<WebCore::CompactHTMLToken> : SimpleClassVectorTraits { }; 103 } 104 92 105 #endif // ENABLE(THREADED_HTML_PARSER) 93 106 -
trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp
r141938 r142004 301 301 ASSERT(shouldUseThreading()); 302 302 303 // didReceiveTokensFromBackgroundParsercan cause this parser to be detached from the Document,303 // This method can cause this parser to be detached from the Document, 304 304 // but we need to ensure it isn't deleted yet. 305 305 RefPtr<HTMLDocumentParser> protect(this); … … 315 315 ASSERT(!isWaitingForScripts()); 316 316 317 // FIXME: Call m_xssAuditorDelegate.didBlockScript() with DidBlockScriptRequest from the CompactHTMLToken.318 317 m_textPosition = it->textPosition(); 318 319 if (XSSInfo* xssInfo = it->xssInfo()) 320 m_xssAuditorDelegate.didBlockScript(*xssInfo); 319 321 constructTreeFromCompactHTMLToken(*it); 320 322 … … 377 379 // We do not XSS filter innerHTML, which means we (intentionally) fail 378 380 // http/tests/security/xssAuditor/dom-write-innerHTML.html 379 if (OwnPtr< DidBlockScriptRequest> request= m_xssAuditor.filterToken(FilterTokenRequest(token(), m_sourceTracker, document()->decoder(), m_tokenizer->shouldAllowCDATA())))380 m_xssAuditorDelegate.didBlockScript( request.release());381 if (OwnPtr<XSSInfo> xssInfo = m_xssAuditor.filterToken(FilterTokenRequest(token(), m_sourceTracker, document()->decoder(), m_tokenizer->shouldAllowCDATA()))) 382 m_xssAuditorDelegate.didBlockScript(*xssInfo); 381 383 } 382 384 -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r141938 r142004 276 276 } 277 277 278 PassOwnPtr< DidBlockScriptRequest> XSSAuditor::filterToken(const FilterTokenRequest& request)278 PassOwnPtr<XSSInfo> XSSAuditor::filterToken(const FilterTokenRequest& request) 279 279 { 280 280 ASSERT(m_state == Initialized); … … 294 294 if (didBlockScript) { 295 295 bool didBlockEntirePage = (m_xssProtection == XSSProtectionBlockEnabled); 296 OwnPtr< DidBlockScriptRequest> didBlockScriptRequest = DidBlockScriptRequest::create(m_reportURL, m_originalURL, m_originalHTTPBody, didBlockEntirePage);296 OwnPtr<XSSInfo> xssInfo = XSSInfo::create(m_reportURL, m_originalURL, m_originalHTTPBody, didBlockEntirePage); 297 297 if (!m_reportURL.isEmpty()) { 298 298 m_reportURL = KURL(); … … 300 300 m_originalHTTPBody = String(); 301 301 } 302 return didBlockScriptRequest.release();302 return xssInfo.release(); 303 303 } 304 304 return nullptr; -
trunk/Source/WebCore/html/parser/XSSAuditor.h
r141938 r142004 34 34 namespace WebCore { 35 35 36 class DidBlockScriptRequest;37 36 class Document; 38 37 class HTMLDocumentParser; 39 38 class HTMLSourceTracker; 40 39 class TextResourceDecoder; 40 class XSSInfo; 41 41 42 42 struct FilterTokenRequest { … … 60 60 61 61 void init(Document*); 62 PassOwnPtr< DidBlockScriptRequest> filterToken(const FilterTokenRequest&);62 PassOwnPtr<XSSInfo> filterToken(const FilterTokenRequest&); 63 63 64 64 private: -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
r141909 r142004 33 33 #include "Frame.h" 34 34 #include "FrameLoaderClient.h" 35 #include "HTMLParserIdioms.h" 35 36 #include "InspectorValues.h" 36 37 #include "PingLoader.h" … … 38 39 39 40 namespace WebCore { 41 42 bool XSSInfo::isSafeToSendToAnotherThread() const 43 { 44 return m_reportURL.isSafeToSendToAnotherThread() 45 && m_originalURL.isSafeToSendToAnotherThread() 46 && m_originalHTTPBody.isSafeToSendToAnotherThread(); 47 } 40 48 41 49 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) … … 47 55 } 48 56 49 void XSSAuditorDelegate::didBlockScript( PassOwnPtr<DidBlockScriptRequest> request)57 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) 50 58 { 51 59 ASSERT(isMainThread()); … … 55 63 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, consoleMessage); 56 64 57 if ( request->m_didBlockEntirePage)65 if (xssInfo.m_didBlockEntirePage) 58 66 m_document->frame()->loader()->stopAllLoaders(); 59 67 60 68 if (!m_didNotifyClient) { 61 m_document->frame()->loader()->client()->didDetectXSS(m_document->url(), request->m_didBlockEntirePage);69 m_document->frame()->loader()->client()->didDetectXSS(m_document->url(), xssInfo.m_didBlockEntirePage); 62 70 m_didNotifyClient = true; 63 71 } 64 72 65 if (! request->m_reportURL.isEmpty()) {73 if (!xssInfo.m_reportURL.isEmpty()) { 66 74 RefPtr<InspectorObject> reportDetails = InspectorObject::create(); 67 reportDetails->setString("request-url", request->m_originalURL);68 reportDetails->setString("request-body", request->m_originalHTTPBody);75 reportDetails->setString("request-url", xssInfo.m_originalURL); 76 reportDetails->setString("request-body", xssInfo.m_originalHTTPBody); 69 77 70 78 RefPtr<InspectorObject> reportObject = InspectorObject::create(); … … 72 80 73 81 RefPtr<FormData> report = FormData::create(reportObject->toJSONString().utf8().data()); 74 PingLoader::sendViolationReport(m_document->frame(), request->m_reportURL, report);82 PingLoader::sendViolationReport(m_document->frame(), xssInfo.m_reportURL, report); 75 83 } 76 84 77 if ( request->m_didBlockEntirePage)85 if (xssInfo.m_didBlockEntirePage) 78 86 m_document->frame()->navigationScheduler()->scheduleLocationChange(m_document->securityOrigin(), blankURL(), String()); 79 87 } -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.h
r141909 r142004 35 35 class Document; 36 36 37 class DidBlockScriptRequest{37 class XSSInfo { 38 38 public: 39 static PassOwnPtr< DidBlockScriptRequest> create(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage)39 static PassOwnPtr<XSSInfo> create(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage) 40 40 { 41 return adoptPtr(new DidBlockScriptRequest(reportURL, originalURL, originalHTTPBody, didBlockEntirePage));41 return adoptPtr(new XSSInfo(reportURL, originalURL, originalHTTPBody, didBlockEntirePage)); 42 42 } 43 44 bool isSafeToSendToAnotherThread() const; 43 45 44 46 KURL m_reportURL; … … 48 50 49 51 private: 50 DidBlockScriptRequest(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage)52 XSSInfo(const KURL& reportURL, const String& originalURL, const String& originalHTTPBody, bool didBlockEntirePage) 51 53 : m_reportURL(reportURL) 52 54 , m_originalURL(originalURL) … … 61 63 explicit XSSAuditorDelegate(Document*); 62 64 63 void didBlockScript( PassOwnPtr<DidBlockScriptRequest>);65 void didBlockScript(const XSSInfo&); 64 66 65 67 private: -
trunk/Source/WebCore/platform/KURL.cpp
r141909 r142004 1936 1936 } 1937 1937 1938 } 1938 bool KURL::isSafeToSendToAnotherThread() const 1939 { 1940 #if USE(GOOGLEURL) 1941 return m_url.isSafeToSendToAnotherThread(); 1942 #elif USE(WTFURL) 1943 return m_urlImpl.isSafeToSendToAnotherThread(); 1944 #else // !USE(GOOGLEURL) 1945 return m_string.isSafeToSendToAnotherThread(); 1946 #endif 1947 } 1948 1949 } -
trunk/Source/WebCore/platform/KURL.h
r141909 r142004 228 228 229 229 void reportMemoryUsage(MemoryObjectInfo*) const; 230 bool isSafeToSendToAnotherThread() const; 230 231 231 232 private: -
trunk/Source/WebCore/platform/KURLGoogle.cpp
r141909 r142004 400 400 info.addMember(m_parsed, "parsed"); 401 401 } 402 403 bool KURLGooglePrivate::isSafeToSendToAnotherThread() const 404 { 405 return m_string.isSafeToSendToAnotherThread() 406 && m_utf8.isSafeToSendToAnotherThread() 407 && (!m_innerURL || m_innerURL->isSafeToSendToAnotherThread()); 408 } 409 402 410 // KURL ------------------------------------------------------------------------ 403 411 -
trunk/Source/WebCore/platform/KURLGooglePrivate.h
r141909 r142004 102 102 103 103 void reportMemoryUsage(MemoryObjectInfo*) const; 104 bool isSafeToSendToAnotherThread() const; 104 105 105 106 private: -
trunk/Source/WebCore/platform/KURLWTFURLImpl.h
r141909 r142004 50 50 info.addMember(m_invalidUrlString, "invalidUrlString"); 51 51 } 52 bool isSafeToSendToAnotherThread() const 53 { 54 return m_invalidUrlString.isSafeToSendToAnotherThread() 55 && m_parsedURL.isSafeToSendToAnotherThread(); 56 } 52 57 PassRefPtr<KURLWTFURLImpl> copy() const; 53 58 };
Note: See TracChangeset
for help on using the changeset viewer.