Changeset 145348 in webkit
- Timestamp:
- Mar 11, 2013 2:48:14 AM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r145347 r145348 1 2013-03-11 Mike West <mkwst@chromium.org> 2 3 XSSAuditor doesn't need a copy of the original document's body. 4 https://bugs.webkit.org/show_bug.cgi?id=111946 5 6 Reviewed by Darin Adler. 7 8 The XSSAuditor currently copies the original HTTP body of the document 9 that's being audited in order to include it into a violation report if 10 reflected XSS is detected. We don't actually need to do this, as we 11 have access to the original request information from inside the 12 XSSAuditorDelegate where the report is generated. 13 XSSAuditorDelegate::didBlockScript ASSERTs that it's running on the 14 main thread, so it should be safe to reach through the document's 15 loader to get that information directly, rather than passing it from 16 thread to thread via XSSInfo object properties. 17 18 * html/parser/XSSAuditor.h: 19 * html/parser/XSSAuditor.cpp: 20 (WebCore::XSSAuditor::init): 21 (WebCore::XSSAuditor::filterToken): 22 (WebCore::XSSAuditor::isSafeToSendToAnotherThread): 23 * html/parser/XSSAuditorDelegate.h: 24 (WebCore::XSSInfo::create): 25 (WebCore::XSSInfo::XSSInfo): 26 * html/parser/XSSAuditorDelegate.cpp: 27 (WebCore::XSSInfo::isSafeToSendToAnotherThread): 28 Drop the XSSInfo and XSSAuditor properties that held an 29 isolatedCopy of the the original HTTP body. Depending on the 30 document's size, this could be a significant savings. 31 (WebCore::XSSAuditorDelegate::didBlockScript): 32 Reach into the document's loader's original request in order to 33 grab the body as a String, and feed that into the violation report 34 object. 35 36 As a drive-by, this patch creates a FrameLoader* temporary 37 variable to minimize repetition in this area of the code. We use 38 the loader a few times, but should only have to grab it once. 39 1 40 2013-03-11 Silvia Pfeiffer <silviapf@chromium.org> 2 41 -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r145331 r145348 312 312 return; 313 313 } 314 315 if (!m_reportURL.isEmpty())316 m_originalHTTPBody = httpBodyAsString;317 314 } 318 315 … … 335 332 if (didBlockScript) { 336 333 bool didBlockEntirePage = (m_xssProtection == ContentSecurityPolicy::BlockReflectedXSS); 337 OwnPtr<XSSInfo> xssInfo = XSSInfo::create(m_reportURL, m_originalHTTPBody, didBlockEntirePage); 338 if (!m_reportURL.isEmpty()) { 339 m_reportURL = KURL(); 340 m_originalHTTPBody = String(); 341 } 334 OwnPtr<XSSInfo> xssInfo = XSSInfo::create(m_reportURL, didBlockEntirePage); 335 m_reportURL = KURL(); 342 336 return xssInfo.release(); 343 337 } … … 728 722 { 729 723 return m_documentURL.isSafeToSendToAnotherThread() 730 && m_originalHTTPBody.isSafeToSendToAnotherThread()731 724 && m_decodedURL.isSafeToSendToAnotherThread() 732 725 && m_decodedHTTPBody.isSafeToSendToAnotherThread() -
trunk/Source/WebCore/html/parser/XSSAuditor.h
r145331 r145348 106 106 ContentSecurityPolicy::ReflectedXSSDisposition m_xssProtection; 107 107 108 String m_originalHTTPBody;109 108 String m_decodedURL; 110 109 String m_decodedHTTPBody; -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
r145331 r145348 30 30 #include "DOMWindow.h" 31 31 #include "Document.h" 32 #include "DocumentLoader.h" 32 33 #include "FormData.h" 33 34 #include "Frame.h" … … 43 44 bool XSSInfo::isSafeToSendToAnotherThread() const 44 45 { 45 return m_reportURL.isSafeToSendToAnotherThread() 46 && m_originalHTTPBody.isSafeToSendToAnotherThread(); 46 return m_reportURL.isSafeToSendToAnotherThread(); 47 47 } 48 48 … … 63 63 m_document->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, consoleMessage); 64 64 65 FrameLoader* frameLoader = m_document->frame()->loader(); 66 65 67 if (xssInfo.m_didBlockEntirePage) 66 m_document->frame()->loader()->stopAllLoaders();68 frameLoader->stopAllLoaders(); 67 69 68 70 if (!m_didNotifyClient) { 69 m_document->frame()->loader()->client()->didDetectXSS(m_document->url(), xssInfo.m_didBlockEntirePage);71 frameLoader->client()->didDetectXSS(m_document->url(), xssInfo.m_didBlockEntirePage); 70 72 m_didNotifyClient = true; 71 73 } … … 74 76 RefPtr<InspectorObject> reportDetails = InspectorObject::create(); 75 77 reportDetails->setString("request-url", m_document->url().string()); 76 reportDetails->setString("request-body", xssInfo.m_originalHTTPBody); 78 79 String httpBody; 80 if (frameLoader->documentLoader()) { 81 if (FormData* formData = frameLoader->documentLoader()->originalRequest().httpBody()) 82 httpBody = formData->flattenToString(); 83 } 84 reportDetails->setString("request-body", httpBody); 77 85 78 86 RefPtr<InspectorObject> reportObject = InspectorObject::create(); -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.h
r145331 r145348 40 40 class XSSInfo { 41 41 public: 42 static PassOwnPtr<XSSInfo> create(const KURL& reportURL, const String& originalHTTPBody,bool didBlockEntirePage)42 static PassOwnPtr<XSSInfo> create(const KURL& reportURL, bool didBlockEntirePage) 43 43 { 44 return adoptPtr(new XSSInfo(reportURL, originalHTTPBody,didBlockEntirePage));44 return adoptPtr(new XSSInfo(reportURL, didBlockEntirePage)); 45 45 } 46 46 … … 48 48 49 49 KURL m_reportURL; 50 String m_originalHTTPBody;51 50 bool m_didBlockEntirePage; 52 51 TextPosition m_textPosition; 53 52 54 53 private: 55 XSSInfo(const KURL& reportURL, const String& originalHTTPBody,bool didBlockEntirePage)54 XSSInfo(const KURL& reportURL, bool didBlockEntirePage) 56 55 : m_reportURL(reportURL) 57 , m_originalHTTPBody(originalHTTPBody)58 56 , m_didBlockEntirePage(didBlockEntirePage) 59 57 { }
Note: See TracChangeset
for help on using the changeset viewer.