Changeset 145695 in webkit
- Timestamp:
- Mar 13, 2013 2:32:25 AM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r145692 r145695 1 2013-03-13 Mike West <mkwst@chromium.org> 2 3 Pass the XSSAuditor's report URL to the XSSAuditorDelegate on the main thread. 4 https://bugs.webkit.org/show_bug.cgi?id=112179 5 6 Reviewed by Adam Barth. 7 8 Rather than relying on XSSInfo objects to move the XSSAuditor's report 9 URL into the XSSAuditorDelegate for reporting, we should be able to grab 10 the URL directly from XSSAuditor before it moves off the main thread, 11 and store it on the delegate. 12 13 This will enable us to drop the report URL properties from both 14 XSSAuditor and XSSInfo. Oh, happy day! 15 16 * html/parser/BackgroundHTMLParser.cpp: 17 (WebCore::BackgroundHTMLParser::sendTokensToMainThread): 18 We no longer need to check whether XSSInfo objects are thread safe, 19 as we've dropped the only problematic bit. 20 * html/parser/HTMLDocumentParser.cpp: 21 (WebCore::HTMLDocumentParser::pumpTokenizer): 22 (WebCore::HTMLDocumentParser::startBackgroundParser): 23 * html/parser/XSSAuditor.cpp: 24 (WebCore::XSSAuditor::init): 25 When initializing the XSSAuditor, pass in an XSSAuditorDelegate* 26 and assign the report URL directly onto that object. 27 (WebCore::XSSAuditor::filterToken): 28 Drop the report URL parameter from XSSInfo objects we create in the 29 Auditor, as they're now handled directly from the delegate. 30 (WebCore::XSSAuditor::isSafeToSendToAnotherThread): 31 Drop the report URL property from XSSAuditor's threadsafeness check, 32 as properties that do not exist are automatically thread-safe. 33 * html/parser/XSSAuditorDelegate.cpp: 34 (WebCore::XSSAuditorDelegate::didBlockScript): 35 Use the delegate's own report URL rather than the XSSInfo objects'. 36 * html/parser/XSSAuditorDelegate.h: 37 (WebCore::XSSInfo::create): 38 (WebCore::XSSInfo::XSSInfo): 39 Drop the report URL property from XSSInfo. 40 (WebCore::XSSAuditorDelegate::setReportURL): 41 (XSSAuditorDelegate): 42 Provide a public API for setting a delegate's report URL. 43 1 44 2013-03-13 Mike West <mkwst@chromium.org> 2 45 -
trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp
r145567 r145695 52 52 for (size_t i = 0; i < preloads.size(); ++i) 53 53 ASSERT(preloads[i]->isSafeToSendToAnotherThread()); 54 }55 56 static void checkThatXSSInfosAreSafeToSendToAnotherThread(const XSSInfoStream& xssInfos)57 {58 for (size_t i = 0; i < xssInfos.size(); ++i)59 ASSERT(xssInfos[i]->isSafeToSendToAnotherThread());60 54 } 61 55 … … 161 155 checkThatTokensAreSafeToSendToAnotherThread(m_pendingTokens.get()); 162 156 checkThatPreloadsAreSafeToSendToAnotherThread(m_pendingPreloads); 163 checkThatXSSInfosAreSafeToSendToAnotherThread(m_pendingXSSInfos);164 157 #endif 165 158 -
trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp
r145567 r145695 522 522 InspectorInstrumentationCookie cookie = InspectorInstrumentation::willWriteHTML(document(), m_input.current().currentLine().zeroBasedInt()); 523 523 524 m_xssAuditor.init(document() );524 m_xssAuditor.init(document(), &m_xssAuditorDelegate); 525 525 526 526 while (canTakeNextToken(mode, session) && !session.needsYield) { … … 663 663 config->parser = m_weakFactory.createWeakPtr(); 664 664 config->xssAuditor = adoptPtr(new XSSAuditor); 665 config->xssAuditor->init(document() );665 config->xssAuditor->init(document(), &m_xssAuditorDelegate); 666 666 config->preloadScanner = adoptPtr(new TokenPreloadScanner(document()->url().copy())); 667 667 -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r145503 r145695 52 52 #include "TextResourceDecoder.h" 53 53 #include "XLinkNames.h" 54 #include "XSSAuditorDelegate.h" 54 55 55 56 #if ENABLE(SVG) … … 227 228 } 228 229 229 void XSSAuditor::init(Document* document )230 void XSSAuditor::init(Document* document, XSSAuditorDelegate* auditorDelegate) 230 231 { 231 232 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. … … 299 300 300 301 m_xssProtection = combineXSSProtectionHeaderAndCSP(xssProtectionHeader, cspHeader); 301 m_reportURL = xssProtectionReportURL; // FIXME: Combine the two report URLs in some reasonable way. 302 // FIXME: Combine the two report URLs in some reasonable way. 303 if (auditorDelegate) 304 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); 302 305 FormData* httpBody = documentLoader->originalRequest().httpBody(); 303 306 if (httpBody && !httpBody->isEmpty()) { … … 337 340 if (didBlockScript) { 338 341 bool didBlockEntirePage = (m_xssProtection == ContentSecurityPolicy::BlockReflectedXSS); 339 OwnPtr<XSSInfo> xssInfo = XSSInfo::create(m_reportURL, didBlockEntirePage, m_didSendValidXSSProtectionHeader, m_didSendValidCSPHeader); 340 m_reportURL = KURL(); 342 OwnPtr<XSSInfo> xssInfo = XSSInfo::create(didBlockEntirePage, m_didSendValidXSSProtectionHeader, m_didSendValidCSPHeader); 341 343 return xssInfo.release(); 342 344 } … … 729 731 && m_decodedURL.isSafeToSendToAnotherThread() 730 732 && m_decodedHTTPBody.isSafeToSendToAnotherThread() 731 && m_cachedDecodedSnippet.isSafeToSendToAnotherThread() 732 && m_reportURL.isSafeToSendToAnotherThread(); 733 && m_cachedDecodedSnippet.isSafeToSendToAnotherThread(); 733 734 } 734 735 -
trunk/Source/WebCore/html/parser/XSSAuditor.h
r145503 r145695 40 40 class HTMLSourceTracker; 41 41 class XSSInfo; 42 class XSSAuditorDelegate; 42 43 43 44 struct FilterTokenRequest { … … 58 59 XSSAuditor(); 59 60 60 void init(Document* );61 void init(Document*, XSSAuditorDelegate*); 61 62 PassOwnPtr<XSSInfo> filterToken(const FilterTokenRequest&); 62 63 bool isSafeToSendToAnotherThread() const; … … 116 117 String m_cachedDecodedSnippet; 117 118 unsigned m_scriptTagNestingLevel; 118 KURL m_reportURL;119 119 TextEncoding m_encoding; 120 120 }; -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
r145503 r145695 41 41 42 42 namespace WebCore { 43 44 bool XSSInfo::isSafeToSendToAnotherThread() const45 {46 return m_reportURL.isSafeToSendToAnotherThread();47 }48 43 49 44 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) … … 92 87 } 93 88 94 if (! xssInfo.m_reportURL.isEmpty()) {89 if (!m_reportURL.isEmpty()) { 95 90 RefPtr<InspectorObject> reportDetails = InspectorObject::create(); 96 91 reportDetails->setString("request-url", m_document->url().string()); … … 107 102 108 103 RefPtr<FormData> report = FormData::create(reportObject->toJSONString().utf8().data()); 109 PingLoader::sendViolationReport(m_document->frame(), xssInfo.m_reportURL, report);104 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, report); 110 105 } 111 106 -
trunk/Source/WebCore/html/parser/XSSAuditorDelegate.h
r145503 r145695 40 40 class XSSInfo { 41 41 public: 42 static PassOwnPtr<XSSInfo> create( const KURL& reportURL,bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader)42 static PassOwnPtr<XSSInfo> create(bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader) 43 43 { 44 return adoptPtr(new XSSInfo( reportURL,didBlockEntirePage, didSendXSSProtectionHeader, didSendCSPHeader));44 return adoptPtr(new XSSInfo(didBlockEntirePage, didSendXSSProtectionHeader, didSendCSPHeader)); 45 45 } 46 46 47 bool isSafeToSendToAnotherThread() const;48 49 KURL m_reportURL;50 47 bool m_didBlockEntirePage; 51 48 bool m_didSendXSSProtectionHeader; … … 54 51 55 52 private: 56 XSSInfo(const KURL& reportURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader) 57 : m_reportURL(reportURL) 58 , m_didBlockEntirePage(didBlockEntirePage) 53 XSSInfo(bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader) 54 : m_didBlockEntirePage(didBlockEntirePage) 59 55 , m_didSendXSSProtectionHeader(didSendXSSProtectionHeader) 60 56 , m_didSendCSPHeader(didSendCSPHeader) … … 68 64 69 65 void didBlockScript(const XSSInfo&); 66 void setReportURL(const KURL& url) { m_reportURL = url; } 70 67 71 68 private: 72 69 Document* m_document; 73 70 bool m_didNotifyClient; 71 KURL m_reportURL; 74 72 }; 75 73
Note: See TracChangeset
for help on using the changeset viewer.