Changeset 194982 in webkit
- Timestamp:
- Jan 13, 2016 1:45:07 PM (8 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r194980 r194982 1 2016-01-13 Daniel Bates <dabates@apple.com> 2 3 Cleanup: XSS Auditor should avoid re-evaluating the parsed script tag 4 https://bugs.webkit.org/show_bug.cgi?id=152870 5 6 Reviewed by Brent Fulgham. 7 8 Merged from Blink (patch by Tom Sepez <tsepez@chromium.org>): 9 <https://src.chromium.org/viewvc/blink?revision=154354&view=revision> 10 11 Although the XSS Auditor caches the decoded start tag of a script as an optimization to 12 avoid decoding it again when filtering the character data of the script, it is sufficient 13 to cache whether the HTTP response contains the decoded start tag of a script. This 14 avoids both decoding the start tag of a script and determining whether the HTTP response 15 contains it again when filtering the character data of the script. Moreover, this removes 16 the need to cache a string object. 17 18 * html/parser/XSSAuditor.cpp: 19 (WebCore::XSSAuditor::filterCharacterToken): 20 (WebCore::XSSAuditor::filterScriptToken): 21 * html/parser/XSSAuditor.h: 22 1 23 2016-01-13 Commit Queue <commit-queue@webkit.org> 2 24 -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r194979 r194982 389 389 { 390 390 ASSERT(m_scriptTagNestingLevel); 391 if ( isContainedInRequest(m_cachedDecodedSnippet)&& isContainedInRequest(decodedSnippetForJavaScript(request))) {391 if (m_wasScriptTagFoundInRequest && isContainedInRequest(decodedSnippetForJavaScript(request))) { 392 392 request.token.clear(); 393 393 LChar space = ' '; … … 403 403 ASSERT(hasName(request.token, scriptTag)); 404 404 405 m_ cachedDecodedSnippet = decodedSnippetForName(request);405 m_wasScriptTagFoundInRequest = isContainedInRequest(decodedSnippetForName(request)); 406 406 407 407 bool didBlockScript = false; 408 if ( isContainedInRequest(decodedSnippetForName(request))) {408 if (m_wasScriptTagFoundInRequest) { 409 409 didBlockScript |= eraseAttributeIfInjected(request, srcAttr, blankURL().string(), SrcLikeAttribute); 410 410 didBlockScript |= eraseAttributeIfInjected(request, XLinkNames::hrefAttr, blankURL().string(), SrcLikeAttribute); -
trunk/Source/WebCore/html/parser/XSSAuditor.h
r178265 r194982 115 115 116 116 State m_state; 117 String m_cachedDecodedSnippet;117 bool m_wasScriptTagFoundInRequest { false }; 118 118 unsigned m_scriptTagNestingLevel; 119 119 TextEncoding m_encoding;
Note: See TracChangeset
for help on using the changeset viewer.