Changeset 60898 in webkit


Ignore:
Timestamp:
Jun 9, 2010 10:09:03 AM (14 years ago)
Author:
abarth@webkit.org
Message:

2010-06-09 Eric Seidel <eric@webkit.org>

Reviewed by Adam Barth.

HTML5 Parser needs to integrate with the XSSAuditor
https://bugs.webkit.org/show_bug.cgi?id=40287

This fixes most of the XSSAuditor tests, except for the ones
which rely on the srcValue "context". The previous HTMLTokenizer
implementation was both Lexer and ScriptRunner and thus could
provide the XSSAuditor with the un-modified attribute source.
This naive implementation will fail the context-sensitive tests
but Adam Barth says he'll just have to find a new way to provide
the required information to the XSSAuditor in a later patch.

Covered by numerous http/tests/security/xssAuditor tests.

  • html/HTML5ScriptRunner.cpp: (WebCore::HTML5ScriptRunner::requestScript):
    • Ask the HTML5ScriptRunner host before running any scripts.
  • html/HTML5ScriptRunnerHost.h:
    • Add a shouldLoadExternalScriptFromSrc declaration.
  • html/HTML5Tokenizer.cpp: (WebCore::HTML5Tokenizer::shouldLoadExternalScriptFromSrc):
    • Ask the XSSAuditor if we're allowed to run the passed script.
  • html/HTML5Tokenizer.h:
Location:
trunk/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r60897 r60898  
     12010-06-09  Eric Seidel  <eric@webkit.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        HTML5 Parser needs to integrate with the XSSAuditor
     6        https://bugs.webkit.org/show_bug.cgi?id=40287
     7
     8        This fixes most of the XSSAuditor tests, except for the ones
     9        which rely on the srcValue "context".  The previous HTMLTokenizer
     10        implementation was both Lexer and ScriptRunner and thus could
     11        provide the XSSAuditor with the un-modified attribute source.
     12        This naive implementation will fail the context-sensitive tests
     13        but Adam Barth says he'll just have to find a new way to provide
     14        the required information to the XSSAuditor in a later patch.
     15
     16        Covered by numerous http/tests/security/xssAuditor tests.
     17
     18        * html/HTML5ScriptRunner.cpp:
     19        (WebCore::HTML5ScriptRunner::requestScript):
     20         - Ask the HTML5ScriptRunner host before running any scripts.
     21        * html/HTML5ScriptRunnerHost.h:
     22         - Add a shouldLoadExternalScriptFromSrc declaration.
     23        * html/HTML5Tokenizer.cpp:
     24        (WebCore::HTML5Tokenizer::shouldLoadExternalScriptFromSrc):
     25         - Ask the XSSAuditor if we're allowed to run the passed script.
     26        * html/HTML5Tokenizer.h:
     27
    1282010-06-09  Tony Gentilcore  <tonyg@chromium.org>
    229

  • trunk/WebCore/html/HTML5ScriptRunner.cpp

    r60606 r60898  
    208208    ASSERT(!m_parsingBlockingScript.element);
    209209    AtomicString srcValue = script->getAttribute(srcAttr);
     210    // Allow the host to disllow script loads (using the XSSAuditor, etc.)
     211    if (!m_host->shouldLoadExternalScriptFromSrc(srcValue))
     212        return;
     213
    210214    // FIXME: We need to resolve the url relative to the element.
    211215    m_parsingBlockingScript.element = script;

  • trunk/WebCore/html/HTML5ScriptRunnerHost.h

    r60347 r60898  
    2929namespace WebCore {
    3030
     31class AtomicString;
    3132class CachedResource;
    3233class ScriptSourceCode;
     
    4142    virtual void stopWatchingForLoad(CachedResource*) = 0;
    4243
     44    // Implementors can block certain script loads (for XSSAuditor, etc.)
     45    virtual bool shouldLoadExternalScriptFromSrc(const AtomicString&) = 0;
    4346    // Implementors should handle possible rentry before/after calling ScriptController::executeScript
    4447    virtual void executeScript(const ScriptSourceCode&) = 0;

  • trunk/WebCore/html/HTML5Tokenizer.cpp

    r60825 r60898  
    3535#include "Node.h"
    3636#include "NotImplemented.h"
     37#include "XSSAuditor.h"
    3738
    3839namespace WebCore {
     
    205206{
    206207    cachedScript->removeClient(this);
     208}
     209
     210bool HTML5Tokenizer::shouldLoadExternalScriptFromSrc(const AtomicString& srcValue)
     211{
     212    if (!m_XSSAuditor)
     213        return true;
     214    // FIXME: We have no easy way to provide the XSSAuditor with the original
     215    // un-processed attribute source, so for now we pass nullAtom.
     216    return m_XSSAuditor->canLoadExternalScriptFromSrc(nullAtom, srcValue);
    207217}
    208218

  • trunk/WebCore/html/HTML5Tokenizer.h

    r60813 r60898  
    6464    virtual void watchForLoad(CachedResource*);
    6565    virtual void stopWatchingForLoad(CachedResource*);
     66    virtual bool shouldLoadExternalScriptFromSrc(const AtomicString&);
    6667    virtual void executeScript(const ScriptSourceCode&);
    6768
Note: See TracChangeset for help on using the changeset viewer.