Changeset 60964 in webkit
- Timestamp:
- Jun 10, 2010 10:39:59 AM (14 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r60962 r60964 1 2010-06-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Use allowRequestIfNoIllegalURICharacters instead of context for XSSAuditor::canLoadExternalScriptFromSrc 6 https://bugs.webkit.org/show_bug.cgi?id=40404 7 8 We originally added the context parameter to 9 canLoadExternalScriptFromSrc to work around some false positives caused 10 by folks checking external script URLs on the server. Our thought was 11 that we could tell these were not real XSS attacks because the 12 surrounding context wouldn't match in the URL and the document. 13 14 Implementing this feature in the HTML5 parser is hard because it 15 pierces a layer of abstraction (the token abstraction of the input 16 stream). We could hack this into the new parser, but instead I think 17 it's better to switch to using the allowRequestIfNoIllegalURICharacters 18 heuristic. 19 20 We designed the allowRequestIfNoIllegalURICharacters after the context 21 heuristic to deal with other cases where the server was validating 22 input before echoing it. However, we never tried applying it to 23 canLoadExternalScriptFromSrc. 24 25 It's possible that this will cause false positives and will need to be 26 reverted, which is why I've left in some of the infrustructure for 27 computing context. We don't have a good way to know if that will 28 happen except to try. We do know, however, that this heuristic will 29 work for the original false positives we saw. 30 31 * html/HTML5Tokenizer.cpp: 32 (WebCore::HTML5Tokenizer::shouldLoadExternalScriptFromSrc): 33 * html/HTMLTokenizer.cpp: 34 (WebCore::HTMLTokenizer::parseTag): 35 * page/XSSAuditor.cpp: 36 (WebCore::XSSAuditor::canLoadExternalScriptFromSrc): 37 * page/XSSAuditor.h: 38 1 39 2010-06-10 Kwang Yul Seo <skyul@company100.net> 2 40 -
trunk/WebCore/html/HTML5Tokenizer.cpp
r60943 r60964 226 226 if (!m_XSSAuditor) 227 227 return true; 228 // FIXME: We have no easy way to provide the XSSAuditor with the original 229 // un-processed attribute source, so for now we pass nullAtom. 230 return m_XSSAuditor->canLoadExternalScriptFromSrc(nullAtom, srcValue); 228 return m_XSSAuditor->canLoadExternalScriptFromSrc(srcValue); 231 229 } 232 230 -
trunk/WebCore/html/HTMLTokenizer.cpp
r60813 r60964 1396 1396 if (m_currentToken.beginTag && m_currentToken.tagName == scriptTag && !inViewSourceMode() && !m_parser->skipMode() && m_attrName == srcAttr) { 1397 1397 String context(m_rawAttributeBeforeValue.data(), m_rawAttributeBeforeValue.size()); 1398 if (m_XSSAuditor && !m_XSSAuditor->canLoadExternalScriptFromSrc( context,attributeValue))1398 if (m_XSSAuditor && !m_XSSAuditor->canLoadExternalScriptFromSrc(attributeValue)) 1399 1399 attributeValue = blankURL().string(); 1400 1400 } … … 1433 1433 if (m_currentToken.beginTag && m_currentToken.tagName == scriptTag && !inViewSourceMode() && !m_parser->skipMode() && m_attrName == srcAttr) { 1434 1434 String context(m_rawAttributeBeforeValue.data(), m_rawAttributeBeforeValue.size()); 1435 if (m_XSSAuditor && !m_XSSAuditor->canLoadExternalScriptFromSrc( context,attributeValue))1435 if (m_XSSAuditor && !m_XSSAuditor->canLoadExternalScriptFromSrc(attributeValue)) 1436 1436 attributeValue = blankURL().string(); 1437 1437 } -
trunk/WebCore/page/XSSAuditor.cpp
r56991 r60964 171 171 } 172 172 173 bool XSSAuditor::canLoadExternalScriptFromSrc(const String& context, const String&url) const173 bool XSSAuditor::canLoadExternalScriptFromSrc(const String& url) const 174 174 { 175 175 if (!isEnabled()) … … 180 180 181 181 FindTask task; 182 task.context = context;183 182 task.string = url; 183 task.allowRequestIfNoIllegalURICharacters = true; 184 184 185 185 if (findInRequest(task)) { -
trunk/WebCore/page/XSSAuditor.h
r56991 r60964 91 91 // Determines whether the external script should be loaded based on the 92 92 // content of any user-submitted data. 93 bool canLoadExternalScriptFromSrc(const String& context, const String&url) const;93 bool canLoadExternalScriptFromSrc(const String& url) const; 94 94 95 95 // Determines whether object should be loaded based on the content of
Note: See TracChangeset
for help on using the changeset viewer.