Changeset 77588 in webkit
- Timestamp:
- Feb 3, 2011 7:56:40 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 22 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r77583 r77588 1 2011-02-03 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Daniel Bates. 4 5 XSS Auditor severely affects loading performance after submitting a large form 6 https://bugs.webkit.org/show_bug.cgi?id=49845 7 8 The XSSFilter catches some more cases and has different console 9 messages than the XSSAuditor. We might want to improve these messages 10 in the future. 11 12 * http/tests/security/xssAuditor/base-href-control-char-expected.txt: 13 * http/tests/security/xssAuditor/base-href-expected.txt: 14 * http/tests/security/xssAuditor/base-href-null-char-expected.txt: 15 * http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt: 16 * http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt: 17 * http/tests/security/xssAuditor/embed-tag-control-char-expected.txt: 18 * http/tests/security/xssAuditor/embed-tag-expected.txt: 19 * http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt: 20 * http/tests/security/xssAuditor/embed-tag-null-char-expected.txt: 21 * http/tests/security/xssAuditor/full-block-base-href-expected.txt: 22 * http/tests/security/xssAuditor/full-block-object-tag-expected.txt: 23 * http/tests/security/xssAuditor/link-onclick-entities-expected.txt: 24 * http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt: 25 * http/tests/security/xssAuditor/object-embed-tag-expected.txt: 26 * http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt: 27 * http/tests/security/xssAuditor/object-tag-expected.txt: 28 * http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt: 29 * http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt: 30 1 31 2011-02-03 Maciej Stachowiak <mjs@apple.com> 2 32 -
trunk/LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load from document base URL. URLfound within request.1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 ALERT: This is a safe script. -
trunk/LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load from document base URL. URLfound within request.1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 ALERT: This is a safe script. -
trunk/LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load from document base URL. URLfound within request.1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 ALERT: This is a safe script. -
trunk/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load from document base URL. URLfound within request.1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 ALERT: This is a safe script. -
trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt
r65987 r77588 1 ALERT: /XSS/ 1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt
r68854 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)". 2 3 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)". 1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 2 5 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt
r69798 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/sec�urity/xssAuditor/resources/dummy.swf".1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/full-block-base-href-expected.txt
r54202 r77588 1 CONSOLE MESSAGE: line 1: Refused to load from document base URL. URLfound within request.1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 There should be no content in the iframe below: -
trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt
r54202 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://localhost:8000/security/xssAuditor/resources/dummy.swf".1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 3 There should be no content in the iframe below: -
trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt
r65355 r77588 1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 1 2 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt
r68854 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf". 3 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 5 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 6 5 7 -
trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt
r66254 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf". 3 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 5 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 6 5 7 -
trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt
r69798 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/sec�urity/xssAuditor/resources/dummy.swf".1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/sec�urity/xssAuditor/resources/dummy.swf". 3 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 5 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 6 5 7 -
trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf". 1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 3 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 4 3 5 -
trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt
r51445 r77588 1 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)". 2 3 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)". 1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 4 2 5 3 -
trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt
r65355 r77588 1 ALERT: /XSS/ 1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 2 2 3 -
trunk/Source/WebCore/ChangeLog
r77587 r77588 1 2011-02-03 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Daniel Bates. 4 5 XSS Auditor severely affects loading performance after submitting a large form 6 https://bugs.webkit.org/show_bug.cgi?id=49845 7 8 Switch over from the XSSAuditor to the XSSFilter, improving performance 9 on this example. 10 11 * html/parser/XSSFilter.cpp: 12 (WebCore::XSSFilter::filterToken): 13 * page/XSSAuditor.cpp: 14 (WebCore::XSSAuditor::isEnabled): 15 1 16 2011-02-03 Dirk Pranke <dpranke@chromium.org> 2 17 -
trunk/Source/WebCore/html/parser/XSSFilter.cpp
r77560 r77588 39 39 #include <wtf/text/CString.h> 40 40 41 // This preprocesssor macro is a temporary scaffold while this code is still an experiment.42 #define XSS_DETECTOR_ENABLED 043 44 41 namespace WebCore { 45 42 … … 189 186 void XSSFilter::filterToken(HTMLToken& token) 190 187 { 191 #if !XSS_DETECTOR_ENABLED192 ASSERT_UNUSED(token, &token);193 return;194 #else195 188 if (m_state == Uninitialized) { 196 189 init(); … … 228 221 } 229 222 } 230 #endif231 223 } 232 224 -
trunk/Source/WebCore/page/XSSAuditor.cpp
r73444 r77588 114 114 bool XSSAuditor::isEnabled() const 115 115 { 116 Settings* settings = m_frame->settings();117 return (settings && settings->xssAuditorEnabled());116 // FIXME: Remove this class if the transition to XSSFilter goes smoothly. 117 return false; 118 118 } 119 119
Note: See TracChangeset
for help on using the changeset viewer.