Context Navigation

← Previous Changeset
Next Changeset →

Changeset 77588 in webkit

Timestamp:

Feb 3, 2011 7:56:40 PM (13 years ago)

Author:

abarth@webkit.org

Message:

2011-02-03 Adam Barth <abarth@webkit.org>

Reviewed by Daniel Bates.

XSS Auditor severely affects loading performance after submitting a large form
https://bugs.webkit.org/show_bug.cgi?id=49845

The XSSFilter catches some more cases and has different console
messages than the XSSAuditor. We might want to improve these messages
in the future.

http/tests/security/xssAuditor/base-href-control-char-expected.txt:
http/tests/security/xssAuditor/base-href-expected.txt:
http/tests/security/xssAuditor/base-href-null-char-expected.txt:
http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
http/tests/security/xssAuditor/embed-tag-expected.txt:
http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
http/tests/security/xssAuditor/full-block-base-href-expected.txt:
http/tests/security/xssAuditor/full-block-object-tag-expected.txt:
http/tests/security/xssAuditor/link-onclick-entities-expected.txt:
http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
http/tests/security/xssAuditor/object-embed-tag-expected.txt:
http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
http/tests/security/xssAuditor/object-tag-expected.txt:
http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt:

2011-02-03 Adam Barth <abarth@webkit.org>

Reviewed by Daniel Bates.

XSS Auditor severely affects loading performance after submitting a large form
https://bugs.webkit.org/show_bug.cgi?id=49845

Switch over from the XSSAuditor to the XSSFilter, improving performance
on this example.

html/parser/XSSFilter.cpp: (WebCore::XSSFilter::filterToken):
page/XSSAuditor.cpp: (WebCore::XSSAuditor::isEnabled):

Location:

trunk

Files:

: 22 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/full-block-base-href-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt (modified) (1 diff)
LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt (modified) (1 diff)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/html/parser/XSSFilter.cpp (modified) (3 diffs)
Source/WebCore/page/XSSAuditor.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r77583
+                      r77588
+-02-03  Adam Barth  <abarth@webkit.org>
+        Reviewed by Daniel Bates.
+        XSS Auditor severely affects loading performance after submitting a large form
+        https://bugs.webkit.org/show_bug.cgi?id=49845
+        The XSSFilter catches some more cases and has different console
+        messages than the XSSAuditor.  We might want to improve these messages
+        in the future.
+        * http/tests/security/xssAuditor/base-href-control-char-expected.txt:
+        * http/tests/security/xssAuditor/base-href-expected.txt:
+        * http/tests/security/xssAuditor/base-href-null-char-expected.txt:
+        * http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
+        * http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
+        * http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
+        * http/tests/security/xssAuditor/embed-tag-expected.txt:
+        * http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
+        * http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
+        * http/tests/security/xssAuditor/full-block-base-href-expected.txt:
+        * http/tests/security/xssAuditor/full-block-object-tag-expected.txt:
+        * http/tests/security/xssAuditor/link-onclick-entities-expected.txt:
+        * http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
+        * http/tests/security/xssAuditor/object-embed-tag-expected.txt:
+        * http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
+        * http/tests/security/xssAuditor/object-tag-expected.txt:
+        * http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
+        * http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt:
 -02-03  Maciej Stachowiak  <mjs@apple.com>

trunk/LayoutTests/http/tests/security/xssAuditor/base-href-control-char-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load from document base URL. URL~~ found within request.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3	ALERT: This is a safe script.

trunk/LayoutTests/http/tests/security/xssAuditor/base-href-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load from document base URL. URL~~ found within request.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3	ALERT: This is a safe script.

trunk/LayoutTests/http/tests/security/xssAuditor/base-href-null-char-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load from document base URL. URL~~ found within request.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3	ALERT: This is a safe script.

trunk/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load from document base URL. URL~~ found within request.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3	ALERT: This is a safe script.

trunk/LayoutTests/http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt

r65987	r77588
1		ALERT: /XSS/
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
	3

trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-control-char-expected.txt

r68854	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf"~~.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3

trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf"~~.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3

trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
2
3		CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
4	2
5	3

trunk/LayoutTests/http/tests/security/xssAuditor/embed-tag-null-char-expected.txt

r69798	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load an object. URL found within request: "http://127.0.0.1:8000/sec�urity/xssAuditor/resources/dummy.swf"~~.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3

trunk/LayoutTests/http/tests/security/xssAuditor/full-block-base-href-expected.txt

r54202	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load from document base URL. URL~~ found within request.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3	There should be no content in the iframe below:

trunk/LayoutTests/http/tests/security/xssAuditor/full-block-object-tag-expected.txt

r54202	r77588
1		CONSOLE MESSAGE: line 1: Refused to ~~load an object. URL found within request: "http://localhost:8000/security/xssAuditor/resources/dummy.swf"~~.
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
3	3	There should be no content in the iframe below:

trunk/LayoutTests/http/tests/security/xssAuditor/link-onclick-entities-expected.txt

r65355	r77588
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
1	2
	3

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt

-                      r68854
+                      r77588
 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt

-                      r66254
+                      r77588
 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt

-                      r69798
+                      r77588
 CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/sec�urity/xssAuditor/resources/dummy.swf".
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
+CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/sec�urity/xssAuditor/resources/dummy.swf".
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
+CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.

trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf".
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
	2
	3	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	4
3	5

trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt

r51445	r77588
1		CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
2
3		CONSOLE MESSAGE: line 1: Refused to load an object. URL found within request: "javascript:alert(document.domain)".
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
4	2
5	3

trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt

r65355	r77588
1		ALERT: /XSS/
	1	CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
2	2
	3

trunk/Source/WebCore/ChangeLog

-                      r77587
+                      r77588
+-02-03  Adam Barth  <abarth@webkit.org>
+        Reviewed by Daniel Bates.
+        XSS Auditor severely affects loading performance after submitting a large form
+        https://bugs.webkit.org/show_bug.cgi?id=49845
+        Switch over from the XSSAuditor to the XSSFilter, improving performance
+        on this example.
+        * html/parser/XSSFilter.cpp:
+        (WebCore::XSSFilter::filterToken):
+        * page/XSSAuditor.cpp:
+        (WebCore::XSSAuditor::isEnabled):
 -02-03  Dirk Pranke  <dpranke@chromium.org>

trunk/Source/WebCore/html/parser/XSSFilter.cpp

r77560	r77588
39	39	#include <wtf/text/CString.h>
40	40
41		~~// This preprocesssor macro is a temporary scaffold while this code is still an experiment.~~
42		~~#define XSS_DETECTOR_ENABLED 0~~
43
44	41	namespace WebCore {
45	42
…	…
189	186	void XSSFilter::filterToken(HTMLToken& token)
190	187	{
191		~~#if !XSS_DETECTOR_ENABLED~~
192		~~ASSERT_UNUSED(token, &token);~~
193		~~return;~~
194		~~#else~~
195	188	if (m_state == Uninitialized) {
196	189	init();
…	…
228	221	}
229	222	}
230		~~#endif~~
231	223	}
232	224

trunk/Source/WebCore/page/XSSAuditor.cpp

r73444	r77588
114	114	bool XSSAuditor::isEnabled() const
115	115	{
116		~~Settings* settings = m_frame->settings();~~
117		return ~~(settings && settings->xssAuditorEnabled())~~;
	116	// FIXME: Remove this class if the transition to XSSFilter goes smoothly.
	117	return false;
118	118	}
119	119

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 77588 in webkit

Legend:

Download in other formats: