Changeset 79106 in webkit
- Timestamp:
- Feb 19, 2011 12:12:02 AM (13 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r79101 r79106 1 2011-02-19 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Daniel Bates. 4 5 Fix xssAuditor/iframe-injection.html 6 https://bugs.webkit.org/show_bug.cgi?id=54591 7 8 Update expected results to show that we pass. 9 10 * http/tests/security/xssAuditor/iframe-injection-expected.txt: 11 1 12 2011-02-18 Andrew Wilson <atwilson@chromium.org> 2 13 -
trunk/LayoutTests/http/tests/security/xssAuditor/iframe-injection-expected.txt
r78776 r79106 1 CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request. 1 2 3 -
trunk/Source/WebCore/ChangeLog
r79104 r79106 1 2011-02-19 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Daniel Bates. 4 5 Fix xssAuditor/iframe-injection.html 6 https://bugs.webkit.org/show_bug.cgi?id=54591 7 8 We should block the iframe src attribute. Although this technically 9 can't be used to run script, it's a pretty easy vector for stealing 10 passwords. 11 12 * html/parser/XSSFilter.cpp: 13 (WebCore::XSSFilter::filterTokenInitial): 14 (WebCore::XSSFilter::filterIframeToken): 15 * html/parser/XSSFilter.h: 16 1 17 2011-02-18 Tony Gentilcore <tonyg@chromium.org> 2 18 -
trunk/Source/WebCore/html/parser/XSSFilter.cpp
r78780 r79106 246 246 else if (hasName(token, appletTag)) 247 247 didBlockScript |= filterAppletToken(token); 248 else if (hasName(token, iframeTag)) 249 didBlockScript |= filterIframeToken(token); 248 250 else if (hasName(token, metaTag)) 249 251 didBlockScript |= filterMetaToken(token); … … 352 354 353 355 return didBlockScript; 356 } 357 358 bool XSSFilter::filterIframeToken(HTMLToken& token) 359 { 360 ASSERT(m_state == Initial); 361 ASSERT(token.type() == HTMLToken::StartTag); 362 ASSERT(hasName(token, iframeTag)); 363 364 return eraseAttributeIfInjected(token, srcAttr); 354 365 } 355 366 -
trunk/Source/WebCore/html/parser/XSSFilter.h
r78780 r79106 59 59 bool filterEmbedToken(HTMLToken&); 60 60 bool filterAppletToken(HTMLToken&); 61 bool filterIframeToken(HTMLToken&); 61 62 bool filterMetaToken(HTMLToken&); 62 63 bool filterBaseToken(HTMLToken&);
Note: See TracChangeset
for help on using the changeset viewer.