Changeset 96231 in webkit
- Timestamp:
- Sep 28, 2011 10:19:08 AM (13 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r96224 r96231 1 2011-09-28 Tom Sepez <tsepez@chromium.org> 2 3 Revert change which broke displaying end script tags in view-source, instead 4 deal with any trailing </script> tag included by mistake in the XSSAuditor 5 itself. Correct tests to detect the missing close tags. 6 https://bugs.webkit.org/show_bug.cgi?id=68898 7 8 Reviewed by Adam Barth. 9 10 * fast/frames/resources/viewsource-frame-2.html: 11 * fast/frames/viewsource-plain-text-tags-expected.txt: 12 * fast/frames/viewsource-plain-text-tags.html: 13 1 14 2011-09-28 Antaryami Pandia <antaryami.pandia@motorola.com> 2 15 -
trunk/LayoutTests/fast/frames/resources/viewsource-frame-2.html
r33509 r96231 1 1 <script> 2 <test >2 <testscript> 3 3 </script> 4 4 5 5 <style> 6 <test >6 <teststyle> 7 7 </style> 8 8 9 9 <xmp> 10 <test >10 <testxmp> 11 11 </xmp> 12 12 13 13 <textarea> 14 <test >14 <testtextarea> 15 15 </textarea> -
trunk/LayoutTests/fast/frames/viewsource-plain-text-tags-expected.txt
r33509 r96231 1 PASS1 script: PASS PASS PASS style: PASS PASS PASS xmp: PASS PASS PASS textarea: PASS PASS PASS -
trunk/LayoutTests/fast/frames/viewsource-plain-text-tags.html
r80456 r96231 7 7 } 8 8 9 function report(frame) { 9 function found(text, regexString) 10 { 11 var matches = text.match(new RegExp(regexString, 'g')); 12 if (matches && matches.length === 1) 13 return 'PASS'; 14 else 15 return 'FAIL'; 16 } 17 18 function testSection(text, name) { 19 // Closing tags are not correctly formated, so don't check their markup. 20 return name + ': ' + 21 found(text, '<span class="webkit-html-tag"><' + name + '>') + ' ' + 22 found(text, '<td class="webkit-line-content"><test' + name + '>') + ' ' + 23 found(text, '</' + name + '>') + '\n'; 24 } 25 26 function report(frame) 27 { 10 28 var result = frame.contentDocument.documentElement.innerHTML; 11 var regex = new RegExp("<td class=\"webkit-line-content\"><test></td>", "g"); 12 matches = result.match(regex); 29 var resultText = ''; 13 30 14 if (matches && matches.length === 4)15 var resultText = "PASS";16 else17 var resultText = "FAIL";31 resultText += testSection(result, 'script'); 32 resultText += testSection(result, 'style'); 33 resultText += testSection(result, 'xmp'); 34 resultText += testSection(result, 'textarea'); 18 35 19 36 if (window.layoutTestController) { … … 21 38 document.write(resultText); 22 39 document.close(); 23 24 40 layoutTestController.notifyDone(); 25 41 } else { … … 31 47 <body> 32 48 <p>You should see a frame in 'view source' mode below.</p> 33 <p>None of the "<test >" strings shown below should be colorized like HTML.</p>49 <p>None of the "<testxxx>" strings shown below should be colorized like HTML.</p> 34 50 <hr> 35 51 <div id="result"></div> -
trunk/Source/WebCore/ChangeLog
r96229 r96231 1 2011-09-28 Tom Sepez <tsepez@chromium.org> 2 3 Revert change which broke displaying end script tags in view-source, instead 4 deal with any trailing </script> tag included by mistake in the XSSAuditor 5 itself. Correct tests to detect the missing close tags. 6 https://bugs.webkit.org/show_bug.cgi?id=68898 7 8 Reviewed by Adam Barth. 9 10 * html/parser/HTMLSourceTracker.cpp: 11 (WebCore::HTMLSourceTracker::end): 12 * html/parser/HTMLTokenizer.cpp: 13 (WebCore::HTMLTokenizer::nextToken): 14 * html/parser/XSSAuditor.cpp: 15 (WebCore::startsHTMLEndTagAt): 16 (WebCore::XSSAuditor::snippetForJavaScript): 17 1 18 2011-09-28 Adam Barth <abarth@webkit.org> 2 19 -
trunk/Source/WebCore/html/parser/HTMLSourceTracker.cpp
r95901 r96231 45 45 m_cachedSourceForToken = String(); 46 46 47 // FIXME: This work should really be done by the HTMLTokenizer in all cases, 48 // instead of the few cases where it explicitly steps in to correct values 49 // known to be wrong in face of its internal buffering. 50 if (!token.endIndex()) 51 token.end(input.current().numberOfCharactersConsumed()); 47 // FIXME: This work should really be done by the HTMLTokenizer. 48 token.end(input.current().numberOfCharactersConsumed()); 52 49 } 53 50 -
trunk/Source/WebCore/html/parser/HTMLTokenizer.cpp
r95901 r96231 298 298 299 299 HTML_BEGIN_STATE(ScriptDataState) { 300 if (cc == '<') { 301 // Token might end here. If not, we'll come through here again 302 // and update the end location again. 303 m_token->end(source.numberOfCharactersConsumed()); 300 if (cc == '<') 304 301 HTML_ADVANCE_TO(ScriptDataLessThanSignState); 305 }306 302 else if (cc == InputStreamPreprocessor::endOfFileMarker) 307 303 return emitEndOfFile(source); -
trunk/Source/WebCore/html/parser/XSSAuditor.cpp
r95901 r96231 85 85 return (c == '\n' || c == '\r'); 86 86 } 87 88 static bool startsHTMLEndTagAt(const String& string, size_t start) 89 { 90 return (start + 1 < string.length() && string[start] == '<' && string[start+1] == '/'); 91 } 92 87 93 88 94 static bool startsHTMLCommentAt(const String& string, size_t start) … … 584 590 } 585 591 586 // Stop at next comment or when we exceed the maximum length target. After hitting the 587 // length target, we can only stop at a point where we know we are not in the middle of 588 // a %-escape sequence. A simple way to do this is to break on whitespace only. 592 // Stop at next comment, or at a closing script tag (which may have been included with 593 // the code fragment because of buffering in the HTMLSourceTracker), or when we exceed 594 // the maximum length target. After hitting the length target, we can only stop at a 595 // point where we know we are not in the middle of a %-escape sequence. For the sake of 596 // simplicity, approximate stopping at a close script tag by stopping at any close tag, 597 // and approximate not stopping inside a (possibly multiply encoded) %-esacpe sequence 598 // by breaking on whitespace only. We should have enough text in these cases to avoid 599 // false positives. 589 600 for (foundPosition = startPosition; foundPosition < endPosition; foundPosition++) { 590 if (startsSingleLineCommentAt(string, foundPosition) || startsMultiLineCommentAt(string, foundPosition) ) {601 if (startsSingleLineCommentAt(string, foundPosition) || startsMultiLineCommentAt(string, foundPosition) || startsHTMLEndTagAt(string, foundPosition)) { 591 602 endPosition = foundPosition + 2; 592 603 break;
Note: See TracChangeset
for help on using the changeset viewer.