[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
abarth at webkit.org
abarth at webkit.org
Mon Feb 21 00:15:58 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit 87e8410e3cade6f754063d91076ceedf1394bc30
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Jan 29 00:55:37 2011 +0000
2011-01-28 Adam Barth <abarth at webkit.org>
Reviewed by Daniel Bates.
Teach XSSFilter about <applet>
https://bugs.webkit.org/show_bug.cgi?id=53338
HTML5 is pretty light on information about how the <applet> tag works.
According to this site:
http://download.oracle.com/javase/1.4.2/docs/guide/misc/applet.html
The "code" and "object" attributes are the essential attributes for
determining which piece of Java to run. We might need to expand to the
codebase and archive attributes at some point, but hopefully code and
object will be sufficient.
* html/parser/XSSFilter.cpp:
(WebCore::XSSFilter::filterToken):
(WebCore::XSSFilter::filterAppletToken):
* html/parser/XSSFilter.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77032 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index b4282b3..50fd2f9 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -2,6 +2,28 @@
Reviewed by Daniel Bates.
+ Teach XSSFilter about <applet>
+ https://bugs.webkit.org/show_bug.cgi?id=53338
+
+ HTML5 is pretty light on information about how the <applet> tag works.
+ According to this site:
+
+ http://download.oracle.com/javase/1.4.2/docs/guide/misc/applet.html
+
+ The "code" and "object" attributes are the essential attributes for
+ determining which piece of Java to run. We might need to expand to the
+ codebase and archive attributes at some point, but hopefully code and
+ object will be sufficient.
+
+ * html/parser/XSSFilter.cpp:
+ (WebCore::XSSFilter::filterToken):
+ (WebCore::XSSFilter::filterAppletToken):
+ * html/parser/XSSFilter.h:
+
+2011-01-28 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Daniel Bates.
+
Teach the XSSFilter about object and embed tags
https://bugs.webkit.org/show_bug.cgi?id=53336
diff --git a/Source/WebCore/html/parser/XSSFilter.cpp b/Source/WebCore/html/parser/XSSFilter.cpp
index 554554a..e4b9b8b 100644
--- a/Source/WebCore/html/parser/XSSFilter.cpp
+++ b/Source/WebCore/html/parser/XSSFilter.cpp
@@ -116,6 +116,9 @@ void XSSFilter::filterToken(HTMLToken& token)
if (hasName(token, embedTag))
return filterEmbedToken(token);
+ if (hasName(token, appletTag))
+ return filterAppletToken(token);
+
for (size_t i = 0; i < token.attributes().size(); ++i) {
const HTMLToken::Attribute& attribute = token.attributes().at(i);
if (!isNameOfScriptCarryingAttribute(attribute.m_name))
@@ -181,6 +184,16 @@ void XSSFilter::filterEmbedToken(HTMLToken& token)
eraseAttributeIfInjected(token, typeAttr);
}
+void XSSFilter::filterAppletToken(HTMLToken& token)
+{
+ ASSERT(m_state == Initial);
+ ASSERT(token.type() == HTMLToken::StartTag);
+ ASSERT(hasName(token, appletTag));
+
+ eraseAttributeIfInjected(token, codeAttr);
+ eraseAttributeIfInjected(token, objectAttr);
+}
+
bool XSSFilter::eraseAttributeIfInjected(HTMLToken& token, const QualifiedName& attributeName)
{
size_t indexOfAttribute;
diff --git a/Source/WebCore/html/parser/XSSFilter.h b/Source/WebCore/html/parser/XSSFilter.h
index 24e9674..9da17ea 100644
--- a/Source/WebCore/html/parser/XSSFilter.h
+++ b/Source/WebCore/html/parser/XSSFilter.h
@@ -49,6 +49,7 @@ private:
void filterScriptToken(HTMLToken&);
void filterObjectToken(HTMLToken&);
void filterEmbedToken(HTMLToken&);
+ void filterAppletToken(HTMLToken&);
bool eraseAttributeIfInjected(HTMLToken&, const QualifiedName&);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list