[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
abarth at webkit.org
abarth at webkit.org
Mon Feb 21 00:19:10 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit 115b6bb5d1a446cf719db63aa4939e6eb6dd5b55
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Jan 29 09:22:18 2011 +0000
2011-01-29 Adam Barth <abarth at webkit.org>
Reviewed by Daniel Bates.
XSSFilter should replace URLs with about:blank instead of the empty string
https://bugs.webkit.org/show_bug.cgi?id=53370
Using the empty string will make the URL complete to the current
document's URL, which isn't really what we want. Instead, we want to
use about:blank, which is safe.
* html/parser/XSSFilter.cpp:
(WebCore::XSSFilter::filterObjectToken):
(WebCore::XSSFilter::filterEmbedToken):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77060 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 90b3c21..d3e8398 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -2,6 +2,21 @@
Reviewed by Daniel Bates.
+ XSSFilter should replace URLs with about:blank instead of the empty string
+ https://bugs.webkit.org/show_bug.cgi?id=53370
+
+ Using the empty string will make the URL complete to the current
+ document's URL, which isn't really what we want. Instead, we want to
+ use about:blank, which is safe.
+
+ * html/parser/XSSFilter.cpp:
+ (WebCore::XSSFilter::filterObjectToken):
+ (WebCore::XSSFilter::filterEmbedToken):
+
+2011-01-29 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Daniel Bates.
+
XSSFilter should pass xssAuditor/script-tag-addslashes*
https://bugs.webkit.org/show_bug.cgi?id=53365
diff --git a/Source/WebCore/html/parser/XSSFilter.cpp b/Source/WebCore/html/parser/XSSFilter.cpp
index d108552..a976d55 100644
--- a/Source/WebCore/html/parser/XSSFilter.cpp
+++ b/Source/WebCore/html/parser/XSSFilter.cpp
@@ -238,7 +238,7 @@ bool XSSFilter::filterObjectToken(HTMLToken& token)
bool didBlockScript = false;
- didBlockScript |= eraseAttributeIfInjected(token, dataAttr);
+ didBlockScript |= eraseAttributeIfInjected(token, dataAttr, blankURL().string());
didBlockScript |= eraseAttributeIfInjected(token, typeAttr);
didBlockScript |= eraseAttributeIfInjected(token, classidAttr);
@@ -253,7 +253,7 @@ bool XSSFilter::filterEmbedToken(HTMLToken& token)
bool didBlockScript = false;
- didBlockScript |= eraseAttributeIfInjected(token, srcAttr);
+ didBlockScript |= eraseAttributeIfInjected(token, srcAttr, blankURL().string());
didBlockScript |= eraseAttributeIfInjected(token, typeAttr);
return didBlockScript;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list