[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

Mon Feb 21 00:19:10 UTC 2011

The following commit has been merged in the webkit-1.3 branch:
commit 115b6bb5d1a446cf719db63aa4939e6eb6dd5b55
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Jan 29 09:22:18 2011 +0000

    2011-01-29  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Daniel Bates.
    
            XSSFilter should replace URLs with about:blank instead of the empty string
            https://bugs.webkit.org/show_bug.cgi?id=53370
    
            Using the empty string will make the URL complete to the current
            document's URL, which isn't really what we want.  Instead, we want to
            use about:blank, which is safe.
    
            * html/parser/XSSFilter.cpp:
            (WebCore::XSSFilter::filterObjectToken):
            (WebCore::XSSFilter::filterEmbedToken):
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77060 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 90b3c21..d3e8398 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -2,6 +2,21 @@
 
         Reviewed by Daniel Bates.
 
+        XSSFilter should replace URLs with about:blank instead of the empty string
+        https://bugs.webkit.org/show_bug.cgi?id=53370
+
+        Using the empty string will make the URL complete to the current
+        document's URL, which isn't really what we want.  Instead, we want to
+        use about:blank, which is safe.
+
+        * html/parser/XSSFilter.cpp:
+        (WebCore::XSSFilter::filterObjectToken):
+        (WebCore::XSSFilter::filterEmbedToken):
+
+2011-01-29  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Daniel Bates.
+
         XSSFilter should pass xssAuditor/script-tag-addslashes*
         https://bugs.webkit.org/show_bug.cgi?id=53365
 
diff --git a/Source/WebCore/html/parser/XSSFilter.cpp b/Source/WebCore/html/parser/XSSFilter.cpp
index d108552..a976d55 100644
--- a/Source/WebCore/html/parser/XSSFilter.cpp
+++ b/Source/WebCore/html/parser/XSSFilter.cpp
@@ -238,7 +238,7 @@ bool XSSFilter::filterObjectToken(HTMLToken& token)
 
     bool didBlockScript = false;
 
-    didBlockScript |= eraseAttributeIfInjected(token, dataAttr);
+    didBlockScript |= eraseAttributeIfInjected(token, dataAttr, blankURL().string());
     didBlockScript |= eraseAttributeIfInjected(token, typeAttr);
     didBlockScript |= eraseAttributeIfInjected(token, classidAttr);
 
@@ -253,7 +253,7 @@ bool XSSFilter::filterEmbedToken(HTMLToken& token)
 
     bool didBlockScript = false;
 
-    didBlockScript |= eraseAttributeIfInjected(token, srcAttr);
+    didBlockScript |= eraseAttributeIfInjected(token, srcAttr, blankURL().string());
     didBlockScript |= eraseAttributeIfInjected(token, typeAttr);
 
     return didBlockScript;

-- 
WebKit Debian packaging

