[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
abarth at webkit.org
abarth at webkit.org
Mon Feb 21 00:12:48 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit 0771b8dec389d909714d27236e5604ee3a7379be
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jan 28 21:29:31 2011 +0000
2011-01-28 Adam Barth <abarth at webkit.org>
Reviewed by Daniel Bates.
Sketch out new XSS filter design (disabled by default)
https://bugs.webkit.org/show_bug.cgi?id=53205
This patch adds a basic sketch of the new XSS filter design. Rather
than watching scripts as they execute, in this design, we watch tokens
emitted by the tokenizer. We then map the tokens directly back into
input characters, which lets us skip all the complicated logic related
to HTML entities and double-decoding of JavaScript URLs.
This patch contains only the bare essentially machinery. I'll add more
in future patches and eventually remove the previous code once this
code is up and running correctly.
* Android.mk:
* CMakeLists.txt:
* GNUmakefile.am:
* WebCore.gypi:
* WebCore.pro:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
* html/parser/HTMLDocumentParser.cpp:
(WebCore::HTMLDocumentParser::HTMLDocumentParser):
(WebCore::HTMLDocumentParser::pumpTokenizer):
(WebCore::HTMLDocumentParser::sourceForToken):
* html/parser/HTMLDocumentParser.h:
* html/parser/XSSFilter.cpp: Added.
* html/parser/XSSFilter.h: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76980 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/Android.mk b/Source/WebCore/Android.mk
index df688b4..b2e37cb 100644
--- a/Source/WebCore/Android.mk
+++ b/Source/WebCore/Android.mk
@@ -346,6 +346,7 @@ LOCAL_SRC_FILES := $(LOCAL_SRC_FILES) \
html/parser/HTMLViewSourceParser.cpp \
html/parser/TextDocumentParser.cpp \
html/parser/TextViewSourceParser.cpp \
+ html/parser/XSSFilter.cpp \
\
html/shadow/MediaControls.cpp \
html/shadow/SliderThumbElement.cpp \
diff --git a/Source/WebCore/CMakeLists.txt b/Source/WebCore/CMakeLists.txt
index e43ae67..c4b1158 100644
--- a/Source/WebCore/CMakeLists.txt
+++ b/Source/WebCore/CMakeLists.txt
@@ -1148,6 +1148,7 @@ SET(WebCore_SOURCES
html/parser/HTMLViewSourceParser.cpp
html/parser/TextDocumentParser.cpp
html/parser/TextViewSourceParser.cpp
+ html/parser/XSSFilter.cpp
html/shadow/MediaControls.cpp
html/shadow/SliderThumbElement.cpp
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 6a60150..fb7973c 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,35 @@
+2011-01-28 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Daniel Bates.
+
+ Sketch out new XSS filter design (disabled by default)
+ https://bugs.webkit.org/show_bug.cgi?id=53205
+
+ This patch adds a basic sketch of the new XSS filter design. Rather
+ than watching scripts as they execute, in this design, we watch tokens
+ emitted by the tokenizer. We then map the tokens directly back into
+ input characters, which lets us skip all the complicated logic related
+ to HTML entities and double-decoding of JavaScript URLs.
+
+ This patch contains only the bare essentially machinery. I'll add more
+ in future patches and eventually remove the previous code once this
+ code is up and running correctly.
+
+ * Android.mk:
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * WebCore.gypi:
+ * WebCore.pro:
+ * WebCore.vcproj/WebCore.vcproj:
+ * WebCore.xcodeproj/project.pbxproj:
+ * html/parser/HTMLDocumentParser.cpp:
+ (WebCore::HTMLDocumentParser::HTMLDocumentParser):
+ (WebCore::HTMLDocumentParser::pumpTokenizer):
+ (WebCore::HTMLDocumentParser::sourceForToken):
+ * html/parser/HTMLDocumentParser.h:
+ * html/parser/XSSFilter.cpp: Added.
+ * html/parser/XSSFilter.h: Added.
+
2011-01-28 Michael Saboff <msaboff at apple.com>
Reviewed by Geoffrey Garen.
diff --git a/Source/WebCore/GNUmakefile.am b/Source/WebCore/GNUmakefile.am
index c42031f..fb47ea2 100644
--- a/Source/WebCore/GNUmakefile.am
+++ b/Source/WebCore/GNUmakefile.am
@@ -1880,6 +1880,8 @@ webcore_sources += \
Source/WebCore/html/parser/TextDocumentParser.h \
Source/WebCore/html/parser/TextViewSourceParser.cpp \
Source/WebCore/html/parser/TextViewSourceParser.h \
+ Source/WebCore/html/parser/XSSFilter.cpp \
+ Source/WebCore/html/parser/XSSFilter.h \
Source/WebCore/html/shadow/MediaControls.cpp \
Source/WebCore/html/shadow/MediaControls.h \
Source/WebCore/html/shadow/SliderThumbElement.cpp \
diff --git a/Source/WebCore/WebCore.gypi b/Source/WebCore/WebCore.gypi
index 3ca1e27..cdc1d8f 100644
--- a/Source/WebCore/WebCore.gypi
+++ b/Source/WebCore/WebCore.gypi
@@ -2001,6 +2001,8 @@
'html/parser/TextDocumentParser.h',
'html/parser/TextViewSourceParser.cpp',
'html/parser/TextViewSourceParser.h',
+ 'html/parser/XSSFilter.cpp',
+ 'html/parser/XSSFilter.h',
'html/shadow/MediaControls.cpp',
'html/shadow/MediaControls.h',
'html/shadow/SliderThumbElement.cpp',
diff --git a/Source/WebCore/WebCore.pro b/Source/WebCore/WebCore.pro
index 34804ba..ee0efcb 100644
--- a/Source/WebCore/WebCore.pro
+++ b/Source/WebCore/WebCore.pro
@@ -1039,6 +1039,7 @@ SOURCES += \
html/parser/HTMLViewSourceParser.cpp \
html/parser/TextDocumentParser.cpp \
html/parser/TextViewSourceParser.cpp \
+ html/parser/XSSFilter.cpp \
html/shadow/MediaControls.cpp \
html/shadow/SliderThumbElement.cpp \
inspector/ConsoleMessage.cpp \
@@ -1939,6 +1940,7 @@ HEADERS += \
html/parser/HTMLTokenizer.h \
html/parser/HTMLTreeBuilder.h \
html/parser/HTMLViewSourceParser.h \
+ html/parser/XSSFilter.h \
inspector/ConsoleMessage.h \
inspector/InjectedScript.h \
inspector/InjectedScriptHost.h \
diff --git a/Source/WebCore/WebCore.vcproj/WebCore.vcproj b/Source/WebCore/WebCore.vcproj/WebCore.vcproj
index a68f158..821784e 100755
--- a/Source/WebCore/WebCore.vcproj/WebCore.vcproj
+++ b/Source/WebCore/WebCore.vcproj/WebCore.vcproj
@@ -55504,6 +55504,14 @@
RelativePath="..\html\parser\TextViewSourceParser.h"
>
</File>
+ <File
+ RelativePath="..\html\parser\XSSFilter.cpp"
+ >
+ </File>
+ <File
+ RelativePath="..\html\parser\XSSFilter.h"
+ >
+ </File>
</Filter>
<Filter
Name="shadow"
diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
index 2588887..c3cfe04 100644
--- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -3099,6 +3099,8 @@
977B387A122883E900B81FF8 /* HTMLViewSourceParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 977B3861122883E900B81FF8 /* HTMLViewSourceParser.h */; };
977E2DCD12F0E28300C13379 /* HTMLSourceTracker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 977E2DCB12F0E28300C13379 /* HTMLSourceTracker.cpp */; };
977E2DCE12F0E28300C13379 /* HTMLSourceTracker.h in Headers */ = {isa = PBXBuildFile; fileRef = 977E2DCC12F0E28300C13379 /* HTMLSourceTracker.h */; };
+ 977E2E0E12F0FC9C00C13379 /* XSSFilter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 977E2E0B12F0FC9C00C13379 /* XSSFilter.cpp */; };
+ 977E2E0F12F0FC9C00C13379 /* XSSFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = 977E2E0C12F0FC9C00C13379 /* XSSFilter.h */; };
979F43D31075E44A0000F83B /* NavigationScheduler.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 979F43D11075E44A0000F83B /* NavigationScheduler.cpp */; };
979F43D41075E44A0000F83B /* NavigationScheduler.h in Headers */ = {isa = PBXBuildFile; fileRef = 979F43D21075E44A0000F83B /* NavigationScheduler.h */; settings = {ATTRIBUTES = (Private, ); }; };
97BC84831236FD93000C6161 /* TextDocumentParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97BC84811236FD93000C6161 /* TextDocumentParser.cpp */; };
@@ -9488,6 +9490,8 @@
977B3861122883E900B81FF8 /* HTMLViewSourceParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = HTMLViewSourceParser.h; path = parser/HTMLViewSourceParser.h; sourceTree = "<group>"; };
977E2DCB12F0E28300C13379 /* HTMLSourceTracker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = HTMLSourceTracker.cpp; path = parser/HTMLSourceTracker.cpp; sourceTree = "<group>"; };
977E2DCC12F0E28300C13379 /* HTMLSourceTracker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = HTMLSourceTracker.h; path = parser/HTMLSourceTracker.h; sourceTree = "<group>"; };
+ 977E2E0B12F0FC9C00C13379 /* XSSFilter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = XSSFilter.cpp; path = parser/XSSFilter.cpp; sourceTree = "<group>"; };
+ 977E2E0C12F0FC9C00C13379 /* XSSFilter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XSSFilter.h; path = parser/XSSFilter.h; sourceTree = "<group>"; };
979F43D11075E44A0000F83B /* NavigationScheduler.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NavigationScheduler.cpp; sourceTree = "<group>"; };
979F43D21075E44A0000F83B /* NavigationScheduler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NavigationScheduler.h; sourceTree = "<group>"; };
97BC84811236FD93000C6161 /* TextDocumentParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = TextDocumentParser.cpp; path = parser/TextDocumentParser.cpp; sourceTree = "<group>"; };
@@ -15965,6 +15969,8 @@
97BC84821236FD93000C6161 /* TextDocumentParser.h */,
97BC84A212370DC7000C6161 /* TextViewSourceParser.cpp */,
97BC84A312370DC8000C6161 /* TextViewSourceParser.h */,
+ 977E2E0B12F0FC9C00C13379 /* XSSFilter.cpp */,
+ 977E2E0C12F0FC9C00C13379 /* XSSFilter.h */,
);
name = parser;
sourceTree = "<group>";
@@ -22448,6 +22454,7 @@
BC9585E112F0989500755821 /* PlatformGestureEvent.h in Headers */,
E134F5AB12EE343F004EC58D /* IntRectHash.h in Headers */,
977E2DCE12F0E28300C13379 /* HTMLSourceTracker.h in Headers */,
+ 977E2E0F12F0FC9C00C13379 /* XSSFilter.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -25144,6 +25151,7 @@
BC8AE34E12EA096A00EB3AE6 /* ScrollableArea.cpp in Sources */,
4F2D205512EAE7B3005C2874 /* InspectorAgent.cpp in Sources */,
977E2DCD12F0E28300C13379 /* HTMLSourceTracker.cpp in Sources */,
+ 977E2E0E12F0FC9C00C13379 /* XSSFilter.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.cpp b/Source/WebCore/html/parser/HTMLDocumentParser.cpp
index 6072e45..7c223b2 100644
--- a/Source/WebCore/html/parser/HTMLDocumentParser.cpp
+++ b/Source/WebCore/html/parser/HTMLDocumentParser.cpp
@@ -81,6 +81,7 @@ HTMLDocumentParser::HTMLDocumentParser(HTMLDocument* document, bool reportErrors
, m_scriptRunner(HTMLScriptRunner::create(document, this))
, m_treeBuilder(HTMLTreeBuilder::create(this, document, reportErrors, usePreHTML5ParserQuirks(document)))
, m_parserScheduler(HTMLParserScheduler::create(this))
+ , m_xssFilter(this)
, m_endWasDelayed(false)
, m_writeNestingLevel(0)
{
@@ -92,6 +93,7 @@ HTMLDocumentParser::HTMLDocumentParser(DocumentFragment* fragment, Element* cont
: ScriptableDocumentParser(fragment->document())
, m_tokenizer(HTMLTokenizer::create(usePreHTML5ParserQuirks(fragment->document())))
, m_treeBuilder(HTMLTreeBuilder::create(this, fragment, contextElement, scriptingPermission, usePreHTML5ParserQuirks(fragment->document())))
+ , m_xssFilter(this)
, m_endWasDelayed(false)
, m_writeNestingLevel(0)
{
@@ -232,6 +234,8 @@ void HTMLDocumentParser::pumpTokenizer(SynchronousMode mode)
break;
m_sourceTracker.end(m_input, m_token);
+ m_xssFilter.filterToken(m_token);
+
m_treeBuilder->constructTreeFromToken(m_token);
m_token.clear();
@@ -403,6 +407,11 @@ bool HTMLDocumentParser::inScriptExecution() const
return m_scriptRunner->isExecutingScript();
}
+String HTMLDocumentParser::sourceForToken(const HTMLToken& token)
+{
+ return m_sourceTracker.sourceForToken(token);
+}
+
int HTMLDocumentParser::lineNumber() const
{
return m_tokenizer->lineNumber();
diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.h b/Source/WebCore/html/parser/HTMLDocumentParser.h
index 78f6136..e97c1b3 100644
--- a/Source/WebCore/html/parser/HTMLDocumentParser.h
+++ b/Source/WebCore/html/parser/HTMLDocumentParser.h
@@ -35,6 +35,7 @@
#include "ScriptableDocumentParser.h"
#include "SegmentedString.h"
#include "Timer.h"
+#include "XSSFilter.h"
#include <wtf/OwnPtr.h>
namespace WebCore {
@@ -72,6 +73,7 @@ public:
static bool usePreHTML5ParserQuirks(Document*);
HTMLTokenizer* tokenizer() const { return m_tokenizer.get(); }
+ String sourceForToken(const HTMLToken&);
virtual TextPosition0 textPosition() const;
virtual void suspendScheduledTasks();
@@ -143,6 +145,7 @@ private:
OwnPtr<HTMLPreloadScanner> m_preloadScanner;
OwnPtr<HTMLParserScheduler> m_parserScheduler;
HTMLSourceTracker m_sourceTracker;
+ XSSFilter m_xssFilter;
bool m_endWasDelayed;
unsigned m_writeNestingLevel;
diff --git a/Source/WebCore/html/parser/XSSFilter.cpp b/Source/WebCore/html/parser/XSSFilter.cpp
new file mode 100644
index 0000000..e63fcb3
--- /dev/null
+++ b/Source/WebCore/html/parser/XSSFilter.cpp
@@ -0,0 +1,117 @@
+/*
+ * Copyright (C) 2011 Adam Barth. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "XSSFilter.h"
+
+#include "Document.h"
+#include "HTMLDocumentParser.h"
+#include "TextEncoding.h"
+#include "TextResourceDecoder.h"
+#include <wtf/text/CString.h>
+
+// This preprocesssor macro is a temporary scaffold while this code is still an experiment.
+#define XSS_DETECTOR_ENABLED 0
+
+namespace WebCore {
+
+namespace {
+
+bool isNameOfScriptCarryingAttribute(const Vector<UChar, 32>& name)
+{
+ const size_t lengthOfShortestScriptCarryingAttribute = 5; // To wit: oncut.
+ if (name.size() < lengthOfShortestScriptCarryingAttribute)
+ return false;
+ if (name[0] != 'o' && name[0] != 'O')
+ return false;
+ if (name[1] != 'n' && name[0] != 'N')
+ return false;
+ return true;
+}
+
+String decodeURL(const String& string, const TextEncoding& encoding)
+{
+ String workingString = string;
+ workingString.replace('+', ' ');
+ workingString = decodeURLEscapeSequences(workingString);
+ CString workingStringUTF8 = workingString.utf8();
+ String decodedString = encoding.decode(workingStringUTF8.data(), workingStringUTF8.length());
+ // FIXME: Is this check necessary?
+ if (decodedString.isEmpty())
+ return workingString;
+ return decodedString;
+}
+
+}
+
+XSSFilter::XSSFilter(HTMLDocumentParser* parser)
+ : m_parser(parser)
+{
+ ASSERT(m_parser);
+}
+
+void XSSFilter::filterToken(HTMLToken& token)
+{
+#if !XSS_DETECTOR_ENABLED
+ ASSERT_UNUSED(token, &token);
+ return;
+#else
+ if (token.type() != HTMLToken::StartTag)
+ return;
+
+ HTMLToken::AttributeList::const_iterator iter = token.attributes().begin();
+ for (; iter != token.attributes().end(); ++iter) {
+ if (!isNameOfScriptCarryingAttribute(iter->m_name))
+ continue;
+ if (!isContainedInRequest(snippetForAttribute(token, *iter)))
+ continue;
+ iter->m_value.clear();
+ }
+#endif
+}
+
+String XSSFilter::snippetForAttribute(const HTMLToken& token, const HTMLToken::Attribute& attribute)
+{
+ // FIXME: We should grab one character before the name also.
+ int start = attribute.m_nameRange.m_start - token.startIndex();
+ // FIXME: We probably want to grab only the first few characters of the attribute value.
+ int end = attribute.m_valueRange.m_end - token.startIndex();
+
+ // FIXME: There's an extra allocation here that we could save by
+ // passing the range to the parser.
+ return m_parser->sourceForToken(token).substring(start, end - start);
+}
+
+bool XSSFilter::isContainedInRequest(const String& snippet)
+{
+ String url = m_parser->document()->url().string();
+ String decodedURL = decodeURL(url, m_parser->document()->decoder()->encoding());
+ if (decodedURL.find(snippet, 0, false) != notFound)
+ return true; // We've found the string in the GET data.
+ // FIXME: Look in form data.
+ return false;
+}
+
+}
diff --git a/Source/WebCore/html/parser/XSSFilter.h b/Source/WebCore/html/parser/XSSFilter.h
new file mode 100644
index 0000000..bb2c4a4
--- /dev/null
+++ b/Source/WebCore/html/parser/XSSFilter.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011 Adam Barth. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef XSSFilter_h
+#define XSSFilter_h
+
+#include "HTMLToken.h"
+
+namespace WebCore {
+
+class HTMLDocumentParser;
+
+class XSSFilter {
+ WTF_MAKE_NONCOPYABLE(XSSFilter);
+public:
+ explicit XSSFilter(HTMLDocumentParser*);
+
+ void filterToken(HTMLToken&);
+
+private:
+ String snippetForAttribute(const HTMLToken&, const HTMLToken::Attribute&);
+ bool isContainedInRequest(const String&);
+
+ HTMLDocumentParser* m_parser;
+};
+
+}
+
+#endif
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list