Title: [198377] trunk
- Revision
- 198377
- Author
- [email protected]
- Date
- 2016-03-17 21:45:46 -0700 (Thu, 17 Mar 2016)
Log Message
[XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
https://bugs.webkit.org/show_bug.cgi?id=155624
<rdar://problem/25219962>
Unreviewed merge from Blink (patch by Tom Sepez <[email protected]>):
<https://src.chromium.org/viewvc/blink?revision=201803&view=revision>
Source/WebCore:
Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html
* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.
LayoutTests:
* http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt: Added.
* http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (198376 => 198377)
--- trunk/LayoutTests/ChangeLog 2016-03-18 04:06:59 UTC (rev 198376)
+++ trunk/LayoutTests/ChangeLog 2016-03-18 04:45:46 UTC (rev 198377)
@@ -1,3 +1,15 @@
+2016-03-17 Brent Fulgham <[email protected]>
+
+ [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
+ https://bugs.webkit.org/show_bug.cgi?id=155624
+ <rdar://problem/25219962>
+
+ Unreviewed merge from Blink (patch by Tom Sepez <[email protected]>):
+ <https://src.chromium.org/viewvc/blink?revision=201803&view=revision>
+
+ * http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt: Added.
+ * http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html: Added.
+
2016-03-17 Zalan Bujtas <[email protected]>
Images in feed on ebay.com jiggle when one is hovered
Added: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt (0 => 198377)
--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt 2016-03-18 04:45:46 UTC (rev 198377)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(/xss/)-1%2502%3Cscript%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+
Added: trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html (0 => 198377)
--- trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html 2016-03-18 04:45:46 UTC (rev 198377)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.setXSSAuditorEnabled(true);
+ }
+</script>
+</head>
+ <body>
+ <iframe src=""
+ </iframe>
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (198376 => 198377)
--- trunk/Source/WebCore/ChangeLog 2016-03-18 04:06:59 UTC (rev 198376)
+++ trunk/Source/WebCore/ChangeLog 2016-03-18 04:45:46 UTC (rev 198377)
@@ -1,3 +1,17 @@
+2016-03-17 Brent Fulgham <[email protected]>
+
+ [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
+ https://bugs.webkit.org/show_bug.cgi?id=155624
+ <rdar://problem/25219962>
+
+ Unreviewed merge from Blink (patch by Tom Sepez <[email protected]>):
+ <https://src.chromium.org/viewvc/blink?revision=201803&view=revision>
+
+ Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html
+
+ * html/parser/XSSAuditor.cpp:
+ (WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.
+
2016-03-17 Zalan Bujtas <[email protected]>
Images in feed on ebay.com jiggle when one is hovered
Modified: trunk/Source/WebCore/html/parser/XSSAuditor.cpp (198376 => 198377)
--- trunk/Source/WebCore/html/parser/XSSAuditor.cpp 2016-03-18 04:06:59 UTC (rev 198376)
+++ trunk/Source/WebCore/html/parser/XSSAuditor.cpp 2016-03-18 04:45:46 UTC (rev 198377)
@@ -695,7 +695,7 @@
break;
if (lastNonSpacePosition != notFound && startsOpeningScriptTagAt(string, foundPosition)) {
- foundPosition = lastNonSpacePosition;
+ foundPosition = lastNonSpacePosition + 1;
break;
}
if (foundPosition > startPosition + kMaximumFragmentLengthTarget) {
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
