From: dbates@webkit.org Date: Tue, 31 May 2011 04:03:56 +0000 (+0000) Subject: 2011-05-30 Daniel Bates X-Git-Tag: 070512121124~31265 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7b68d35dd50c61afbb9c881200cf0ace8d6f6c3c;p=profile%2Fivi%2Fwebkit-efl.git 2011-05-30 Daniel Bates Reviewed by Adam Barth. Rename XSSFilter to XSSAuditor https://bugs.webkit.org/show_bug.cgi?id=61718 Currently we use the names XSSFilter and XSSAuditor throughout the project. Instead, we should choose one name for consistency. No functionality was changed. So, no new tests. * XSSAuditor: Copied from PerformanceTests/XSSFilter. * XSSFilter: Removed. * XSSFilter/large-post-many-events.html: Removed. * XSSFilter/large-post-many-inline-scripts-and-events.html: Removed. * XSSFilter/resources: Removed. * XSSFilter/resources/target-for-large-post-many-inline-scripts-and-events.html: Removed. 2011-05-30 Daniel Bates Reviewed by Adam Barth. Rename XSSFilter to XSSAuditor https://bugs.webkit.org/show_bug.cgi?id=61718 Currently we use the names XSSFilter and XSSAuditor throughout the project. Instead, we should choose one name for consistency. No functionality was changed. So, no new tests. * CMakeLists.txt: * GNUmakefile.list.am: * WebCore.gypi: * WebCore.pro: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::HTMLDocumentParser): (WebCore::HTMLDocumentParser::pumpTokenizer): * html/parser/HTMLDocumentParser.h: * html/parser/XSSAuditor.cpp: Copied from Source/WebCore/html/parser/XSSFilter.cpp. (WebCore::XSSAuditor::XSSAuditor): (WebCore::XSSAuditor::init): (WebCore::XSSAuditor::filterToken): (WebCore::XSSAuditor::filterTokenInitial): (WebCore::XSSAuditor::filterTokenAfterScriptStartTag): (WebCore::XSSAuditor::filterScriptToken): (WebCore::XSSAuditor::filterObjectToken): (WebCore::XSSAuditor::filterParamToken): (WebCore::XSSAuditor::filterEmbedToken): (WebCore::XSSAuditor::filterAppletToken): (WebCore::XSSAuditor::filterIframeToken): (WebCore::XSSAuditor::filterMetaToken): (WebCore::XSSAuditor::filterBaseToken): (WebCore::XSSAuditor::filterFormToken): (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected): (WebCore::XSSAuditor::eraseAttributeIfInjected): (WebCore::XSSAuditor::snippetForRange): (WebCore::XSSAuditor::snippetForAttribute): (WebCore::XSSAuditor::isContainedInRequest): (WebCore::XSSAuditor::isSameOriginResource): * html/parser/XSSAuditor.h: Copied from Source/WebCore/html/parser/XSSFilter.h. * html/parser/XSSFilter.cpp: Removed. * html/parser/XSSFilter.h: Removed. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87708 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- diff --git a/PerformanceTests/ChangeLog b/PerformanceTests/ChangeLog index 34732ab..ff8b0a0 100644 --- a/PerformanceTests/ChangeLog +++ b/PerformanceTests/ChangeLog @@ -1,3 +1,22 @@ +2011-05-30 Daniel Bates + + Reviewed by Adam Barth. + + Rename XSSFilter to XSSAuditor + https://bugs.webkit.org/show_bug.cgi?id=61718 + + Currently we use the names XSSFilter and XSSAuditor throughout the project. + Instead, we should choose one name for consistency. + + No functionality was changed. So, no new tests. + + * XSSAuditor: Copied from PerformanceTests/XSSFilter. + * XSSFilter: Removed. + * XSSFilter/large-post-many-events.html: Removed. + * XSSFilter/large-post-many-inline-scripts-and-events.html: Removed. + * XSSFilter/resources: Removed. + * XSSFilter/resources/target-for-large-post-many-inline-scripts-and-events.html: Removed. + 2011-03-25 Leo Yang Reviewed by Dirk Schulze. diff --git a/PerformanceTests/XSSFilter/large-post-many-events.html b/PerformanceTests/XSSAuditor/large-post-many-events.html similarity index 100% rename from PerformanceTests/XSSFilter/large-post-many-events.html rename to PerformanceTests/XSSAuditor/large-post-many-events.html diff --git a/PerformanceTests/XSSFilter/large-post-many-inline-scripts-and-events.html b/PerformanceTests/XSSAuditor/large-post-many-inline-scripts-and-events.html similarity index 100% rename from PerformanceTests/XSSFilter/large-post-many-inline-scripts-and-events.html rename to PerformanceTests/XSSAuditor/large-post-many-inline-scripts-and-events.html diff --git a/PerformanceTests/XSSFilter/resources/target-for-large-post-many-inline-scripts-and-events.html b/PerformanceTests/XSSAuditor/resources/target-for-large-post-many-inline-scripts-and-events.html similarity index 100% rename from PerformanceTests/XSSFilter/resources/target-for-large-post-many-inline-scripts-and-events.html rename to PerformanceTests/XSSAuditor/resources/target-for-large-post-many-inline-scripts-and-events.html diff --git a/Source/WebCore/CMakeLists.txt b/Source/WebCore/CMakeLists.txt index c874b94..8bcaa40 100644 --- a/Source/WebCore/CMakeLists.txt +++ b/Source/WebCore/CMakeLists.txt @@ -881,7 +881,7 @@ SET(WebCore_SOURCES html/parser/HTMLViewSourceParser.cpp html/parser/TextDocumentParser.cpp html/parser/TextViewSourceParser.cpp - html/parser/XSSFilter.cpp + html/parser/XSSAuditor.cpp html/shadow/ElementWithPseudoId.cpp html/shadow/DetailsMarkerControl.cpp diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 64393d8..d3c95c7 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,50 @@ +2011-05-30 Daniel Bates + + Reviewed by Adam Barth. + + Rename XSSFilter to XSSAuditor + https://bugs.webkit.org/show_bug.cgi?id=61718 + + Currently we use the names XSSFilter and XSSAuditor throughout the project. + Instead, we should choose one name for consistency. + + No functionality was changed. So, no new tests. + + * CMakeLists.txt: + * GNUmakefile.list.am: + * WebCore.gypi: + * WebCore.pro: + * WebCore.vcproj/WebCore.vcproj: + * WebCore.xcodeproj/project.pbxproj: + * html/parser/HTMLDocumentParser.cpp: + (WebCore::HTMLDocumentParser::HTMLDocumentParser): + (WebCore::HTMLDocumentParser::pumpTokenizer): + * html/parser/HTMLDocumentParser.h: + * html/parser/XSSAuditor.cpp: Copied from Source/WebCore/html/parser/XSSFilter.cpp. + (WebCore::XSSAuditor::XSSAuditor): + (WebCore::XSSAuditor::init): + (WebCore::XSSAuditor::filterToken): + (WebCore::XSSAuditor::filterTokenInitial): + (WebCore::XSSAuditor::filterTokenAfterScriptStartTag): + (WebCore::XSSAuditor::filterScriptToken): + (WebCore::XSSAuditor::filterObjectToken): + (WebCore::XSSAuditor::filterParamToken): + (WebCore::XSSAuditor::filterEmbedToken): + (WebCore::XSSAuditor::filterAppletToken): + (WebCore::XSSAuditor::filterIframeToken): + (WebCore::XSSAuditor::filterMetaToken): + (WebCore::XSSAuditor::filterBaseToken): + (WebCore::XSSAuditor::filterFormToken): + (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected): + (WebCore::XSSAuditor::eraseAttributeIfInjected): + (WebCore::XSSAuditor::snippetForRange): + (WebCore::XSSAuditor::snippetForAttribute): + (WebCore::XSSAuditor::isContainedInRequest): + (WebCore::XSSAuditor::isSameOriginResource): + * html/parser/XSSAuditor.h: Copied from Source/WebCore/html/parser/XSSFilter.h. + * html/parser/XSSFilter.cpp: Removed. + * html/parser/XSSFilter.h: Removed. + 2011-05-30 No'am Rosenthal Reviewed by Simon Hausmann. diff --git a/Source/WebCore/GNUmakefile.list.am b/Source/WebCore/GNUmakefile.list.am index 99f9f3e..af5a9a7 100644 --- a/Source/WebCore/GNUmakefile.list.am +++ b/Source/WebCore/GNUmakefile.list.am @@ -1838,8 +1838,8 @@ webcore_sources += \ Source/WebCore/html/parser/TextDocumentParser.h \ Source/WebCore/html/parser/TextViewSourceParser.cpp \ Source/WebCore/html/parser/TextViewSourceParser.h \ - Source/WebCore/html/parser/XSSFilter.cpp \ - Source/WebCore/html/parser/XSSFilter.h \ + Source/WebCore/html/parser/XSSAuditor.cpp \ + Source/WebCore/html/parser/XSSAuditor.h \ Source/WebCore/html/shadow/ElementWithPseudoId.cpp \ Source/WebCore/html/shadow/ElementWithPseudoId.h \ Source/WebCore/html/shadow/DetailsMarkerControl.cpp \ diff --git a/Source/WebCore/WebCore.gypi b/Source/WebCore/WebCore.gypi index 126ed14..91a343c 100644 --- a/Source/WebCore/WebCore.gypi +++ b/Source/WebCore/WebCore.gypi @@ -3185,8 +3185,8 @@ 'html/parser/TextDocumentParser.h', 'html/parser/TextViewSourceParser.cpp', 'html/parser/TextViewSourceParser.h', - 'html/parser/XSSFilter.cpp', - 'html/parser/XSSFilter.h', + 'html/parser/XSSAuditor.cpp', + 'html/parser/XSSAuditor.h', 'html/shadow/ElementWithPseudoId.cpp', 'html/shadow/ElementWithPseudoId.h', 'html/shadow/DetailsMarkerControl.cpp', diff --git a/Source/WebCore/WebCore.pro b/Source/WebCore/WebCore.pro index 7780d68..94c9121 100644 --- a/Source/WebCore/WebCore.pro +++ b/Source/WebCore/WebCore.pro @@ -798,7 +798,7 @@ SOURCES += \ html/parser/HTMLViewSourceParser.cpp \ html/parser/TextDocumentParser.cpp \ html/parser/TextViewSourceParser.cpp \ - html/parser/XSSFilter.cpp \ + html/parser/XSSAuditor.cpp \ html/shadow/ElementWithPseudoId.cpp \ html/shadow/DetailsMarkerControl.cpp \ html/shadow/MediaControls.cpp \ @@ -1747,7 +1747,7 @@ HEADERS += \ html/parser/HTMLTokenizer.h \ html/parser/HTMLTreeBuilder.h \ html/parser/HTMLViewSourceParser.h \ - html/parser/XSSFilter.h \ + html/parser/XSSAuditor.h \ html/shadow/MediaControlElements.h \ html/shadow/DetailsMarkerControl.h \ html/shadow/ElementWithPseudoId.h \ diff --git a/Source/WebCore/WebCore.vcproj/WebCore.vcproj b/Source/WebCore/WebCore.vcproj/WebCore.vcproj index f18573b..d4ffb18 100755 --- a/Source/WebCore/WebCore.vcproj/WebCore.vcproj +++ b/Source/WebCore/WebCore.vcproj/WebCore.vcproj @@ -57197,11 +57197,11 @@ > diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj index f077eac..7411995 100644 --- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj +++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj @@ -3119,8 +3119,8 @@ 977B387A122883E900B81FF8 /* HTMLViewSourceParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 977B3861122883E900B81FF8 /* HTMLViewSourceParser.h */; }; 977E2DCD12F0E28300C13379 /* HTMLSourceTracker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 977E2DCB12F0E28300C13379 /* HTMLSourceTracker.cpp */; }; 977E2DCE12F0E28300C13379 /* HTMLSourceTracker.h in Headers */ = {isa = PBXBuildFile; fileRef = 977E2DCC12F0E28300C13379 /* HTMLSourceTracker.h */; }; - 977E2E0E12F0FC9C00C13379 /* XSSFilter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 977E2E0B12F0FC9C00C13379 /* XSSFilter.cpp */; }; - 977E2E0F12F0FC9C00C13379 /* XSSFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = 977E2E0C12F0FC9C00C13379 /* XSSFilter.h */; }; + 977E2E0E12F0FC9C00C13379 /* XSSAuditor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 977E2E0B12F0FC9C00C13379 /* XSSAuditor.cpp */; }; + 977E2E0F12F0FC9C00C13379 /* XSSAuditor.h in Headers */ = {isa = PBXBuildFile; fileRef = 977E2E0C12F0FC9C00C13379 /* XSSAuditor.h */; }; 979F43D31075E44A0000F83B /* NavigationScheduler.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 979F43D11075E44A0000F83B /* NavigationScheduler.cpp */; }; 979F43D41075E44A0000F83B /* NavigationScheduler.h in Headers */ = {isa = PBXBuildFile; fileRef = 979F43D21075E44A0000F83B /* NavigationScheduler.h */; settings = {ATTRIBUTES = (Private, ); }; }; 97BC84831236FD93000C6161 /* TextDocumentParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97BC84811236FD93000C6161 /* TextDocumentParser.cpp */; }; @@ -9682,8 +9682,8 @@ 977B3861122883E900B81FF8 /* HTMLViewSourceParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = HTMLViewSourceParser.h; path = parser/HTMLViewSourceParser.h; sourceTree = ""; }; 977E2DCB12F0E28300C13379 /* HTMLSourceTracker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = HTMLSourceTracker.cpp; path = parser/HTMLSourceTracker.cpp; sourceTree = ""; }; 977E2DCC12F0E28300C13379 /* HTMLSourceTracker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = HTMLSourceTracker.h; path = parser/HTMLSourceTracker.h; sourceTree = ""; }; - 977E2E0B12F0FC9C00C13379 /* XSSFilter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = XSSFilter.cpp; path = parser/XSSFilter.cpp; sourceTree = ""; }; - 977E2E0C12F0FC9C00C13379 /* XSSFilter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XSSFilter.h; path = parser/XSSFilter.h; sourceTree = ""; }; + 977E2E0B12F0FC9C00C13379 /* XSSAuditor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = XSSAuditor.cpp; path = parser/XSSAuditor.cpp; sourceTree = ""; }; + 977E2E0C12F0FC9C00C13379 /* XSSAuditor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XSSAuditor.h; path = parser/XSSAuditor.h; sourceTree = ""; }; 979F43D11075E44A0000F83B /* NavigationScheduler.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NavigationScheduler.cpp; sourceTree = ""; }; 979F43D21075E44A0000F83B /* NavigationScheduler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NavigationScheduler.h; sourceTree = ""; }; 97BC84811236FD93000C6161 /* TextDocumentParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = TextDocumentParser.cpp; path = parser/TextDocumentParser.cpp; sourceTree = ""; }; @@ -16285,8 +16285,8 @@ 97BC84821236FD93000C6161 /* TextDocumentParser.h */, 97BC84A212370DC7000C6161 /* TextViewSourceParser.cpp */, 97BC84A312370DC8000C6161 /* TextViewSourceParser.h */, - 977E2E0B12F0FC9C00C13379 /* XSSFilter.cpp */, - 977E2E0C12F0FC9C00C13379 /* XSSFilter.h */, + 977E2E0B12F0FC9C00C13379 /* XSSAuditor.cpp */, + 977E2E0C12F0FC9C00C13379 /* XSSAuditor.h */, ); name = parser; sourceTree = ""; @@ -22998,7 +22998,7 @@ E1F1E8300C3C2BB9006DB391 /* XSLTExtensions.h in Headers */, 93F199ED08245E59001E9ABC /* XSLTProcessor.h in Headers */, E1BE512E0CF6C512002EA959 /* XSLTUnicodeSort.h in Headers */, - 977E2E0F12F0FC9C00C13379 /* XSSFilter.h in Headers */, + 977E2E0F12F0FC9C00C13379 /* XSSAuditor.h in Headers */, FD537353137B651800008DCE /* ZeroPole.h in Headers */, B12D233F13560282002A28D4 /* ExclusiveTrackList.h in Headers */, B12D234213560282002A28D4 /* MultipleTrackList.h in Headers */, @@ -25694,7 +25694,7 @@ 93F19B0408245E59001E9ABC /* XSLTProcessor.cpp in Sources */, 93F19B0508245E59001E9ABC /* XSLTProcessorLibxslt.cpp in Sources */, E1BE512D0CF6C512002EA959 /* XSLTUnicodeSort.cpp in Sources */, - 977E2E0E12F0FC9C00C13379 /* XSSFilter.cpp in Sources */, + 977E2E0E12F0FC9C00C13379 /* XSSAuditor.cpp in Sources */, FD537352137B651800008DCE /* ZeroPole.cpp in Sources */, B12D233E13560282002A28D4 /* ExclusiveTrackList.cpp in Sources */, B12D234113560282002A28D4 /* MultipleTrackList.cpp in Sources */, diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.cpp b/Source/WebCore/html/parser/HTMLDocumentParser.cpp index 3bc7641..f855ce2 100644 --- a/Source/WebCore/html/parser/HTMLDocumentParser.cpp +++ b/Source/WebCore/html/parser/HTMLDocumentParser.cpp @@ -80,7 +80,7 @@ HTMLDocumentParser::HTMLDocumentParser(HTMLDocument* document, bool reportErrors , m_scriptRunner(HTMLScriptRunner::create(document, this)) , m_treeBuilder(HTMLTreeBuilder::create(this, document, reportErrors, usePreHTML5ParserQuirks(document))) , m_parserScheduler(HTMLParserScheduler::create(this)) - , m_xssFilter(this) + , m_xssAuditor(this) , m_endWasDelayed(false) , m_pumpSessionNestingLevel(0) { @@ -92,7 +92,7 @@ HTMLDocumentParser::HTMLDocumentParser(DocumentFragment* fragment, Element* cont : ScriptableDocumentParser(fragment->document()) , m_tokenizer(HTMLTokenizer::create(usePreHTML5ParserQuirks(fragment->document()))) , m_treeBuilder(HTMLTreeBuilder::create(this, fragment, contextElement, scriptingPermission, usePreHTML5ParserQuirks(fragment->document()))) - , m_xssFilter(this) + , m_xssAuditor(this) , m_endWasDelayed(false) , m_pumpSessionNestingLevel(0) { @@ -270,7 +270,7 @@ void HTMLDocumentParser::pumpTokenizer(SynchronousMode mode) // We do not XSS filter innerHTML, which means we (intentionally) fail // http/tests/security/xssAuditor/dom-write-innerHTML.html - m_xssFilter.filterToken(m_token); + m_xssAuditor.filterToken(m_token); } m_treeBuilder->constructTreeFromToken(m_token); diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.h b/Source/WebCore/html/parser/HTMLDocumentParser.h index d482a3d..ed42015 100644 --- a/Source/WebCore/html/parser/HTMLDocumentParser.h +++ b/Source/WebCore/html/parser/HTMLDocumentParser.h @@ -35,7 +35,7 @@ #include "ScriptableDocumentParser.h" #include "SegmentedString.h" #include "Timer.h" -#include "XSSFilter.h" +#include "XSSAuditor.h" #include namespace WebCore { @@ -151,7 +151,7 @@ private: OwnPtr m_preloadScanner; OwnPtr m_parserScheduler; HTMLSourceTracker m_sourceTracker; - XSSFilter m_xssFilter; + XSSAuditor m_xssAuditor; bool m_endWasDelayed; unsigned m_pumpSessionNestingLevel; diff --git a/Source/WebCore/html/parser/XSSFilter.cpp b/Source/WebCore/html/parser/XSSAuditor.cpp similarity index 92% rename from Source/WebCore/html/parser/XSSFilter.cpp rename to Source/WebCore/html/parser/XSSAuditor.cpp index 0d7997b..e81eabb 100644 --- a/Source/WebCore/html/parser/XSSFilter.cpp +++ b/Source/WebCore/html/parser/XSSAuditor.cpp @@ -24,7 +24,7 @@ */ #include "config.h" -#include "XSSFilter.h" +#include "XSSAuditor.h" #include "Console.h" #include "DOMWindow.h" @@ -127,7 +127,7 @@ static String decodeURL(const String& string, const TextEncoding& encoding) return canonicalize(decodedString); } -XSSFilter::XSSFilter(HTMLDocumentParser* parser) +XSSAuditor::XSSAuditor(HTMLDocumentParser* parser) : m_parser(parser) , m_isEnabled(false) , m_xssProtection(XSSProtectionEnabled) @@ -142,7 +142,7 @@ XSSFilter::XSSFilter(HTMLDocumentParser* parser) // we want to reference might not all have been constructed yet. } -void XSSFilter::init() +void XSSAuditor::init() { const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. const int suffixTreeDepth = 5; @@ -154,7 +154,7 @@ void XSSFilter::init() return; // In theory, the Document could have detached from the Frame after the - // XSSFilter was constructed. + // XSSAuditor was constructed. if (!m_parser->document()->frame()) { m_isEnabled = false; return; @@ -191,7 +191,7 @@ void XSSFilter::init() m_isEnabled = false; } -void XSSFilter::filterToken(HTMLToken& token) +void XSSAuditor::filterToken(HTMLToken& token) { if (m_state == Uninitialized) { init(); @@ -230,7 +230,7 @@ void XSSFilter::filterToken(HTMLToken& token) } } -bool XSSFilter::filterTokenInitial(HTMLToken& token) +bool XSSAuditor::filterTokenInitial(HTMLToken& token) { ASSERT(m_state == Initial); @@ -261,7 +261,7 @@ bool XSSFilter::filterTokenInitial(HTMLToken& token) return didBlockScript; } -bool XSSFilter::filterTokenAfterScriptStartTag(HTMLToken& token) +bool XSSAuditor::filterTokenAfterScriptStartTag(HTMLToken& token) { ASSERT(m_state == AfterScriptStartTag); m_state = Initial; @@ -283,7 +283,7 @@ bool XSSFilter::filterTokenAfterScriptStartTag(HTMLToken& token) return false; } -bool XSSFilter::filterScriptToken(HTMLToken& token) +bool XSSAuditor::filterScriptToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -297,7 +297,7 @@ bool XSSFilter::filterScriptToken(HTMLToken& token) return false; } -bool XSSFilter::filterObjectToken(HTMLToken& token) +bool XSSAuditor::filterObjectToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -312,7 +312,7 @@ bool XSSFilter::filterObjectToken(HTMLToken& token) return didBlockScript; } -bool XSSFilter::filterParamToken(HTMLToken& token) +bool XSSAuditor::filterParamToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -331,7 +331,7 @@ bool XSSFilter::filterParamToken(HTMLToken& token) return eraseAttributeIfInjected(token, valueAttr, blankURL().string()); } -bool XSSFilter::filterEmbedToken(HTMLToken& token) +bool XSSAuditor::filterEmbedToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -345,7 +345,7 @@ bool XSSFilter::filterEmbedToken(HTMLToken& token) return didBlockScript; } -bool XSSFilter::filterAppletToken(HTMLToken& token) +bool XSSAuditor::filterAppletToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -359,7 +359,7 @@ bool XSSFilter::filterAppletToken(HTMLToken& token) return didBlockScript; } -bool XSSFilter::filterIframeToken(HTMLToken& token) +bool XSSAuditor::filterIframeToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -368,7 +368,7 @@ bool XSSFilter::filterIframeToken(HTMLToken& token) return eraseAttributeIfInjected(token, srcAttr); } -bool XSSFilter::filterMetaToken(HTMLToken& token) +bool XSSAuditor::filterMetaToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -377,7 +377,7 @@ bool XSSFilter::filterMetaToken(HTMLToken& token) return eraseAttributeIfInjected(token, http_equivAttr); } -bool XSSFilter::filterBaseToken(HTMLToken& token) +bool XSSAuditor::filterBaseToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -386,7 +386,7 @@ bool XSSFilter::filterBaseToken(HTMLToken& token) return eraseAttributeIfInjected(token, hrefAttr); } -bool XSSFilter::filterFormToken(HTMLToken& token) +bool XSSAuditor::filterFormToken(HTMLToken& token) { ASSERT(m_state == Initial); ASSERT(token.type() == HTMLToken::StartTag); @@ -395,7 +395,7 @@ bool XSSFilter::filterFormToken(HTMLToken& token) return eraseAttributeIfInjected(token, actionAttr); } -bool XSSFilter::eraseDangerousAttributesIfInjected(HTMLToken& token) +bool XSSAuditor::eraseDangerousAttributesIfInjected(HTMLToken& token) { DEFINE_STATIC_LOCAL(String, safeJavaScriptURL, ("javascript:void(0)")); @@ -416,7 +416,7 @@ bool XSSFilter::eraseDangerousAttributesIfInjected(HTMLToken& token) return didBlockScript; } -bool XSSFilter::eraseAttributeIfInjected(HTMLToken& token, const QualifiedName& attributeName, const String& replacementValue) +bool XSSAuditor::eraseAttributeIfInjected(HTMLToken& token, const QualifiedName& attributeName, const String& replacementValue) { size_t indexOfAttribute; if (findAttributeWithName(token, attributeName, indexOfAttribute)) { @@ -435,14 +435,14 @@ bool XSSFilter::eraseAttributeIfInjected(HTMLToken& token, const QualifiedName& return false; } -String XSSFilter::snippetForRange(const HTMLToken& token, int start, int end) +String XSSAuditor::snippetForRange(const HTMLToken& token, int start, int end) { // FIXME: There's an extra allocation here that we could save by // passing the range to the parser. return m_parser->sourceForToken(token).substring(start, end - start); } -String XSSFilter::snippetForAttribute(const HTMLToken& token, const HTMLToken::Attribute& attribute) +String XSSAuditor::snippetForAttribute(const HTMLToken& token, const HTMLToken::Attribute& attribute) { // FIXME: We should grab one character before the name also. int start = attribute.m_nameRange.m_start - token.startIndex(); @@ -451,7 +451,7 @@ String XSSFilter::snippetForAttribute(const HTMLToken& token, const HTMLToken::A return snippetForRange(token, start, end); } -bool XSSFilter::isContainedInRequest(const String& snippet) +bool XSSAuditor::isContainedInRequest(const String& snippet) { ASSERT(!snippet.isEmpty()); String canonicalizedSnippet = canonicalize(snippet); @@ -463,7 +463,7 @@ bool XSSFilter::isContainedInRequest(const String& snippet) return m_decodedHTTPBody.find(canonicalizedSnippet, 0, false) != notFound; } -bool XSSFilter::isSameOriginResource(const String& url) +bool XSSAuditor::isSameOriginResource(const String& url) { // If the resource is loaded from the same URL as the enclosing page, it's // probably not an XSS attack, so we reduce false positives by allowing the diff --git a/Source/WebCore/html/parser/XSSFilter.h b/Source/WebCore/html/parser/XSSAuditor.h similarity index 95% rename from Source/WebCore/html/parser/XSSFilter.h rename to Source/WebCore/html/parser/XSSAuditor.h index c9ba12e..3fded93 100644 --- a/Source/WebCore/html/parser/XSSFilter.h +++ b/Source/WebCore/html/parser/XSSAuditor.h @@ -23,8 +23,8 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef XSSFilter_h -#define XSSFilter_h +#ifndef XSSAuditor_h +#define XSSAuditor_h #include "HTMLToken.h" #include "HTTPParsers.h" @@ -34,10 +34,10 @@ namespace WebCore { class HTMLDocumentParser; -class XSSFilter { - WTF_MAKE_NONCOPYABLE(XSSFilter); +class XSSAuditor { + WTF_MAKE_NONCOPYABLE(XSSAuditor); public: - explicit XSSFilter(HTMLDocumentParser*); + explicit XSSAuditor(HTMLDocumentParser*); void filterToken(HTMLToken&);