[webkit-changes] [96440] trunk

Fri, 30 Sep 2011 17:24:14 -0700

Title: [96440] trunk
Revision
96440
Author
isher...@chromium.org
Date
2011-09-30 17:25:09 -0700 (Fri, 30 Sep 2011)

Log Message

Fix assertion failure in XSS Auditor
https://bugs.webkit.org/show_bug.cgi?id=69050
https://code.google.com/p/chromium/issues/detail?id=97346

Reviewed by Daniel Bates.

Source/WebCore:

Test: fast/forms/xss-auditor-doesnt-crash.html

* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::init): Don't try to decode the HTML body if it is empty.

LayoutTests:

* fast/forms/xss-auditor-doesnt-crash-expected.txt: Added.
* fast/forms/xss-auditor-doesnt-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (96439 => 96440)


--- trunk/LayoutTests/ChangeLog	2011-10-01 00:16:48 UTC (rev 96439)
+++ trunk/LayoutTests/ChangeLog	2011-10-01 00:25:09 UTC (rev 96440)
@@ -1,3 +1,14 @@
+2011-09-30  Ilya Sherman  <isher...@chromium.org>
+
+        Fix assertion failure in XSS Auditor
+        https://bugs.webkit.org/show_bug.cgi?id=69050
+        https://code.google.com/p/chromium/issues/detail?id=97346
+
+        Reviewed by Daniel Bates.
+
+        * fast/forms/xss-auditor-doesnt-crash-expected.txt: Added.
+        * fast/forms/xss-auditor-doesnt-crash.html: Added.
+
 2011-09-30  Sam Weinig  <s...@webkit.org>
 
         Add support for eventSender.mouseScrollBy in WTR

Added: trunk/LayoutTests/fast/forms/xss-auditor-doesnt-crash-on-post-submit-expected.txt (0 => 96440)


--- trunk/LayoutTests/fast/forms/xss-auditor-doesnt-crash-on-post-submit-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/xss-auditor-doesnt-crash-on-post-submit-expected.txt	2011-10-01 00:25:09 UTC (rev 96440)
@@ -0,0 +1,4 @@
+This tests that no assertions are thrown when POST submitting a form.
+
+PASS No assertions raised.
+

Added: trunk/LayoutTests/fast/forms/xss-auditor-doesnt-crash-on-post-submit.html (0 => 96440)


--- trunk/LayoutTests/fast/forms/xss-auditor-doesnt-crash-on-post-submit.html	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/xss-auditor-doesnt-crash-on-post-submit.html	2011-10-01 00:25:09 UTC (rev 96440)
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src=""
+    <script>
+    function test() {
+        if (document.location.hash !== '#submitted') {
+            if (window.layoutTestController) {
+                layoutTestController.dumpAsText();
+                layoutTestController.setXSSAuditorEnabled(true)
+                layoutTestController.waitUntilDone();
+            }
+
+            var form = document.getElementById('form');
+            // Shouldn't trigger any assertions.
+            form.submit();
+        } else {
+            testPassed('No assertions raised.');
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }
+    </script>
+</head>
+<body _onload_="test()">
+    This tests that no assertions are thrown when POST submitting a form.
+    <form method="post" id="form" action=""
+        <input type="text">
+    </form>
+    <div id="console"></div>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (96439 => 96440)


--- trunk/Source/WebCore/ChangeLog	2011-10-01 00:16:48 UTC (rev 96439)
+++ trunk/Source/WebCore/ChangeLog	2011-10-01 00:25:09 UTC (rev 96440)
@@ -1,3 +1,16 @@
+2011-09-30  Ilya Sherman  <isher...@chromium.org>
+
+        Fix assertion failure in XSS Auditor
+        https://bugs.webkit.org/show_bug.cgi?id=69050
+        https://code.google.com/p/chromium/issues/detail?id=97346
+
+        Reviewed by Daniel Bates.
+
+        Test: fast/forms/xss-auditor-doesnt-crash.html
+
+        * html/parser/XSSAuditor.cpp:
+        (WebCore::XSSAuditor::init): Don't try to decode the HTML body if it is empty.
+
 2011-09-30  Maciej Stachowiak  <m...@apple.com>
 
         Loading page on potterybankids causes reproducible assertion failure in debug builds

Modified: trunk/Source/WebCore/html/parser/XSSAuditor.cpp (96439 => 96440)


--- trunk/Source/WebCore/html/parser/XSSAuditor.cpp	2011-10-01 00:16:48 UTC (rev 96439)
+++ trunk/Source/WebCore/html/parser/XSSAuditor.cpp	2011-10-01 00:25:09 UTC (rev 96440)
@@ -239,11 +239,13 @@
         FormData* httpBody = documentLoader->originalRequest().httpBody();
         if (httpBody && !httpBody->isEmpty()) {
             String httpBodyAsString = httpBody->flattenToString();
-            m_decodedHTTPBody = fullyDecodeString(httpBodyAsString, decoder);
-            if (m_decodedHTTPBody.find(isRequiredForInjection, 0) == notFound)
-                m_decodedHTTPBody = String();
-            if (m_decodedHTTPBody.length() >= miniumLengthForSuffixTree)
-                m_decodedHTTPBodySuffixTree = adoptPtr(new SuffixTree<ASCIICodebook>(m_decodedHTTPBody, suffixTreeDepth));
+            if (!httpBodyAsString.isEmpty()) {
+                m_decodedHTTPBody = fullyDecodeString(httpBodyAsString, decoder);
+                if (m_decodedHTTPBody.find(isRequiredForInjection, 0) == notFound)
+                    m_decodedHTTPBody = String();
+                if (m_decodedHTTPBody.length() >= miniumLengthForSuffixTree)
+                    m_decodedHTTPBodySuffixTree = adoptPtr(new SuffixTree<ASCIICodebook>(m_decodedHTTPBody, suffixTreeDepth));
+            }
         }
     }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to