Diff
Modified: trunk/Source/WebCore/ChangeLog (144606 => 144607)
--- trunk/Source/WebCore/ChangeLog 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/ChangeLog 2013-03-04 09:33:46 UTC (rev 144607)
@@ -1,3 +1,77 @@
+2013-03-04 Mike West <mk...@chromium.org>
+
+ Long URLs in error messages should be shortened
+ https://bugs.webkit.org/show_bug.cgi?id=111133
+
+ Reviewed by Jochen Eisinger.
+
+ When generating console messages, we're often copying the page's URL
+ in order to add detail about where the error occurred. Generally, this
+ is fine, but in edge cases (multi-meg 'data:' URLs), we're using far
+ more memory than we should, and impacting performance.
+
+ This patch adds an 'elidedString()' method to KURL for use in this
+ sort of case; when generating console messages, we should insert the
+ elided URL rather than the full URL.
+
+ This shouldn't change any visible behavior; we're already visually
+ eliding URLs in console messages for URLs above 150 characters. This
+ patch simply changes the underlying string to ensure that no URL is
+ over 1k in length to begin with.
+
+ * platform/KURL.cpp:
+ (WebCore::KURL::elidedString): Added.
+ * platform/KURL.h:
+ An exciting new method that gives you the same result as string()
+ for URLs less than 1k long, and elides the middle of URLs longer
+ than 1k by replacing everything but the first and last 0.5k with
+ "...".
+ * bindings/ScriptControllerBase.cpp:
+ (WebCore::ScriptController::canExecuteScripts):
+ * Modules/websockets/WebSocket.cpp:
+ (WebCore::WebSocket::connect):
+ (WebCore::WebSocket::send):
+ * Modules/websockets/WebSocketChannel.cpp:
+ (WebCore::WebSocketChannel::send):
+ (WebCore::WebSocketChannel::fail):
+ * bindings/ScriptControllerBase.cpp:
+ (WebCore::ScriptController::canExecuteScripts):
+ * dom/Document.cpp:
+ (WebCore::Document::processHttpEquiv):
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::executeScript):
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::canPlayType):
+ (WebCore::HTMLMediaElement::isSafeToLoadURL):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::submitForm):
+ (WebCore::FrameLoader::loadFrameRequest):
+ (WebCore::FrameLoader::commitProvisionalLoad):
+ (WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions):
+ (WebCore::FrameLoader::loadProvisionalItemFromCachedPage):
+ (WebCore::createWindow):
+ * loader/MainResourceLoader.cpp:
+ (WebCore::MainResourceLoader::willSendRequest):
+ (WebCore::MainResourceLoader::responseReceived):
+ * loader/appcache/ApplicationCacheGroup.cpp:
+ (WebCore::ApplicationCacheGroup::didReceiveResponse):
+ (WebCore::ApplicationCacheGroup::didFail):
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::canRequest):
+ (WebCore::CachedResourceLoader::requestResource):
+ (WebCore::CachedResourceLoader::loadResource):
+ (WebCore::CachedResourceLoader::printAccessDeniedMessage):
+ * page/ContentSecurityPolicy.cpp:
+ (WebCore::CSPDirectiveList::checkSourceAndReportViolation):
+ (WebCore::CSPDirectiveList::allowScriptNonce):
+ (WebCore::CSPDirectiveList::allowPluginType):
+ Use 'KURL::elidedString()' rather than 'KURL::string()'
+ * loader/MixedContentChecker.cpp:
+ (WebCore::MixedContentChecker::logWarning):
+ Here, we're doing the same as above, but it enables us to throw
+ away the asUTF8() function entirely by switching to makeString
+ rather than String::format.
+
2013-03-04 Andrey Lushnikov <lushni...@chromium.org>
Web Inspector: add runtime flag to determine if inspector's source files were flattened.
Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.cpp (144606 => 144607)
--- trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -215,20 +215,20 @@
m_url = KURL(KURL(), url);
if (!m_url.isValid()) {
- scriptExecutionContext()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Invalid url for WebSocket " + m_url.string());
+ scriptExecutionContext()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Invalid url for WebSocket " + m_url.elidedString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
if (!m_url.protocolIs("ws") && !m_url.protocolIs("wss")) {
- scriptExecutionContext()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Wrong url scheme for WebSocket " + m_url.string());
+ scriptExecutionContext()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Wrong url scheme for WebSocket " + m_url.elidedString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
}
if (m_url.hasFragmentIdentifier()) {
- scriptExecutionContext()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "URL has fragment component " + m_url.string());
+ scriptExecutionContext()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "URL has fragment component " + m_url.elidedString());
m_state = CLOSED;
ec = SYNTAX_ERR;
return;
@@ -353,7 +353,7 @@
bool WebSocket::send(Blob* binaryData, ExceptionCode& ec)
{
- LOG(Network, "WebSocket %p send blob %s", this, binaryData->url().string().utf8().data());
+ LOG(Network, "WebSocket %p send blob %s", this, binaryData->url().elidedString().utf8().data());
ASSERT(binaryData);
if (m_state == CONNECTING) {
ec = INVALID_STATE_ERR;
Modified: trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp (144606 => 144607)
--- trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -158,7 +158,7 @@
ThreadableWebSocketChannel::SendResult WebSocketChannel::send(const Blob& binaryData)
{
- LOG(Network, "WebSocketChannel %p send blob %s", this, binaryData.url().string().utf8().data());
+ LOG(Network, "WebSocketChannel %p send blob %s", this, binaryData.url().elidedString().utf8().data());
enqueueBlobFrame(WebSocketFrame::OpCodeBinary, binaryData);
return ThreadableWebSocketChannel::SendSuccess;
}
@@ -195,7 +195,7 @@
ASSERT(!m_suspended);
if (m_document) {
InspectorInstrumentation::didReceiveWebSocketFrameError(m_document, m_identifier, reason);
- m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "WebSocket connection to '" + m_handshake->url().string() + "' failed: " + reason);
+ m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "WebSocket connection to '" + m_handshake->url().elidedString() + "' failed: " + reason);
}
// Hybi-10 specification explicitly states we must not continue to handle incoming data
Modified: trunk/Source/WebCore/bindings/ScriptControllerBase.cpp (144606 => 144607)
--- trunk/Source/WebCore/bindings/ScriptControllerBase.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/bindings/ScriptControllerBase.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -42,7 +42,7 @@
if (m_frame->document() && m_frame->document()->isSandboxed(SandboxScripts)) {
// FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
if (reason == AboutToExecuteScript)
- m_frame->document()->addConsoleMessage(HTMLMessageSource, ErrorMessageLevel, "Blocked script execution in '" + m_frame->document()->url().string() + "' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.");
+ m_frame->document()->addConsoleMessage(HTMLMessageSource, ErrorMessageLevel, "Blocked script execution in '" + m_frame->document()->url().elidedString() + "' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.");
return false;
}
Modified: trunk/Source/WebCore/dom/Document.cpp (144606 => 144607)
--- trunk/Source/WebCore/dom/Document.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/dom/Document.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -2893,7 +2893,7 @@
if (frameLoader->activeDocumentLoader() && frameLoader->activeDocumentLoader()->mainResourceLoader())
requestIdentifier = frameLoader->activeDocumentLoader()->mainResourceLoader()->identifier();
if (frameLoader->shouldInterruptLoadForXFrameOptions(content, url(), requestIdentifier)) {
- String message = "Refused to display '" + url().string() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
+ String message = "Refused to display '" + url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
frameLoader->stopAllLoaders();
frame->navigationScheduler()->scheduleLocationChange(securityOrigin(), blankURL(), String());
addConsoleMessage(JSMessageSource, ErrorMessageLevel, message, requestIdentifier);
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (144606 => 144607)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -296,7 +296,7 @@
#if ENABLE(NOSNIFF)
if (m_isExternalScript && m_cachedScript && !m_cachedScript->mimeTypeAllowedByNosniff()) {
- m_element->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Refused to execute script from '" + m_cachedScript->url().string() + "' because its MIME type ('" + m_cachedScript->mimeType() + "') is not executable, and strict MIME type checking is enabled.");
+ m_element->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Refused to execute script from '" + m_cachedScript->url().elidedString() + "' because its MIME type ('" + m_cachedScript->mimeType() + "') is not executable, and strict MIME type checking is enabled.");
return;
}
#endif
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (144606 => 144607)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -702,7 +702,7 @@
break;
}
- LOG(Media, "HTMLMediaElement::canPlayType(%s, %s, %s) -> %s", mimeType.utf8().data(), keySystem.utf8().data(), url.string().utf8().data(), canPlay.utf8().data());
+ LOG(Media, "HTMLMediaElement::canPlayType(%s, %s, %s) -> %s", mimeType.utf8().data(), keySystem.utf8().data(), url.elidedString().utf8().data(), canPlay.utf8().data());
return canPlay;
}
@@ -1463,7 +1463,7 @@
Frame* frame = document()->frame();
if (!frame || !document()->securityOrigin()->canDisplay(url)) {
if (actionIfInvalid == Complain)
- FrameLoader::reportLocalLoadFailed(frame, url.string());
+ FrameLoader::reportLocalLoadFailed(frame, url.elidedString());
LOG(Media, "HTMLMediaElement::isSafeToLoadURL(%s) -> FALSE rejected by SecurityOrigin", urlForLoggingMedia(url).utf8().data());
return false;
}
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (144606 => 144607)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -336,7 +336,7 @@
if (isDocumentSandboxed(m_frame, SandboxForms)) {
// FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
- m_frame->document()->addConsoleMessage(HTMLMessageSource, ErrorMessageLevel, "Blocked form submission to '" + submission->action().string() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set.");
+ m_frame->document()->addConsoleMessage(HTMLMessageSource, ErrorMessageLevel, "Blocked form submission to '" + submission->action().elidedString() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set.");
return;
}
@@ -1142,7 +1142,7 @@
ASSERT(m_frame->document());
if (!request.requester()->canDisplay(url)) {
- reportLocalLoadFailed(m_frame, url.string());
+ reportLocalLoadFailed(m_frame, url.elidedString());
return;
}
@@ -1682,8 +1682,8 @@
RefPtr<Frame> protect(m_frame);
LOG(PageCache, "WebCoreLoading %s: About to commit provisional load from previous URL '%s' to new URL '%s'", m_frame->tree()->uniqueName().string().utf8().data(),
- m_frame->document() ? m_frame->document()->url().string().utf8().data() : "",
- pdl ? pdl->url().string().utf8().data() : "<no provisional DocumentLoader>");
+ m_frame->document() ? m_frame->document()->url().elidedString().utf8().data() : "",
+ pdl ? pdl->url().elidedString().utf8().data() : "<no provisional DocumentLoader>");
// Check to see if we need to cache the page we are navigating away from into the back/forward cache.
// We are doing this here because we know for sure that a new page is about to be loaded.
@@ -1734,7 +1734,7 @@
}
LOG(Loading, "WebCoreLoading %s: Finished committing provisional load to URL %s", m_frame->tree()->uniqueName().string().utf8().data(),
- m_frame->document() ? m_frame->document()->url().string().utf8().data() : "");
+ m_frame->document() ? m_frame->document()->url().elidedString().utf8().data() : "");
if (m_loadType == FrameLoadTypeStandard && m_documentLoader->isClientRedirect())
history()->updateForClientRedirect();
@@ -2937,7 +2937,7 @@
if (!origin->isSameSchemeHostPort(topFrame->document()->securityOrigin()))
return true;
} else if (!equalIgnoringCase(content, "allowall")) {
- String message = "Invalid 'X-Frame-Options' header encountered when loading '" + url.string() + "': '" + content + "' is not a recognized directive. The header will be ignored.";
+ String message = "Invalid 'X-Frame-Options' header encountered when loading '" + url.elidedString() + "': '" + content + "' is not a recognized directive. The header will be ignored.";
m_frame->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, message, requestIdentifier);
}
@@ -2947,7 +2947,7 @@
void FrameLoader::loadProvisionalItemFromCachedPage()
{
DocumentLoader* provisionalLoader = provisionalDocumentLoader();
- LOG(PageCache, "WebCorePageCache: Loading provisional DocumentLoader %p with URL '%s' from CachedPage", provisionalDocumentLoader(), provisionalDocumentLoader()->url().string().utf8().data());
+ LOG(PageCache, "WebCorePageCache: Loading provisional DocumentLoader %p with URL '%s' from CachedPage", provisionalDocumentLoader(), provisionalDocumentLoader()->url().elidedString().utf8().data());
prepareForLoadStart();
@@ -3342,7 +3342,7 @@
// Sandboxed frames cannot open new auxiliary browsing contexts.
if (isDocumentSandboxed(openerFrame, SandboxPopups)) {
// FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
- openerFrame->document()->addConsoleMessage(HTMLMessageSource, ErrorMessageLevel, "Blocked opening '" + request.resourceRequest().url().string() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.");
+ openerFrame->document()->addConsoleMessage(HTMLMessageSource, ErrorMessageLevel, "Blocked opening '" + request.resourceRequest().url().elidedString() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.");
return 0;
}
Modified: trunk/Source/WebCore/loader/MainResourceLoader.cpp (144606 => 144607)
--- trunk/Source/WebCore/loader/MainResourceLoader.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/loader/MainResourceLoader.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -246,7 +246,7 @@
// then block the redirect.
RefPtr<SecurityOrigin> redirectingOrigin = SecurityOrigin::create(redirectResponse.url());
if (!redirectingOrigin->canDisplay(newRequest.url())) {
- FrameLoader::reportLocalLoadFailed(m_documentLoader->frame(), newRequest.url().string());
+ FrameLoader::reportLocalLoadFailed(m_documentLoader->frame(), newRequest.url().elidedString());
cancel();
return;
}
@@ -410,7 +410,7 @@
String content = it->value;
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, r.url(), identifier())) {
InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_documentLoader->frame(), documentLoader(), identifier(), r);
- String message = "Refused to display '" + r.url().string() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
+ String message = "Refused to display '" + r.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
m_documentLoader->frame()->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, message, identifier());
cancel();
Modified: trunk/Source/WebCore/loader/MixedContentChecker.cpp (144606 => 144607)
--- trunk/Source/WebCore/loader/MixedContentChecker.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/loader/MixedContentChecker.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -53,11 +53,6 @@
return m_frame->loader()->client();
}
-static inline CString asUTF8(const KURL& url)
-{
- return url.string().utf8();
-}
-
// static
bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const KURL& url)
{
@@ -100,9 +95,7 @@
void MixedContentChecker::logWarning(bool allowed, const String& action, const KURL& target) const
{
- // FIXME: Why does this message not have a source URL or a line number? webkit.org/b/97979
- String message = String::format("%sThe page at %s %s insecure content from %s.\n",
- (allowed ? "" : "[blocked] "), asUTF8(m_frame->document()->url()).data(), action.utf8().data(), asUTF8(target).data());
+ String message = makeString((allowed ? "" : "[blocked] "), "The page at ", m_frame->document()->url().elidedString(), " ", action, " insecure content from ", target.elidedString(), ".\n");
m_frame->document()->addConsoleMessage(HTMLMessageSource, WarningMessageLevel, message);
}
Modified: trunk/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp (144606 => 144607)
--- trunk/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -569,7 +569,7 @@
if (response.httpStatusCode() / 100 != 2 || response.url() != m_currentHandle->firstRequest().url()) {
if ((type & ApplicationCacheResource::Explicit) || (type & ApplicationCacheResource::Fallback)) {
- m_frame->document()->addConsoleMessage(OtherMessageSource, ErrorMessageLevel, "Application Cache update failed, because " + m_currentHandle->firstRequest().url().string() +
+ m_frame->document()->addConsoleMessage(OtherMessageSource, ErrorMessageLevel, "Application Cache update failed, because " + m_currentHandle->firstRequest().url().elidedString() +
((response.httpStatusCode() / 100 != 2) ? " could not be fetched." : " was redirected."));
// Note that cacheUpdateFailed() can cause the cache group to be deleted.
cacheUpdateFailed();
@@ -683,7 +683,7 @@
m_pendingEntries.remove(url);
if ((type & ApplicationCacheResource::Explicit) || (type & ApplicationCacheResource::Fallback)) {
- m_frame->document()->addConsoleMessage(OtherMessageSource, ErrorMessageLevel, "Application Cache update failed, because " + url.string() + " could not be fetched.");
+ m_frame->document()->addConsoleMessage(OtherMessageSource, ErrorMessageLevel, "Application Cache update failed, because " + url.elidedString() + " could not be fetched.");
// Note that cacheUpdateFailed() can cause the cache group to be deleted.
cacheUpdateFailed();
} else {
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (144606 => 144607)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -309,7 +309,7 @@
{
if (document() && !document()->securityOrigin()->canDisplay(url)) {
if (!forPreload)
- FrameLoader::reportLocalLoadFailed(frame(), url.string());
+ FrameLoader::reportLocalLoadFailed(frame(), url.elidedString());
LOG(ResourceLoading, "CachedResourceLoader::requestResource URL was not allowed by SecurityOrigin::canDisplay");
return 0;
}
@@ -424,7 +424,7 @@
{
KURL url = ""
- LOG(ResourceLoading, "CachedResourceLoader::requestResource '%s', charset '%s', priority=%d, forPreload=%u", url.string().latin1().data(), request.charset().latin1().data(), request.priority(), request.forPreload());
+ LOG(ResourceLoading, "CachedResourceLoader::requestResource '%s', charset '%s', priority=%d, forPreload=%u", url.elidedString().latin1().data(), request.charset().latin1().data(), request.priority(), request.forPreload());
// If only the fragment identifiers differ, it is the same resource.
url = ""
@@ -541,7 +541,7 @@
{
ASSERT(!memoryCache()->resourceForRequest(request.resourceRequest()));
- LOG(ResourceLoading, "Loading CachedResource for '%s'.", request.resourceRequest().url().string().latin1().data());
+ LOG(ResourceLoading, "Loading CachedResource for '%s'.", request.resourceRequest().url().elidedString().latin1().data());
CachedResourceHandle<CachedResource> resource = createResource(type, request.mutableResourceRequest(), charset);
@@ -658,9 +658,9 @@
String message;
if (!m_document || m_document->url().isNull())
- message = "Unsafe attempt to load URL " + url.string() + '.';
+ message = "Unsafe attempt to load URL " + url.elidedString() + '.';
else
- message = "Unsafe attempt to load URL " + url.string() + " from frame with URL " + m_document->url().string() + ". Domains, protocols and ports must match.\n";
+ message = "Unsafe attempt to load URL " + url.elidedString() + " from frame with URL " + m_document->url().elidedString() + ". Domains, protocols and ports must match.\n";
frame()->document()->addConsoleMessage(OtherMessageSource, ErrorMessageLevel, message);
}
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (144606 => 144607)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -1046,7 +1046,7 @@
if (directive == m_defaultSrc)
suffix = " Note that '" + type + "-src' was not explicitly set, so 'default-src' is used as a fallback.";
- reportViolation(directive->text(), prefix + url.string() + "' because it violates the following Content Security Policy directive: \"" + directive->text() + "\"." + suffix + "\n", url);
+ reportViolation(directive->text(), prefix + url.elidedString() + "' because it violates the following Content Security Policy directive: \"" + directive->text() + "\"." + suffix + "\n", url);
return denyIfEnforcingPolicy();
}
@@ -1103,13 +1103,13 @@
DEFINE_STATIC_LOCAL(String, consoleMessage, (ASCIILiteral("Refused to execute script because it violates the following Content Security Policy directive: ")));
if (url.isEmpty())
return checkNonceAndReportViolation(m_scriptNonce.get(), nonce, consoleMessage, contextURL, contextLine);
- return checkNonceAndReportViolation(m_scriptNonce.get(), nonce, "Refused to load '" + url.string() + "' because it violates the following Content Security Policy directive: ", contextURL, contextLine);
+ return checkNonceAndReportViolation(m_scriptNonce.get(), nonce, "Refused to load '" + url.elidedString() + "' because it violates the following Content Security Policy directive: ", contextURL, contextLine);
}
bool CSPDirectiveList::allowPluginType(const String& type, const String& typeAttribute, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
return reportingStatus == ContentSecurityPolicy::SendReport ?
- checkMediaTypeAndReportViolation(m_pluginTypes.get(), type, typeAttribute, "Refused to load '" + url.string() + "' (MIME type '" + typeAttribute + "') because it violates the following Content Security Policy Directive: ") :
+ checkMediaTypeAndReportViolation(m_pluginTypes.get(), type, typeAttribute, "Refused to load '" + url.elidedString() + "' (MIME type '" + typeAttribute + "') because it violates the following Content Security Policy Directive: ") :
checkMediaType(m_pluginTypes.get(), type, typeAttribute);
}
Modified: trunk/Source/WebCore/platform/KURL.cpp (144606 => 144607)
--- trunk/Source/WebCore/platform/KURL.cpp 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/platform/KURL.cpp 2013-03-04 09:33:46 UTC (rev 144607)
@@ -1925,4 +1925,12 @@
#endif
}
+String KURL::elidedString() const
+{
+ if (string().length() <= 1024)
+ return string();
+
+ return string().left(511) + "..." + string().right(510);
}
+
+}
Modified: trunk/Source/WebCore/platform/KURL.h (144606 => 144607)
--- trunk/Source/WebCore/platform/KURL.h 2013-03-04 09:19:46 UTC (rev 144606)
+++ trunk/Source/WebCore/platform/KURL.h 2013-03-04 09:33:46 UTC (rev 144607)
@@ -131,6 +131,8 @@
const String& string() const { return m_string; }
#endif
+ String elidedString() const;
+
String protocol() const;
String host() const;
unsigned short port() const;
