Skip to site navigation (Press enter)

[webkit-changes] [198424] branches/safari-601.1.46-branch

bshafiei Sat, 19 Mar 2016 02:40:27 -0700

Title: [198424] branches/safari-601.1.46-branch

Revision: 198424
Author: [email protected]
Date: 2016-03-18 09:08:23 -0700 (Fri, 18 Mar 2016)

Log Message

Merged r198377.  rdar://problem/25235130


Modified Paths

branches/safari-601.1.46-branch/LayoutTests/ChangeLog
branches/safari-601.1.46-branch/Source/WebCore/ChangeLog
branches/safari-601.1.46-branch/Source/WebCore/html/parser/XSSAuditor.cpp


Added Paths

branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt
branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html

Diff

Modified: branches/safari-601.1.46-branch/LayoutTests/ChangeLog (198423 => 198424)


--- branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2016-03-18 16:07:21 UTC (rev 198423)
+++ branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2016-03-18 16:08:23 UTC (rev 198424)
@@ -1,5 +1,21 @@
 2016-03-18  Babak Shafiei  <[email protected]>
 
+        Merge r198377.
+
+    2016-03-17  Brent Fulgham  <[email protected]>
+
+            [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
+            https://bugs.webkit.org/show_bug.cgi?id=155624
+            <rdar://problem/25219962>
+
+            Unreviewed merge from Blink (patch by Tom Sepez <[email protected]>):
+            <https://src.chromium.org/viewvc/blink?revision=201803&view=revision>
+
+            * http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt: Added.
+            * http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html: Added.
+
+2016-03-18  Babak Shafiei  <[email protected]>
+
         Merge r198372.
 
     2016-03-17  Zalan Bujtas  <[email protected]>

Copied: branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt (from rev 198414, branches/safari-601-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt) (0 => 198424)


--- branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt	2016-03-18 16:08:23 UTC (rev 198424)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?q=%3Cscript%3Ealert(/xss/)-1%2502%3Cscript%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
+

Copied: branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html (from rev 198414, branches/safari-601-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html) (0 => 198424)


--- branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html	2016-03-18 16:08:23 UTC (rev 198424)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+    if (window.testRunner) {
+        testRunner.dumpAsText();
+        testRunner.setXSSAuditorEnabled(true);
+    }
+</script>
+</head>
+    <body>
+        <iframe src=""
+        </iframe>
+    </body>
+</html>

Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (198423 => 198424)


--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-03-18 16:07:21 UTC (rev 198423)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-03-18 16:08:23 UTC (rev 198424)
@@ -1,5 +1,23 @@
 2016-03-18  Babak Shafiei  <[email protected]>
 
+        Merge r198377.
+
+    2016-03-17  Brent Fulgham  <[email protected]>
+
+            [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
+            https://bugs.webkit.org/show_bug.cgi?id=155624
+            <rdar://problem/25219962>
+
+            Unreviewed merge from Blink (patch by Tom Sepez <[email protected]>):
+            <https://src.chromium.org/viewvc/blink?revision=201803&view=revision>
+
+            Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html
+
+            * html/parser/XSSAuditor.cpp:
+            (WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.
+
+2016-03-18  Babak Shafiei  <[email protected]>
+
         Merge r198372.
 
     2016-03-17  Zalan Bujtas  <[email protected]>

Modified: branches/safari-601.1.46-branch/Source/WebCore/html/parser/XSSAuditor.cpp (198423 => 198424)


--- branches/safari-601.1.46-branch/Source/WebCore/html/parser/XSSAuditor.cpp	2016-03-18 16:07:21 UTC (rev 198423)
+++ branches/safari-601.1.46-branch/Source/WebCore/html/parser/XSSAuditor.cpp	2016-03-18 16:08:23 UTC (rev 198424)
@@ -682,7 +682,7 @@
                 break;
 
             if (lastNonSpacePosition != notFound && startsOpeningScriptTagAt(string, foundPosition)) {
-                foundPosition = lastNonSpacePosition;
+                foundPosition = lastNonSpacePosition + 1;
                 break;
             }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes