-
abarth@webkit.org authored
Reviewed by Daniel Bates. XSSFilter should pass xssAuditor/script-tag-addslashes* https://bugs.webkit.org/show_bug.cgi?id=53365 We need to canonicalize strings to avoid being tricked by addslashes. * html/parser/XSSFilter.cpp: (WebCore::HTMLNames::isNonCanonicalCharacter): - This function is copied from the XSSAuditor (with some tweaks). We'll eventually remove the XSSAuditor once we've got XSSFilter working properly. (WebCore::HTMLNames::canonicalize): (WebCore::HTMLNames::decodeURL): (WebCore::XSSFilter::isContainedInRequest): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77059 268f45cc-cd09-0410-ab3c-d52691b4dbfc
18c14eef