Skip to content
Find file Blame History Permalink
  • abarth@webkit.org's avatar
    2009-07-22 Daniel Bates <dbates@intudata.com> · 1f56a65a
    abarth@webkit.org authored 
            Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=27174
        And
        https://bugs.webkit.org/show_bug.cgi?id=26938

        Tests prevention of attacks transformed by PHP Magic Quotes/PHP addslashes().

        * http/tests/security/xssAuditor/resources/echo-intertag-addslashes.pl: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-backslash-expected.txt: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-backslash.html: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-double-quote-expected.txt: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-null-char-expected.txt: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-null-char.html: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-single-quote-expected.txt: Added.
        * http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html: Added.

2009-07-22  Daniel Bates  <dbates@intudata.com>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=27174
        And
        https://bugs.webkit.org/show_bug.cgi?id=26938

        Code cleanup. Implements support for detecting attacks transformed by
        PHP Magic Quotes/PHP addslashes().

        Tests: http/tests/security/xssAuditor/script-tag-addslashes-backslash.html
               http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html
               http/tests/security/xssAuditor/script-tag-addslashes-null-char.html
               http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html

        * page/XSSAuditor.cpp:
        (WebCore::isInvalidCharacter):
        (WebCore::XSSAuditor::canEvaluate):
        (WebCore::XSSAuditor::canEvaluateJavaScriptURL):
        (WebCore::XSSAuditor::canLoadObject):
        (WebCore::XSSAuditor::normalize): Decodes HTML entities, removes backslashes,
        and removes control characters that could otherwise cause a discrepancy between
        the source code of a script and the outgoing HTTP parameters.
        (WebCore::XSSAuditor::decodeURL):
        (WebCore::XSSAuditor::decodeHTMLEntities):
        (WebCore::XSSAuditor::findInRequest):
        * page/XSSAuditor.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@46250 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    1f56a65a