-
abarth@webkit.org authored
Reviewed by Adam Barth. https://bugs.webkit.org/show_bug.cgi?id=27405 Tests that HTML entities that contain an invalid entity, such as an unknown named entity, are properly handled. * http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt: Added. * http/tests/security/xssAuditor/link-onclick-ampersand.html: Added. * http/tests/security/xssAuditor/javascript-link-ampersand-expected.txt: Added. * http/tests/security/xssAuditor/javascript-link-ampersand.html: Added. 2009-07-17 Daniel Bates <dbates@intudata.com> Reviewed by Adam Barth. https://bugs.webkit.org/show_bug.cgi?id=27405 Fixes an issue when decoding HTML entities with an unknown named entity that caused null-characters to be inserted into the decoded result. Test: http/tests/security/xssAuditor/link-onclick-ampersand.html http/tests/security/xssAuditor/javascript-link-ampersand.html * page/XSSAuditor.cpp: (WebCore::XSSAuditor::decodeHTMLEntities): Added check to conditional so that non-zero entity values are not inserted during decoding process. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@46086 268f45cc-cd09-0410-ab3c-d52691b4dbfc
209a4aa2