-
abarth@webkit.org authored
Reviewed by Daniel Bates. XSSFilter should pass 16 of the xssAuditor/script-tag* tests https://bugs.webkit.org/show_bug.cgi?id=53362 Turns out we need to replace the src attribute of script tags with about:blank to avoid loading the main document URL as a script. Also, move misplaced return statement that was triggering the console message too often. * html/parser/HTMLToken.h: (WebCore::HTMLToken::appendToAttributeValue): * html/parser/XSSFilter.cpp: (WebCore::XSSFilter::filterScriptToken): (WebCore::XSSFilter::eraseAttributeIfInjected): * html/parser/XSSFilter.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77057 268f45cc-cd09-0410-ab3c-d52691b4dbfc
62d3c6c1