Skip to content
  • abarth@webkit.org's avatar
    2011-01-29 Adam Barth <abarth@webkit.org> · d8984fa2
    abarth@webkit.org authored
            Reviewed by Daniel Bates.
    
            XSSFilter should pass xssAuditor/script-tag-with-source-same-host.html
            and xssAuditor/script-tag-post-*
            https://bugs.webkit.org/show_bug.cgi?id=53364
    
            We're supposed to allow loading same-origin resources even if they
            appear as part of the request.
    
            Also, we're supposed to look at the POST data too.  :)
    
            * html/parser/XSSFilter.cpp:
            (WebCore::XSSFilter::eraseAttributeIfInjected):
            (WebCore::XSSFilter::isSameOriginResource):
                - Copy/paste from XSSAuditor::isSameOriginResource.  We'll
                  eventually remove the XSSAuditor version when XSSFilter is done.
            * html/parser/XSSFilter.h:
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77058 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    d8984fa2