-
commit-queue@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=83281 Source/WebKit/efl: Add setting API to enable or disable WebKit's XSSAuditor to protect from reflective cross-site scripting attacks. Also, emit the signal 'xss,detected' and provide addition information received from XSSAuditor when reflected XSS is encountered in the page. Patch by Sudarsana Nagineni <sudarsana.nagineni@linux.intel.com> on 2012-04-17 Reviewed by Antonio Gomes. * WebCoreSupport/FrameLoaderClientEfl.cpp: (WebCore::FrameLoaderClientEfl::didDetectXSS): * ewk/ewk_frame.cpp: (ewk_frame_xss_detected): * ewk/ewk_frame.h: * ewk/ewk_private.h: * ewk/ewk_view.cpp: (_Ewk_View_Private_Data): (_ewk_view_priv_new): (ewk_view_setting_enable_xss_auditor_get): (ewk_view_setting_enable_xss_auditor_set): * ewk/ewk_view.h: Tools: Add missing implementation setXSSAuditorEnabled to EFL's LayoutTestController in order to unskip tests in http/tests/security/xssAuditor. Also, catch the signal 'xss,detected' in DRT to enable a test, which is expecting a line containing 'didDetectXSS' in the output when reflected XSS is encountered in the page. Patch by Sudarsana Nagineni <sudarsana.nagineni@linux.intel.com> on 2012-04-17 Reviewed by Antonio Gomes. * DumpRenderTree/efl/DumpRenderTreeChrome.cpp: (DumpRenderTreeChrome::createView): (DumpRenderTreeChrome::onFrameCreated): (DumpRenderTreeChrome::onDidDetectXSS): * DumpRenderTree/efl/DumpRenderTreeChrome.h: (DumpRenderTreeChrome): * DumpRenderTree/efl/LayoutTestControllerEfl.cpp: (LayoutTestController::setXSSAuditorEnabled): LayoutTests: Unskip tests in http/tests/security/xssAuditor Patch by Sudarsana Nagineni <sudarsana.nagineni@linux.intel.com> on 2012-04-17 Reviewed by Antonio Gomes. * platform/efl/Skipped: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114419 268f45cc-cd09-0410-ab3c-d52691b4dbfc
f0330aae