Commit 115b6bb5 authored by abarth@webkit.org's avatar abarth@webkit.org

2011-01-29 Adam Barth <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should replace URLs with about:blank instead of the empty string
        https://bugs.webkit.org/show_bug.cgi?id=53370

        Using the empty string will make the URL complete to the current
        document's URL, which isn't really what we want.  Instead, we want to
        use about:blank, which is safe.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77060 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 18c14eef
2011-01-29 Adam Barth <abarth@webkit.org>
Reviewed by Daniel Bates.
XSSFilter should replace URLs with about:blank instead of the empty string
https://bugs.webkit.org/show_bug.cgi?id=53370
Using the empty string will make the URL complete to the current
document's URL, which isn't really what we want. Instead, we want to
use about:blank, which is safe.
* html/parser/XSSFilter.cpp:
(WebCore::XSSFilter::filterObjectToken):
(WebCore::XSSFilter::filterEmbedToken):
2011-01-29 Adam Barth <abarth@webkit.org>
Reviewed by Daniel Bates.
......@@ -238,7 +238,7 @@ bool XSSFilter::filterObjectToken(HTMLToken& token)
bool didBlockScript = false;
didBlockScript |= eraseAttributeIfInjected(token, dataAttr);
didBlockScript |= eraseAttributeIfInjected(token, dataAttr, blankURL().string());
didBlockScript |= eraseAttributeIfInjected(token, typeAttr);
didBlockScript |= eraseAttributeIfInjected(token, classidAttr);
......@@ -253,7 +253,7 @@ bool XSSFilter::filterEmbedToken(HTMLToken& token)
bool didBlockScript = false;
didBlockScript |= eraseAttributeIfInjected(token, srcAttr);
didBlockScript |= eraseAttributeIfInjected(token, srcAttr, blankURL().string());
didBlockScript |= eraseAttributeIfInjected(token, typeAttr);
return didBlockScript;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment