Commit 8344d832 authored by jmalonzo@webkit.org's avatar jmalonzo@webkit.org

Reviewed by Gustavo Noronha and Xan Lopez.

        [Gtk] Implement DRT XSS auditor support
        https://bugs.webkit.org/show_bug.cgi?id=26571

        * webkit/webkitwebsettings.cpp:
        (webkit_web_settings_class_init):
        (webkit_web_settings_set_property):
        (webkit_web_settings_get_property):
        (webkit_web_settings_copy):
        * webkit/webkitwebview.cpp:
        (webkit_web_view_update_settings):
        (webkit_web_view_settings_notify):
        * DumpRenderTree/gtk/DumpRenderTree.cpp:
        (resetWebViewToConsistentStateBeforeTesting):
        * DumpRenderTree/gtk/LayoutTestControllerGtk.cpp:
        (LayoutTestController::setXSSAuditorEnabled):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@44904 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent e262c982
2009-06-20 Jan Michael Alonzo <jmalonzo@webkit.org>
Reviewed by Gustavo Noronha and Xan Lopez.
[Gtk] Implement DRT XSS auditor support
https://bugs.webkit.org/show_bug.cgi?id=26571
Add a setting "enable-xss-auditor" to enable this feature.
* webkit/webkitwebsettings.cpp:
(webkit_web_settings_class_init):
(webkit_web_settings_set_property):
(webkit_web_settings_get_property):
(webkit_web_settings_copy):
* webkit/webkitwebview.cpp:
(webkit_web_view_update_settings):
(webkit_web_view_settings_notify):
2009-06-20 Jan Michael Alonzo <jmalonzo@webkit.org>
Reviewed by Gustavo Noronha and Xan Lopez.
......
......@@ -80,6 +80,7 @@ struct _WebKitWebSettingsPrivate {
gboolean enable_caret_browsing;
gboolean enable_html5_database;
gboolean enable_html5_local_storage;
gboolean enable_xss_auditor;
};
#define WEBKIT_WEB_SETTINGS_GET_PRIVATE(obj) (G_TYPE_INSTANCE_GET_PRIVATE((obj), WEBKIT_TYPE_WEB_SETTINGS, WebKitWebSettingsPrivate))
......@@ -113,7 +114,8 @@ enum {
PROP_SPELL_CHECKING_LANGUAGES,
PROP_ENABLE_CARET_BROWSING,
PROP_ENABLE_HTML5_DATABASE,
PROP_ENABLE_HTML5_LOCAL_STORAGE
PROP_ENABLE_HTML5_LOCAL_STORAGE,
PROP_ENABLE_XSS_AUDITOR
};
static void webkit_web_settings_finalize(GObject* object);
......@@ -454,6 +456,23 @@ static void webkit_web_settings_class_init(WebKitWebSettingsClass* klass)
_("Whether to enable HTML5 Local Storage support"),
TRUE,
flags));
/**
* WebKitWebSettings:enable-xss-auditor
*
* Whether to enable the XSS Auditor. This feature filters some kinds of
* reflective XSS attacks on vulnerable web sites.
*
* This is currently an experimental feature.
*
* Since 1.1.11
*/
g_object_class_install_property(gobject_class,
PROP_ENABLE_XSS_AUDITOR,
g_param_spec_boolean("enable-xss-auditor",
_("Enable XSS Auditor"),
_("Whether to enable teh XSS auditor"),
FALSE,
flags));
g_type_class_add_private(klass, sizeof(WebKitWebSettingsPrivate));
}
......@@ -617,6 +636,9 @@ static void webkit_web_settings_set_property(GObject* object, guint prop_id, con
g_slist_free(priv->spell_checking_languages_list);
priv->spell_checking_languages_list = spellLanguages;
break;
case PROP_ENABLE_XSS_AUDITOR:
priv->enable_xss_auditor = g_value_get_boolean(value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
break;
......@@ -710,6 +732,9 @@ static void webkit_web_settings_get_property(GObject* object, guint prop_id, GVa
case PROP_SPELL_CHECKING_LANGUAGES:
g_value_set_string(value, priv->spell_checking_languages);
break;
case PROP_ENABLE_XSS_AUDITOR:
g_value_set_boolean(value, priv->enable_xss_auditor);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
break;
......@@ -768,6 +793,7 @@ WebKitWebSettings* webkit_web_settings_copy(WebKitWebSettings* web_settings)
"enable-caret-browsing", priv->enable_caret_browsing,
"enable-html5-database", priv->enable_html5_database,
"enable-html5-local-storage", priv->enable_html5_local_storage,
"enable-xss-auditor", priv->enable_xss_auditor,
NULL));
return copy;
......
......@@ -2049,7 +2049,8 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
gchar* defaultEncoding, *cursiveFontFamily, *defaultFontFamily, *fantasyFontFamily, *monospaceFontFamily, *sansSerifFontFamily, *serifFontFamily, *userStylesheetUri;
gboolean autoLoadImages, autoShrinkImages, printBackgrounds,
enableScripts, enablePlugins, enableDeveloperExtras, resizableTextAreas,
enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage;
enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage,
enableXSSAuditor;
g_object_get(webSettings,
"default-encoding", &defaultEncoding,
......@@ -2071,6 +2072,7 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
"enable-caret-browsing", &enableCaretBrowsing,
"enable-html5-database", &enableHTML5Database,
"enable-html5-local-storage", &enableHTML5LocalStorage,
"enable-xss-auditor", &enableXSSAuditor,
NULL);
settings->setDefaultTextEncodingName(defaultEncoding);
......@@ -2092,6 +2094,7 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
settings->setCaretBrowsingEnabled(enableCaretBrowsing);
settings->setDatabasesEnabled(enableHTML5Database);
settings->setLocalStorageEnabled(enableHTML5LocalStorage);
settings->setXSSAuditorEnabled(enableXSSAuditor);
g_free(defaultEncoding);
g_free(cursiveFontFamily);
......@@ -2168,6 +2171,8 @@ static void webkit_web_view_settings_notify(WebKitWebSettings* webSettings, GPar
settings->setDatabasesEnabled(g_value_get_boolean(&value));
else if (name == g_intern_string("enable-html5-local-storage"))
settings->setLocalStorageEnabled(g_value_get_boolean(&value));
else if (name == g_intern_string("enable-xss-auditor"))
settings->setXSSAuditorEnabled(g_value_get_boolean(&value));
else if (!g_object_class_find_property(G_OBJECT_GET_CLASS(webSettings), name))
g_warning("Unexpected setting '%s'", name);
g_value_unset(&value);
......
2009-06-20 Jan Michael Alonzo <jmalonzo@webkit.org>
Reviewed by Gustavo Noronha and Xan Lopez.
[Gtk] Implement DRT XSS auditor support
https://bugs.webkit.org/show_bug.cgi?id=26571
* DumpRenderTree/gtk/DumpRenderTree.cpp:
(resetWebViewToConsistentStateBeforeTesting):
* DumpRenderTree/gtk/LayoutTestControllerGtk.cpp:
(LayoutTestController::setXSSAuditorEnabled):
2009-06-19 Darin Adler <darin@apple.com>
* Scripts/do-webcore-rename: More renaming ideas.
......
......@@ -234,6 +234,7 @@ static void resetWebViewToConsistentStateBeforeTesting()
"enable-spell-checking", TRUE,
"enable-html5-database", TRUE,
"enable-html5-local-storage", TRUE,
"enable-xss-auditor", TRUE,
NULL);
webkit_web_frame_clear_main_frame_name(mainFrame);
......
......@@ -245,7 +245,11 @@ void LayoutTestController::setPrivateBrowsingEnabled(bool flag)
void LayoutTestController::setXSSAuditorEnabled(bool flag)
{
// FIXME: implement
WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
ASSERT(view);
WebKitWebSettings* settings = webkit_web_view_get_settings(view);
g_object_set(G_OBJECT(settings), "enable-xss-auditor", flag, NULL);
}
void LayoutTestController::setAuthorAndUserStylesEnabled(bool flag)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment