From 8344d832c6ec20bf0eeffe5c34d61cde8b867670 Mon Sep 17 00:00:00 2001
From: "jmalonzo@webkit.org"
 <jmalonzo@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat, 20 Jun 2009 21:57:16 +0000
Subject: [PATCH]         Reviewed by Gustavo Noronha and Xan Lopez.

        [Gtk] Implement DRT XSS auditor support
        https://bugs.webkit.org/show_bug.cgi?id=26571

        * webkit/webkitwebsettings.cpp:
        (webkit_web_settings_class_init):
        (webkit_web_settings_set_property):
        (webkit_web_settings_get_property):
        (webkit_web_settings_copy):
        * webkit/webkitwebview.cpp:
        (webkit_web_view_update_settings):
        (webkit_web_view_settings_notify):
        * DumpRenderTree/gtk/DumpRenderTree.cpp:
        (resetWebViewToConsistentStateBeforeTesting):
        * DumpRenderTree/gtk/LayoutTestControllerGtk.cpp:
        (LayoutTestController::setXSSAuditorEnabled):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@44904 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 WebKit/gtk/ChangeLog                          | 18 ++++++++++++
 WebKit/gtk/webkit/webkitwebsettings.cpp       | 28 ++++++++++++++++++-
 WebKit/gtk/webkit/webkitwebview.cpp           |  7 ++++-
 WebKitTools/ChangeLog                         | 12 ++++++++
 .../DumpRenderTree/gtk/DumpRenderTree.cpp     |  1 +
 .../gtk/LayoutTestControllerGtk.cpp           |  6 +++-
 6 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/WebKit/gtk/ChangeLog b/WebKit/gtk/ChangeLog
index a20c1fe02e6..43414554375 100644
--- a/WebKit/gtk/ChangeLog
+++ b/WebKit/gtk/ChangeLog
@@ -1,3 +1,21 @@
+2009-06-20  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Gustavo Noronha and Xan Lopez.
+
+        [Gtk] Implement DRT XSS auditor support
+        https://bugs.webkit.org/show_bug.cgi?id=26571
+
+        Add a setting "enable-xss-auditor" to enable this feature.
+
+        * webkit/webkitwebsettings.cpp:
+        (webkit_web_settings_class_init):
+        (webkit_web_settings_set_property):
+        (webkit_web_settings_get_property):
+        (webkit_web_settings_copy):
+        * webkit/webkitwebview.cpp:
+        (webkit_web_view_update_settings):
+        (webkit_web_view_settings_notify):
+
 2009-06-20  Jan Michael Alonzo  <jmalonzo@webkit.org>
 
         Reviewed by Gustavo Noronha and Xan Lopez.
diff --git a/WebKit/gtk/webkit/webkitwebsettings.cpp b/WebKit/gtk/webkit/webkitwebsettings.cpp
index d41b64179a2..2f1886c49ff 100644
--- a/WebKit/gtk/webkit/webkitwebsettings.cpp
+++ b/WebKit/gtk/webkit/webkitwebsettings.cpp
@@ -80,6 +80,7 @@ struct _WebKitWebSettingsPrivate {
     gboolean enable_caret_browsing;
     gboolean enable_html5_database;
     gboolean enable_html5_local_storage;
+    gboolean enable_xss_auditor;
 };
 
 #define WEBKIT_WEB_SETTINGS_GET_PRIVATE(obj) (G_TYPE_INSTANCE_GET_PRIVATE((obj), WEBKIT_TYPE_WEB_SETTINGS, WebKitWebSettingsPrivate))
@@ -113,7 +114,8 @@ enum {
     PROP_SPELL_CHECKING_LANGUAGES,
     PROP_ENABLE_CARET_BROWSING,
     PROP_ENABLE_HTML5_DATABASE,
-    PROP_ENABLE_HTML5_LOCAL_STORAGE
+    PROP_ENABLE_HTML5_LOCAL_STORAGE,
+    PROP_ENABLE_XSS_AUDITOR
 };
 
 static void webkit_web_settings_finalize(GObject* object);
@@ -454,6 +456,23 @@ static void webkit_web_settings_class_init(WebKitWebSettingsClass* klass)
                                                          _("Whether to enable HTML5 Local Storage support"),
                                                          TRUE,
                                                          flags));
+    /**
+    * WebKitWebSettings:enable-xss-auditor
+    *
+    * Whether to enable the XSS Auditor. This feature filters some kinds of
+    * reflective XSS attacks on vulnerable web sites.
+    *
+    * This is currently an experimental feature.
+    *
+    * Since 1.1.11
+    */
+    g_object_class_install_property(gobject_class,
+                                    PROP_ENABLE_XSS_AUDITOR,
+                                    g_param_spec_boolean("enable-xss-auditor",
+                                                         _("Enable XSS Auditor"),
+                                                         _("Whether to enable teh XSS auditor"),
+                                                         FALSE,
+                                                         flags));
 
     g_type_class_add_private(klass, sizeof(WebKitWebSettingsPrivate));
 }
@@ -617,6 +636,9 @@ static void webkit_web_settings_set_property(GObject* object, guint prop_id, con
         g_slist_free(priv->spell_checking_languages_list);
         priv->spell_checking_languages_list = spellLanguages;
         break;
+    case PROP_ENABLE_XSS_AUDITOR:
+        priv->enable_xss_auditor = g_value_get_boolean(value);
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
         break;
@@ -710,6 +732,9 @@ static void webkit_web_settings_get_property(GObject* object, guint prop_id, GVa
     case PROP_SPELL_CHECKING_LANGUAGES:
         g_value_set_string(value, priv->spell_checking_languages);
         break;
+    case PROP_ENABLE_XSS_AUDITOR:
+        g_value_set_boolean(value, priv->enable_xss_auditor);
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
         break;
@@ -768,6 +793,7 @@ WebKitWebSettings* webkit_web_settings_copy(WebKitWebSettings* web_settings)
                  "enable-caret-browsing", priv->enable_caret_browsing,
                  "enable-html5-database", priv->enable_html5_database,
                  "enable-html5-local-storage", priv->enable_html5_local_storage,
+                 "enable-xss-auditor", priv->enable_xss_auditor,
                  NULL));
 
     return copy;
diff --git a/WebKit/gtk/webkit/webkitwebview.cpp b/WebKit/gtk/webkit/webkitwebview.cpp
index 985960a5738..0872dadc6cb 100644
--- a/WebKit/gtk/webkit/webkitwebview.cpp
+++ b/WebKit/gtk/webkit/webkitwebview.cpp
@@ -2049,7 +2049,8 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
     gchar* defaultEncoding, *cursiveFontFamily, *defaultFontFamily, *fantasyFontFamily, *monospaceFontFamily, *sansSerifFontFamily, *serifFontFamily, *userStylesheetUri;
     gboolean autoLoadImages, autoShrinkImages, printBackgrounds,
         enableScripts, enablePlugins, enableDeveloperExtras, resizableTextAreas,
-        enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage;
+        enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage,
+        enableXSSAuditor;
 
     g_object_get(webSettings,
                  "default-encoding", &defaultEncoding,
@@ -2071,6 +2072,7 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
                  "enable-caret-browsing", &enableCaretBrowsing,
                  "enable-html5-database", &enableHTML5Database,
                  "enable-html5-local-storage", &enableHTML5LocalStorage,
+                 "enable-xss-auditor", &enableXSSAuditor,
                  NULL);
 
     settings->setDefaultTextEncodingName(defaultEncoding);
@@ -2092,6 +2094,7 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
     settings->setCaretBrowsingEnabled(enableCaretBrowsing);
     settings->setDatabasesEnabled(enableHTML5Database);
     settings->setLocalStorageEnabled(enableHTML5LocalStorage);
+    settings->setXSSAuditorEnabled(enableXSSAuditor);
 
     g_free(defaultEncoding);
     g_free(cursiveFontFamily);
@@ -2168,6 +2171,8 @@ static void webkit_web_view_settings_notify(WebKitWebSettings* webSettings, GPar
         settings->setDatabasesEnabled(g_value_get_boolean(&value));
     else if (name == g_intern_string("enable-html5-local-storage"))
         settings->setLocalStorageEnabled(g_value_get_boolean(&value));
+    else if (name == g_intern_string("enable-xss-auditor"))
+        settings->setXSSAuditorEnabled(g_value_get_boolean(&value));
     else if (!g_object_class_find_property(G_OBJECT_GET_CLASS(webSettings), name))
         g_warning("Unexpected setting '%s'", name);
     g_value_unset(&value);
diff --git a/WebKitTools/ChangeLog b/WebKitTools/ChangeLog
index 54aade9af0a..e02a796c251 100644
--- a/WebKitTools/ChangeLog
+++ b/WebKitTools/ChangeLog
@@ -1,3 +1,15 @@
+2009-06-20  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Gustavo Noronha and Xan Lopez.
+
+        [Gtk] Implement DRT XSS auditor support
+        https://bugs.webkit.org/show_bug.cgi?id=26571
+
+        * DumpRenderTree/gtk/DumpRenderTree.cpp:
+        (resetWebViewToConsistentStateBeforeTesting):
+        * DumpRenderTree/gtk/LayoutTestControllerGtk.cpp:
+        (LayoutTestController::setXSSAuditorEnabled):
+
 2009-06-19  Darin Adler  <darin@apple.com>
 
         * Scripts/do-webcore-rename: More renaming ideas.
diff --git a/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp b/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
index ce449e7a382..abdecf6c879 100644
--- a/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
+++ b/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
@@ -234,6 +234,7 @@ static void resetWebViewToConsistentStateBeforeTesting()
                  "enable-spell-checking", TRUE,
                  "enable-html5-database", TRUE,
                  "enable-html5-local-storage", TRUE,
+                 "enable-xss-auditor", TRUE,
                  NULL);
 
     webkit_web_frame_clear_main_frame_name(mainFrame);
diff --git a/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp b/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
index 28e6c3ecb5a..40992c67b39 100644
--- a/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
+++ b/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
@@ -245,7 +245,11 @@ void LayoutTestController::setPrivateBrowsingEnabled(bool flag)
 
 void LayoutTestController::setXSSAuditorEnabled(bool flag)
 {
-    // FIXME: implement
+    WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
+    ASSERT(view);
+
+    WebKitWebSettings* settings = webkit_web_view_get_settings(view);
+    g_object_set(G_OBJECT(settings), "enable-xss-auditor", flag, NULL);
 }
 
 void LayoutTestController::setAuthorAndUserStylesEnabled(bool flag)
-- 
GitLab