Commit c12acbed authored by abarth@webkit.org's avatar abarth@webkit.org

WebCore:

2009-06-21  Daniel Bates  <dbates@intudata.com>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=26580
        
        Fix to enable XSSAuditor on child windows.
        
        Test: http/tests/security/xssAuditor/link-opens-new-window.html
        
        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::XSSAuditor):
        (WebCore::XSSAuditor::isEnabled):
        (WebCore::XSSAuditor::canEvaluate):
        (WebCore::XSSAuditor::canCreateInlineEventListener):
        (WebCore::XSSAuditor::canLoadExternalScriptFromSrc):
        (WebCore::XSSAuditor::canLoadObject):
        * page/XSSAuditor.h: Removed method setXSSAuditorEnabled, and field m_isEnabled. Moved implementation of isEnabled to XSSAuditor.cpp and changed implementation to query Settings.

LayoutTests:

2009-06-21  Daniel Bates  <dbates@intudata.com>

        Reviewed by Adam Barth.
        
        Test for https://bugs.webkit.org/show_bug.cgi?id=26580
        
        Tests that XSSAuditor (if enabled) prevents script execution in child window.

        * http/tests/security/xssAuditor/link-opens-new-window-expected.txt: Added.
        * http/tests/security/xssAuditor/link-opens-new-window.html: Added.
        * http/tests/security/xssAuditor/resources/echo-intertag-and-notify.php: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@44927 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 7da68d22
2009-06-21 Daniel Bates <dbates@intudata.com>
Reviewed by Adam Barth.
Test for https://bugs.webkit.org/show_bug.cgi?id=26580
Tests that XSSAuditor (if enabled) prevents script execution in child window.
* http/tests/security/xssAuditor/link-opens-new-window-expected.txt: Added.
* http/tests/security/xssAuditor/link-opens-new-window.html: Added.
* http/tests/security/xssAuditor/resources/echo-intertag-and-notify.php: Added.
2009-06-21 Dan Bernstein <mitz@apple.com>
Rubber-stamped by Mark Rowe.
......
CONSOLE MESSAGE: line 1: Refused to execute a JavaScript script. Source code of script found within request.
Click me
<!DOCTYPE html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.setXSSAuditorEnabled(true);
layoutTestController.dumpAsText();
layoutTestController.dumpChildFramesAsText();
layoutTestController.waitUntilDone();
layoutTestController.setCanOpenWindows();
layoutTestController.setCloseRemainingWindowsWhenComplete(true);
}
window.onload = function()
{
var event = document.createEvent('MouseEvent');
event.initEvent('click', true, true);
document.getElementById('anchorLink').dispatchEvent(event);
}
</script>
</head>
<body>
<a id="anchorLink" href="http://localhost:8000/security/xssAuditor/resources/echo-intertag-and-notify.php?q=<script>alert(/XSS/)</script>" target="_blank">Click me</a>
</body>
</html>
<!DOCTYPE html>
<html>
<body>
<?php
echo $_GET['q'];
?>
<script>
if (window.layoutTestController)
layoutTestController.notifyDone();
</script>
</body>
</html>
2009-06-21 Daniel Bates <dbates@intudata.com>
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=26580
Fix to enable XSSAuditor on child windows.
Test: http/tests/security/xssAuditor/link-opens-new-window.html
* page/XSSAuditor.cpp:
(WebCore::XSSAuditor::XSSAuditor):
(WebCore::XSSAuditor::isEnabled):
(WebCore::XSSAuditor::canEvaluate):
(WebCore::XSSAuditor::canCreateInlineEventListener):
(WebCore::XSSAuditor::canLoadExternalScriptFromSrc):
(WebCore::XSSAuditor::canLoadObject):
* page/XSSAuditor.h: Removed method setXSSAuditorEnabled, and field m_isEnabled. Moved implementation of isEnabled to XSSAuditor.cpp and changed implementation to query Settings.
2009-06-21 David Levin <levin@chromium.org>
Reviewed by NOBODY.
......
......@@ -44,24 +44,27 @@ namespace WebCore {
// This method also appears in file ResourceResponseBase.cpp.
static bool isControlCharacter(UChar c)
{
return c < ' ' || c == 127;
return c < ' ' || c == 127;
}
XSSAuditor::XSSAuditor(Frame* frame)
: m_isEnabled(false)
, m_frame(frame)
: m_frame(frame)
{
if (Settings* settings = frame->settings())
m_isEnabled = settings->xssAuditorEnabled();
}
XSSAuditor::~XSSAuditor()
{
}
bool XSSAuditor::isEnabled() const
{
Settings* settings = m_frame->settings();
return (settings && settings->xssAuditorEnabled());
}
bool XSSAuditor::canEvaluate(const String& sourceCode) const
{
if (!m_isEnabled)
if (!isEnabled())
return true;
if (findInRequest(sourceCode)) {
......@@ -74,7 +77,7 @@ bool XSSAuditor::canEvaluate(const String& sourceCode) const
bool XSSAuditor::canCreateInlineEventListener(const String&, const String& code) const
{
if (!m_isEnabled)
if (!isEnabled())
return true;
return canEvaluate(code);
......@@ -82,7 +85,7 @@ bool XSSAuditor::canCreateInlineEventListener(const String&, const String& code)
bool XSSAuditor::canLoadExternalScriptFromSrc(const String& url) const
{
if (!m_isEnabled)
if (!isEnabled())
return true;
if (findInRequest(url)) {
......@@ -95,7 +98,7 @@ bool XSSAuditor::canLoadExternalScriptFromSrc(const String& url) const
bool XSSAuditor::canLoadObject(const String& url) const
{
if (!m_isEnabled)
if (!isEnabled())
return true;
if (findInRequest(url)) {
......
......@@ -27,7 +27,6 @@
#ifndef XSSAuditor_h
#define XSSAuditor_h
#include "config.h"
#include "PlatformString.h"
#include "TextEncoding.h"
......@@ -69,8 +68,7 @@ namespace WebCore {
XSSAuditor(Frame*);
~XSSAuditor();
bool isEnabled() const { return m_isEnabled; }
void setXSSAuditorEnabled(bool enabled) { m_isEnabled = enabled; }
bool isEnabled() const;
// Determines whether the script should be allowed or denied execution
// based on the content of any user-submitted data.
......@@ -95,9 +93,6 @@ namespace WebCore {
bool findInRequest(const String&) const;
// Whether to audit scripts.
bool m_isEnabled;
// The frame to audit.
Frame* m_frame;
};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment