[webkit-reviews] review granted: [Bug 34436] Change XSSAuditor block syntax : [Attachment 49678] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 18 21:17:17 PDT 2010
Daniel Bates <dbates at webkit.org> has granted Adam Barth <abarth at webkit.org>'s
request for review:
Bug 34436: Change XSSAuditor block syntax
https://bugs.webkit.org/show_bug.cgi?id=34436
Attachment 49678: Patch
https://bugs.webkit.org/attachment.cgi?id=49678&action=review
------- Additional Comments from Daniel Bates <dbates at webkit.org>
> --- a/WebCore/ChangeLog
> +++ b/WebCore/ChangeLog
> @@ -1,3 +1,27 @@
> +2010-02-27 Adam Barth <abarth at webkit.org>
> [...]
> + * WebCore.xcodeproj/project.pbxproj:
This line should be removed from the change log since this patch does not
contain any changes to the WebCore Xcode project file.
> -bool XSSAuditor::shouldFullPageBlockForXSSProtectionHeader() const
> +XSSProtectionDisposition XSSAuditor::xssProtection() const
> {
> // If we detect an XSS attack and find the HTTP header
"X-XSS-Protection: 12" then
> // we will stop loading the page as opposed to ignoring the script. The
value "12"
> @@ -302,9 +302,7 @@ bool
XSSAuditor::shouldFullPageBlockForXSSProtectionHeader() const
Either this comment needs to removed or it needs to be updated since we are no
longer using the "12" notation to do full-page blocking.
> +XSSProtectionDisposition parseXSSProtectionHeader(const String& header)
> +{
> + String stippedHeader = header.stripWhiteSpace();
> +
> + if (stippedHeader.isEmpty())
> + return XSSProtectionEnabled;
> +
> + if (stippedHeader[0] == '0')
> + return XSSProtectionDisabled;
> +
> + int length = (int)header.length();
Minor style issue, the explicit cast to type integer (i.e. "(int)") is
unnecessary.
r=me
More information about the webkit-reviews
mailing list