[webkit-reviews] review granted: [Bug 104479] CSP 1.1: Experiment with 'reflected-xss' directive. : [Attachment 189263] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 22 11:22:36 PST 2013
Adam Barth <abarth at webkit.org> has granted Mike West <mkwst at chromium.org>'s
request for review:
Bug 104479: CSP 1.1: Experiment with 'reflected-xss' directive.
https://bugs.webkit.org/show_bug.cgi?id=104479
Attachment 189263: Patch
https://bugs.webkit.org/attachment.cgi?id=189263&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=189263&action=review
> Source/WebCore/html/parser/XSSAuditor.cpp:177
> +static ContentSecurityPolicy::ReflectedXSSDisposition
combineXSSProtectionHeaderAndCSP(ContentSecurityPolicy::ReflectedXSSDisposition
xssProtection, ContentSecurityPolicy::ReflectedXSSDisposition reflectedXSS)
I might add a comment to the ReflectedXSSDisposition declaration to remind
folks to check this function if they add a new disposition.
> Source/WebCore/html/parser/XSSAuditor.cpp:266
> + m_reportURL = xssProtectionReportURL; // FIXME: Combine the two
report URLs in some reasonable way.
Do we need to make a copy of this URL to handle the threaded parser case?
More information about the webkit-reviews
mailing list