[Webkit-unassigned] [Bug 34436] Change XSSAuditor block syntax
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 18 21:17:18 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=34436
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #49678|review? |review+
Flag| |
--- Comment #9 from Daniel Bates <dbates at webkit.org> 2010-03-18 21:17:18 PST ---
(From update of attachment 49678)
> --- a/WebCore/ChangeLog
> +++ b/WebCore/ChangeLog
> @@ -1,3 +1,27 @@
> +2010-02-27 Adam Barth <abarth at webkit.org>
> [...]
> + * WebCore.xcodeproj/project.pbxproj:
This line should be removed from the change log since this patch does not
contain any changes to the WebCore Xcode project file.
> -bool XSSAuditor::shouldFullPageBlockForXSSProtectionHeader() const
> +XSSProtectionDisposition XSSAuditor::xssProtection() const
> {
> // If we detect an XSS attack and find the HTTP header "X-XSS-Protection: 12" then
> // we will stop loading the page as opposed to ignoring the script. The value "12"
> @@ -302,9 +302,7 @@ bool XSSAuditor::shouldFullPageBlockForXSSProtectionHeader() const
Either this comment needs to removed or it needs to be updated since we are no
longer using the "12" notation to do full-page blocking.
> +XSSProtectionDisposition parseXSSProtectionHeader(const String& header)
> +{
> + String stippedHeader = header.stripWhiteSpace();
> +
> + if (stippedHeader.isEmpty())
> + return XSSProtectionEnabled;
> +
> + if (stippedHeader[0] == '0')
> + return XSSProtectionDisabled;
> +
> + int length = (int)header.length();
Minor style issue, the explicit cast to type integer (i.e. "(int)") is
unnecessary.
r=me
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list