diff options
Diffstat (limited to 'WebCore/page/XSSAuditor.cpp')
| -rw-r--r-- | WebCore/page/XSSAuditor.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/WebCore/page/XSSAuditor.cpp b/WebCore/page/XSSAuditor.cpp index 22506b2..fb0e1c0 100644 --- a/WebCore/page/XSSAuditor.cpp +++ b/WebCore/page/XSSAuditor.cpp @@ -34,8 +34,8 @@ #include "DocumentLoader.h" #include "DOMWindow.h" #include "Frame.h" +#include "HTMLEntityParser.h" #include "KURL.h" -#include "LegacyPreloadScanner.h" #include "ResourceResponseBase.h" #include "ScriptSourceCode.h" #include "Settings.h" @@ -277,7 +277,7 @@ String XSSAuditor::decodeHTMLEntities(const String& string, bool leaveUndecodabl if (leaveUndecodableEntitiesUntouched) sourceShadow = source; bool notEnoughCharacters = false; - unsigned entity = LegacyPreloadScanner::consumeEntity(source, notEnoughCharacters); + unsigned entity = consumeHTMLEntity(source, notEnoughCharacters); // We ignore notEnoughCharacters because we might as well use this loop // to copy the remaining characters into |result|. @@ -405,10 +405,10 @@ bool XSSAuditor::findInRequest(Frame* frame, const FindTask& task) const String decodedPageURL = m_pageURLCache.canonicalizeURL(pageURL, frame->document()->decoder()->encoding(), task.decodeEntities, task.decodeURLEscapeSequencesTwice); - if (task.allowRequestIfNoIllegalURICharacters && !hasFormData && decodedPageURL.find(&isIllegalURICharacter, 0) == -1) + if (task.allowRequestIfNoIllegalURICharacters && !hasFormData && decodedPageURL.find(&isIllegalURICharacter, 0) == notFound) return false; // Injection is impossible because the request does not contain any illegal URI characters. - if (decodedPageURL.find(canonicalizedString, 0, false) != -1) + if (decodedPageURL.find(canonicalizedString, 0, false) != notFound) return true; // We've found the string in the GET data. if (hasFormData) { @@ -423,7 +423,7 @@ bool XSSAuditor::findInRequest(Frame* frame, const FindTask& task) const if (m_formDataSuffixTree && !m_formDataSuffixTree->mightContain(canonicalizedString)) return false; - if (decodedFormData.find(canonicalizedString, 0, false) != -1) + if (decodedFormData.find(canonicalizedString, 0, false) != notFound) return true; // We found the string in the POST data. } |