1 files changed, 11 insertions, 7 deletions

diff --git a/WebCore/page/XSSAuditor.h b/WebCore/page/XSSAuditor.h
index adfa5c7..b64665b 100644
--- a/WebCore/page/XSSAuditor.h
+++ b/WebCore/page/XSSAuditor.h
@@ -42,14 +42,14 @@ namespace WebCore {
     // a script is to be allowed or denied based on the content of any
     // user-submitted data, including:
     //
-    // * the query string of the URL.
+    // * the URL.
     // * the HTTP-POST data.
     //
     // If the source code of a script resembles any user-submitted data then it
     // is denied execution.
     //
-    // When you instantiate the XSSAuditor you must specify the {@link Frame}
-    // of the page that you wish to audit.
+    // When you instantiate the XSSAuditor you must specify the Frame of the
+    // page that you wish to audit.
     //
     // Bindings
     //
@@ -59,11 +59,14 @@ namespace WebCore {
     // JavaScript script is safe to execute before executing it. The following
     // methods call into XSSAuditor:
     //
-    // * ScriptController::evaluate - used to evaluate JavaScript scripts.
-    // * ScriptController::createInlineEventListener - used to create JavaScript event handlers.
-    // * HTMLTokenizer::scriptHandler - used to load external JavaScript scripts.
+    // * ScriptController::evaluateInWorld - used to evaluate JavaScript scripts.
+    // * ScriptController::executeIfJavaScriptURL - used to evaluate JavaScript URLs.
+    // * ScriptEventListener::createAttributeEventListener - used to create JavaScript event handlers.
+    // * HTMLBaseElement::process - used to set the document base URL.
+    // * HTMLTokenizer::parseTag - used to load external JavaScript scripts.
+    // * FrameLoader::requestObject - used to load <object>/<embed> elements.
     //
-    class XSSAuditor {
+    class XSSAuditor : public Noncopyable {
     public:
         XSSAuditor(Frame*);
         ~XSSAuditor();
@@ -122,6 +125,7 @@ namespace WebCore {
                                 bool decodeURLEscapeSequencesTwice = false);
         static String decodeHTMLEntities(const String&, bool leaveUndecodableEntitiesUntouched = true);
 
+        bool isSameOriginResource(const String& url) const;
         bool findInRequest(const String&, bool decodeEntities = true, bool allowRequestIfNoIllegalURICharacters = false, 
                            bool decodeURLEscapeSequencesTwice = false) const;
         bool findInRequest(Frame*, const String&, bool decodeEntities = true, bool allowRequestIfNoIllegalURICharacters = false,