Don't include trailing comment characters in javascript snippets.

This trailing "/*" (and so forth) do not contribute very much to the signal, and not using them allows us to catch some interesting corner cases involving server-side page post-processors. BUG=355479 Review URL: https://codereview.chromium.org/210033008 git-svn-id: svn://svn.chromium.org/blink/trunk@169967 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Don't include trailing comment characters in javascript snippets.
This trailing "/*" (and so forth) do not contribute very much to the signal, and not using them allows us to catch some interesting corner cases involving server-side page post-processors. BUG=355479 Review URL: https://codereview.chromium.org/210033008 git-svn-id: svn://svn.chromium.org/blink/trunk@169967 bbb929c8-8fbe-4397-9dbb-9b2b20218538
192afe57 · tsepez@chromium.org · f846f5a4 · 192afe57 · 192afe57 · 192afe57
Commit 192afe57 authored Mar 25, 2014 by tsepez@chromium.org
3 changed files
--- a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt
+CONSOLE ERROR: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=/*]]%3E*/&q=%3Cscript%3E/*%3C!CDATA[*/alert(/XSS/)&q2=%3C/script%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
--- a/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-injected-comment.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/script-tag-with-injected-comment.html
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+  testRunner.dumpAsText();
+  testRunner.setXSSAuditorEnabled(true);
+}
+</script>
+</head>
+<body>
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?clutter=/*]]>*/&q=<script>/*<!CDATA[*/alert(/XSS/)&q2=</script>">
+</iframe>
+</body>
+</html>
--- a/third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp
+++ b/third_party/WebKit/Source/core/html/parser/XSSAuditor.cpp
@@ -696,12 +696,9 @@ String XSSAuditor::decodedSnippetForJavaScript(const FilterTokenRequest& request
        lastNonSpacePosition = kNotFound;
        for (foundPosition = startPosition; foundPosition < endPosition; foundPosition++) {
            if (!request.shouldAllowCDATA) {
-                if (startsSingleLineCommentAt(string, foundPosition) || startsMultiLineCommentAt(string, foundPosition)) {
+                if (startsSingleLineCommentAt(string, foundPosition)
-                    foundPosition += 2;
+                    || startsMultiLineCommentAt(string, foundPosition)
-                    break;
+                    || startsHTMLCommentAt(string, foundPosition)) {
-                }
-                if (startsHTMLCommentAt(string, foundPosition)) {
-                    foundPosition += 4;
                    break;
                }
            }