Remove XSS Auditor highlighting from view-source

The XSS Auditor has been removed from Chromium. Remove the view-source code which highlighted detected XSS injections. Bug: 968591 Change-Id: Ib1015d874895b88f7961a08a3264a6e811d6a61c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1761827 Auto-Submit: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#688428}

Remove XSS Auditor highlighting from view-source
The XSS Auditor has been removed from Chromium. Remove the view-source code which highlighted detected XSS injections. Bug: 968591 Change-Id: Ib1015d874895b88f7961a08a3264a6e811d6a61c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1761827 Auto-Submit: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#688428}
df0789a0 · Eric Lawrence · Commit Bot · 35aa05f7 · df0789a0 · df0789a0
Commit df0789a0 authored Aug 20, 2019 by Eric Lawrence Committed by Commit Bot Aug 20, 2019
4 changed files
--- a/third_party/blink/renderer/core/css/view-source.css
+++ b/third_party/blink/renderer/core/css/view-source.css
@@ -83,11 +83,6 @@ tbody:last-child .line-content:empty:before {
    padding: 0 5px !important;
 }

-.highlight {
-    background-color: rgb(100%, 42%, 42%);
-    border: 2px solid rgb(100%, 31%, 31%);
-}
-
 .html-tag {
    /* Keep this in sync with inspector.css (.webkit-html-tag) */
    color: rgb(136, 18, 128);

--- a/third_party/blink/renderer/core/html/html_view_source_document.cc
+++ b/third_party/blink/renderer/core/html/html_view_source_document.cc
@@ -44,12 +44,6 @@ namespace blink {

 using namespace html_names;

-namespace {
-
-const char kXSSDetected[] = "Token contains a reflected XSS vector";
-
-}  // namespace
-
 HTMLViewSourceDocument::HTMLViewSourceDocument(const DocumentInit& initializer,
                                               const String& mime_type)
    : HTMLDocument(initializer, kViewSourceDocumentClass), type_(mime_type) {
@@ -86,9 +80,7 @@ void HTMLViewSourceDocument::CreateContainingTable() {
  line_number_ = 0;
 }

-void HTMLViewSourceDocument::AddSource(const String& source,
-                                       HTMLToken& token,
-                                       SourceAnnotation annotation) {
+void HTMLViewSourceDocument::AddSource(const String& source, HTMLToken& token) {
  if (!current_)
    CreateContainingTable();

@@ -104,13 +96,13 @@ void HTMLViewSourceDocument::AddSource(const String& source,
      break;
    case HTMLToken::kStartTag:
    case HTMLToken::kEndTag:
-      ProcessTagToken(source, token, annotation);
+      ProcessTagToken(source, token);
      break;
    case HTMLToken::kComment:
      ProcessCommentToken(source, token);
      break;
    case HTMLToken::kCharacter:
-      ProcessCharacterToken(source, token, annotation);
+      ProcessCharacterToken(source, token);
      break;
  }
 }
@@ -130,9 +122,7 @@ void HTMLViewSourceDocument::ProcessEndOfFileToken(const String& source,
 }

 void HTMLViewSourceDocument::ProcessTagToken(const String& source,
-                                             HTMLToken& token,
-                                             SourceAnnotation annotation) {
-  MaybeAddSpanForAnnotation(annotation);
+                                             HTMLToken& token) {
  current_ = AddSpanWithClassName("html-tag");

  AtomicString tag_name(token.GetName());
@@ -185,11 +175,9 @@ void HTMLViewSourceDocument::ProcessCommentToken(const String& source,
  current_ = td_;
 }

-void HTMLViewSourceDocument::ProcessCharacterToken(
-    const String& source,
-    HTMLToken&,
-    SourceAnnotation annotation) {
-  AddText(source, "", annotation);
+void HTMLViewSourceDocument::ProcessCharacterToken(const String& source,
+                                                   HTMLToken&) {
+  AddText(source, "");
 }

 Element* HTMLViewSourceDocument::AddSpanWithClassName(
@@ -241,8 +229,7 @@ void HTMLViewSourceDocument::FinishLine() {
 }

 void HTMLViewSourceDocument::AddText(const String& text,
-                                     const AtomicString& class_name,
-                                     SourceAnnotation annotation) {
+                                     const AtomicString& class_name) {
  if (text.IsEmpty())
    return;

@@ -261,7 +248,6 @@ void HTMLViewSourceDocument::AddText(const String& text,
      continue;
    }
    Element* old_element = current_;
-    MaybeAddSpanForAnnotation(annotation);
    current_->ParserAppendChild(Text::Create(*this, substring));
    current_ = old_element;
    if (i < size - 1)
@@ -347,14 +333,6 @@ int HTMLViewSourceDocument::AddSrcset(const String& source,
  return end;
 }

-void HTMLViewSourceDocument::MaybeAddSpanForAnnotation(
-    SourceAnnotation annotation) {
-  if (annotation == kAnnotateSourceAsXSS) {
-    current_ = AddSpanWithClassName("highlight");
-    current_->setAttribute(kTitleAttr, kXSSDetected);
-  }
-}
-
 void HTMLViewSourceDocument::Trace(Visitor* visitor) {
  visitor->Trace(current_);
  visitor->Trace(tbody_);

--- a/third_party/blink/renderer/core/html/html_view_source_document.h
+++ b/third_party/blink/renderer/core/html/html_view_source_document.h
@@ -36,11 +36,9 @@ class HTMLToken;

 class CORE_EXPORT HTMLViewSourceDocument final : public HTMLDocument {
 public:
-  enum SourceAnnotation { kAnnotateSourceAsSafe, kAnnotateSourceAsXSS };
-
  HTMLViewSourceDocument(const DocumentInit&, const String& mime_type);

-  void AddSource(const String&, HTMLToken&, SourceAnnotation);
+  void AddSource(const String&, HTMLToken&);

  void Trace(Visitor*) override;

@@ -49,19 +47,15 @@ class CORE_EXPORT HTMLViewSourceDocument final : public HTMLDocument {

  void ProcessDoctypeToken(const String& source, HTMLToken&);
  void ProcessEndOfFileToken(const String& source, HTMLToken&);
-  void ProcessTagToken(const String& source, HTMLToken&, SourceAnnotation);
+  void ProcessTagToken(const String& source, HTMLToken&);
  void ProcessCommentToken(const String& source, HTMLToken&);
-  void ProcessCharacterToken(const String& source,
-                             HTMLToken&,
-                             SourceAnnotation);
+  void ProcessCharacterToken(const String& source, HTMLToken&);

  void CreateContainingTable();
  Element* AddSpanWithClassName(const AtomicString&);
  void AddLine(const AtomicString& class_name);
  void FinishLine();
-  void AddText(const String& text,
-               const AtomicString& class_name,
-               SourceAnnotation = kAnnotateSourceAsSafe);
+  void AddText(const String& text, const AtomicString& class_name);
  int AddRange(const String& source,
               int start,
               int end,
@@ -70,7 +64,6 @@ class CORE_EXPORT HTMLViewSourceDocument final : public HTMLDocument {
               bool is_anchor = false,
               const AtomicString& link = g_null_atom);
  int AddSrcset(const String& source, int start, int end);
-  void MaybeAddSpanForAnnotation(SourceAnnotation);

  Element* AddLink(const AtomicString& url, bool is_anchor);
  Element* AddBase(const AtomicString& href);

--- a/third_party/blink/renderer/core/html/parser/html_view_source_parser.cc
+++ b/third_party/blink/renderer/core/html/parser/html_view_source_parser.cc
@@ -49,10 +49,7 @@ void HTMLViewSourceParser::PumpTokenizer() {
      return;
    source_tracker_.end(input_.Current(), tokenizer_.get(), token_);

-    HTMLViewSourceDocument::SourceAnnotation annotation =
-        HTMLViewSourceDocument::kAnnotateSourceAsSafe;
-    GetDocument()->AddSource(source_tracker_.SourceForToken(token_), token_,
-                             annotation);
+    GetDocument()->AddSource(source_tracker_.SourceForToken(token_), token_);

    // FIXME: The tokenizer should do this work for us.
    if (token_.GetType() == HTMLToken::kStartTag)