Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 259548.30@safari-7615-branch (49109db). https://bugs.webk…
…it.org/show_bug.cgi?id=250760 Error object stacktraces may leak sensitive data in URL query parameters https://bugs.webkit.org/show_bug.cgi?id=250760 rdar://104376838 Reviewed by Patrick Angle. If a remote script is delivered after a redirect sensitive data may be present in the post-redirect URL. If the script later throws an error the error event object will have that post-redirect URL in its stacktrace and sourceURL properties. * Source/JavaScriptCore/runtime/Error.cpp: (JSC::getLineColumnAndSource): * Source/JavaScriptCore/runtime/StackFrame.cpp: (JSC::StackFrame::sourceURLStripped const): This is a new function which uses the URL class to strip potentially sensitive information from the URL of the script which contains the code for the current stack frame. (JSC::StackFrame::toString const): * Source/JavaScriptCore/runtime/StackFrame.h: * Source/WTF/wtf/URL.cpp: (WTF::URL::strippedForUseAsReport const): This is a function similar to strippedForUseAsReferrer except we also remove query parameters from the URL while strippedForUseAsReferrer only strips user information and fragment. * Source/WTF/wtf/URL.h: * Source/WebInspectorUI/UserInterface/Base/URLUtilities.js: Adds a utility function similar to WTF::URL::strippedForUseAsReport. * Source/WebInspectorUI/UserInterface/Models/DebuggerData.js: (WI.DebuggerData.prototype.scriptsForURL): (WI.DebuggerData.prototype.addScript): The Web Inspector debugger maps URLs it knows about to URLs reported by the stack frames in an error object's stack trace. This allows one to jump to offending source lines in the web inspector. In order to correctly map the stripped URL reported in a stack trace we need to key the map on the stripped URL as well. * Tools/TestWebKitAPI/Tests/WTF/URL.cpp: (TestWebKitAPI::TEST_F): Adds a unit test for URL::strippedForUseAsReport Canonical link: https://commits.webkit.org/259548.30@safari-7615-branch
- Loading branch information
Showing
8 changed files
with
90 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters