1 files changed, 20 insertions, 4 deletions

diff --git a/src/3rdparty/webkit/WebCore/page/XSSAuditor.h b/src/3rdparty/webkit/WebCore/page/XSSAuditor.h
index 7974d1c823..6c6a56c2b6 100644
--- a/src/3rdparty/webkit/WebCore/page/XSSAuditor.h
+++ b/src/3rdparty/webkit/WebCore/page/XSSAuditor.h
@@ -74,13 +74,17 @@ namespace WebCore {
         // based on the content of any user-submitted data.
         bool canEvaluate(const String& sourceCode) const;
 
+        // Determines whether the JavaScript URL should be allowed or denied execution
+        // based on the content of any user-submitted data.
+        bool canEvaluateJavaScriptURL(const String& code) const;
+
         // Determines whether the event listener should be created based on the
         // content of any user-submitted data.
         bool canCreateInlineEventListener(const String& functionName, const String& code) const;
 
         // Determines whether the external script should be loaded based on the
         // content of any user-submitted data.
-        bool canLoadExternalScriptFromSrc(const String& url) const;
+        bool canLoadExternalScriptFromSrc(const String& context, const String& url) const;
 
         // Determines whether object should be loaded based on the content of
         // any user-submitted data.
@@ -88,12 +92,24 @@ namespace WebCore {
         // This method is called by FrameLoader::requestObject.
         bool canLoadObject(const String& url) const;
 
+        // Determines whether the base URL should be changed based on the content
+        // of any user-submitted data.
+        //
+        // This method is called by HTMLBaseElement::process.
+        bool canSetBaseElementURL(const String& url) const;
+
     private:
-        static String decodeURL(const String& url, const TextEncoding& encoding = UTF8Encoding(), bool allowControlCharacters = false);
+        static String decodeURL(const String& url, const TextEncoding& encoding = UTF8Encoding(), bool allowNullCharacters = false,
+                                bool allowNonNullControlCharacters = true, bool decodeHTMLentities = true, 
+                                bool leaveUndecodableHTMLEntitiesUntouched = false);
+        
+        static String decodeHTMLEntities(const String&, bool leaveUndecodableHTMLEntitiesUntouched = false);
 
-        bool findInRequest(const String&) const;
+        bool findInRequest(const String&, bool matchNullCharacters = true, bool matchNonNullControlCharacters = true,
+                           bool decodeHTMLentities = true, bool leaveUndecodableHTMLEntitiesUntouched = false) const;
 
-        bool findInRequest(Frame*, const String&) const;
+        bool findInRequest(Frame*, const String&, bool matchNullCharacters = true, bool matchNonNullControlCharacters = true,
+                           bool decodeHTMLentities = true, bool leaveUndecodableHTMLEntitiesUntouched = false) const;
 
         // The frame to audit.
         Frame* m_frame;