2 files changed, 31 insertions, 40 deletions

diff --git a/webkit/appcache/view_appcache_internals_job.cc b/webkit/appcache/view_appcache_internals_job.cc
index 606a1e4..efd0410 100644
--- a/webkit/appcache/view_appcache_internals_job.cc
+++ b/webkit/appcache/view_appcache_internals_job.cc
@@ -48,26 +48,22 @@ const char kViewCacheCommand[] = "view-cache";
 const char kViewEntryCommand[] = "view-entry";
 
 void EmitPageStart(std::string* out) {
-  DCHECK(out);
   out->append(
       "<!DOCTYPE HTML>\n"
       "<html><title>AppCache Internals</title>\n"
+      "<meta http-equiv=\"X-WebKit-CSP\""
+      "  content=\"object-src 'none'; script-src 'none'\">\n"
       "<style>\n"
       "body { font-family: sans-serif; font-size: 0.8em; }\n"
       "tt, code, pre { font-family: WebKitHack, monospace; }\n"
+      "form { display: inline; }\n"
       ".subsection_body { margin: 10px 0 10px 2em; }\n"
       ".subsection_title { font-weight: bold; }\n"
       "</style>\n"
-      "<script>\n"
-      "function PerformCommand(command, param) {\n"
-      "  location = location.pathname + '?' + command + '=' + param;\n"
-      "}\n"
-      "</script>\n"
       "</head><body>\n");
 }
 
 void EmitPageEnd(std::string* out) {
-  DCHECK(out);
   out->append("</body></html>\n");
 }
 
@@ -78,26 +74,31 @@ void EmitCommandButton(const std::string& label,
                        const std::string& command,
                        const std::string& param,
                        std::string* out) {
-  base::StringAppendF(out, "<input type=\"button\" value=\"%s\" "
-                      "onclick=\"PerformCommand('%s', '%s')\" />\n",
-                      label.c_str(), command.c_str(), param.c_str());
+  base::StringAppendF(out,
+                      "<form action=\"\" method=\"GET\">\n"
+                      "<input type=\"hidden\" name=\"%s\" value=\"%s\">\n"
+                      "<input type=\"submit\" value=\"%s\">\n"
+                      "</form>",
+                      EscapeForHTML(command).c_str(),
+                      EscapeForHTML(param).c_str(),
+                      EscapeForHTML(label).c_str());
 }
 
-void EmitListItem(const std::string& label,  const std::string& data,
+void EmitListItem(const std::string& label,
+                  const std::string& data,
                   std::string* out) {
-  DCHECK(out);
   out->append("<li>");
-  out->append(label);
+  out->append(EscapeForHTML(label));
   out->append(data);
   out->append("</li>\n");
 }
 
 void EmitAnchor(const std::string& url, const std::string& text,
                 std::string* out) {
-  out->append("<a href=");
-  out->append(url);
-  out->append(">");
-  out->append(text);
+  out->append("<a href=\"");
+  out->append(EscapeForHTML(url));
+  out->append("\">");
+  out->append(EscapeForHTML(text));
   out->append("</a><br/>");
 }
 
diff --git a/webkit/blob/view_blob_internals_job.cc b/webkit/blob/view_blob_internals_job.cc
index 8e980ec..b105607 100644
--- a/webkit/blob/view_blob_internals_job.cc
+++ b/webkit/blob/view_blob_internals_job.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -37,27 +37,16 @@ void StartHTML(std::string* out) {
   out->append(
       "<!DOCTYPE HTML>"
       "<html><title>Blob Storage Internals</title>"
-      "<style>"
+      "<meta http-equiv=\"X-WebKit-CSP\""
+      "  content=\"obejct-src 'none'; script-src 'none'\">\n"
+      "<style>\n"
       "body { font-family: sans-serif; font-size: 0.8em; }\n"
       "tt, code, pre { font-family: WebKitHack, monospace; }\n"
+      "form { display: inline }\n"
       ".subsection_body { margin: 10px 0 10px 2em; }\n"
       ".subsection_title { font-weight: bold; }\n"
-      "</style>"
-      "<script>\n"
-      // Unfortunately we can't do XHR from chrome://blob-internals
-      // because the chrome:// protocol restricts access.
-      //
-      // So instead, we will send commands by doing a form
-      // submission (which as a side effect will reload the page).
-      "function SubmitCommand(command) {\n"
-      "  document.getElementById('cmd').value = command;\n"
-      "  document.getElementById('cmdsender').submit();\n"
-      "}\n"
-      "</script>\n"
-      "</head><body>"
-      "<form action='' method=GET id=cmdsender>"
-      "<input type='hidden' id=cmd name='remove'>"
-      "</form>");
+      "</style>\n"
+      "</head><body>\n");
 }
 
 void EndHTML(std::string* out) {
@@ -94,10 +83,12 @@ void AddHTMLButton(const std::string& title,
   // No need to escape title since constant string is passed.
   std::string escaped_command = EscapeForHTML(command.c_str());
   base::StringAppendF(out,
-                      "<input type=\"button\" value=\"%s\" "
-                      "onclick=\"SubmitCommand('%s')\" />",
-                      title.c_str(),
-                      escaped_command.c_str());
+                      "<form action=\"\" method=\"GET\">\n"
+                      "<input type=\"hidden\" name=\"remove\" value=\"%s\">\n"
+                      "<input type=\"submit\" value=\"%s\">\n"
+                      "</form><br/>\n",
+                      escaped_command.c_str(),
+                      title.c_str());
 }
 
 }  // namespace
@@ -173,7 +164,6 @@ void ViewBlobInternalsJob::GenerateHTML(std::string* out) const {
        ++iter) {
     AddHTMLBoldText(iter->first, out);
     AddHTMLButton(kRemove, iter->first, out);
-    out->append("<br/>");
     GenerateHTMLForBlobData(*iter->second, out);
   }
 }