OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 692 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
703 int start = attribute.nameRange.start - request.token.startIndex(); | 703 int start = attribute.nameRange.start - request.token.startIndex(); |
704 int end = attribute.valueRange.end - request.token.startIndex(); | 704 int end = attribute.valueRange.end - request.token.startIndex(); |
705 return request.sourceTracker.sourceForToken(request.token).substring(start,
end - start); | 705 return request.sourceTracker.sourceForToken(request.token).substring(start,
end - start); |
706 } | 706 } |
707 | 707 |
708 String XSSAuditor::canonicalize(String snippet, TruncationKind treatment) | 708 String XSSAuditor::canonicalize(String snippet, TruncationKind treatment) |
709 { | 709 { |
710 String decodedSnippet = fullyDecodeString(snippet, m_encoding); | 710 String decodedSnippet = fullyDecodeString(snippet, m_encoding); |
711 | 711 |
712 if (treatment != NoTruncation) { | 712 if (treatment != NoTruncation) { |
713 decodedSnippet.truncate(kMaximumFragmentLengthTarget); | 713 if (decodedSnippet.length() > kMaximumFragmentLengthTarget) { |
| 714 // Let the page influence the stopping point to avoid disclosing lea
ding fragments. |
| 715 // Stop when we hit whitespace, since that is unlikely to be part a
leading fragment. |
| 716 size_t position = kMaximumFragmentLengthTarget; |
| 717 while (position < decodedSnippet.length() && !isHTMLSpace(decodedSni
ppet[position])) |
| 718 ++position; |
| 719 decodedSnippet.truncate(position); |
| 720 } |
714 if (treatment == SrcLikeAttributeTruncation) | 721 if (treatment == SrcLikeAttributeTruncation) |
715 truncateForSrcLikeAttribute(decodedSnippet); | 722 truncateForSrcLikeAttribute(decodedSnippet); |
716 else if (treatment == ScriptLikeAttributeTruncation) | 723 else if (treatment == ScriptLikeAttributeTruncation) |
717 truncateForScriptLikeAttribute(decodedSnippet); | 724 truncateForScriptLikeAttribute(decodedSnippet); |
718 } | 725 } |
719 | 726 |
720 return decodedSnippet.removeCharacters(&isNonCanonicalCharacter); | 727 return decodedSnippet.removeCharacters(&isNonCanonicalCharacter); |
721 } | 728 } |
722 | 729 |
723 String XSSAuditor::canonicalizedSnippetForJavaScript(const FilterTokenRequest& r
equest) | 730 String XSSAuditor::canonicalizedSnippetForJavaScript(const FilterTokenRequest& r
equest) |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
826 | 833 |
827 bool XSSAuditor::isSafeToSendToAnotherThread() const | 834 bool XSSAuditor::isSafeToSendToAnotherThread() const |
828 { | 835 { |
829 return m_documentURL.isSafeToSendToAnotherThread() | 836 return m_documentURL.isSafeToSendToAnotherThread() |
830 && m_decodedURL.isSafeToSendToAnotherThread() | 837 && m_decodedURL.isSafeToSendToAnotherThread() |
831 && m_decodedHTTPBody.isSafeToSendToAnotherThread() | 838 && m_decodedHTTPBody.isSafeToSendToAnotherThread() |
832 && m_httpBodyAsString.isSafeToSendToAnotherThread(); | 839 && m_httpBodyAsString.isSafeToSendToAnotherThread(); |
833 } | 840 } |
834 | 841 |
835 } // namespace blink | 842 } // namespace blink |
OLD | NEW |