OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
311 | 311 |
312 RefPtr<FormData> report = FormData::create(reportObject->toJSONStrin
g().utf8().data()); | 312 RefPtr<FormData> report = FormData::create(reportObject->toJSONStrin
g().utf8().data()); |
313 PingLoader::sendViolationReport(m_parser->document()->frame(), m_rep
ortURL, report); | 313 PingLoader::sendViolationReport(m_parser->document()->frame(), m_rep
ortURL, report); |
314 | 314 |
315 m_reportURL = KURL(); | 315 m_reportURL = KURL(); |
316 m_originalURL = String(); | 316 m_originalURL = String(); |
317 m_originalHTTPBody = String(); | 317 m_originalHTTPBody = String(); |
318 } | 318 } |
319 | 319 |
320 if (didBlockEntirePage) | 320 if (didBlockEntirePage) |
321 m_parser->document()->frame()->navigationScheduler()->scheduleLocati
onChange(m_parser->document()->securityOrigin(), blankURL(), String()); | 321 m_parser->document()->frame()->navigationScheduler()->scheduleLocati
onChange(m_parser->document()->securityOrigin(), blankURL(), blankURL()); |
322 } | 322 } |
323 } | 323 } |
324 | 324 |
325 bool XSSAuditor::filterStartToken(HTMLToken& token) | 325 bool XSSAuditor::filterStartToken(HTMLToken& token) |
326 { | 326 { |
327 bool didBlockScript = eraseDangerousAttributesIfInjected(token); | 327 bool didBlockScript = eraseDangerousAttributesIfInjected(token); |
328 | 328 |
329 if (hasName(token, scriptTag)) { | 329 if (hasName(token, scriptTag)) { |
330 didBlockScript |= filterScriptToken(token); | 330 didBlockScript |= filterScriptToken(token); |
331 ASSERT(m_shouldAllowCDATA || !m_scriptTagNestingLevel); | 331 ASSERT(m_shouldAllowCDATA || !m_scriptTagNestingLevel); |
(...skipping 343 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
675 // something dangerous with the query string. | 675 // something dangerous with the query string. |
676 const KURL& documentURL = m_parser->document()->url(); | 676 const KURL& documentURL = m_parser->document()->url(); |
677 if (documentURL.host().isEmpty()) | 677 if (documentURL.host().isEmpty()) |
678 return false; | 678 return false; |
679 | 679 |
680 KURL resourceURL(documentURL, url); | 680 KURL resourceURL(documentURL, url); |
681 return (documentURL.host() == resourceURL.host() && resourceURL.query().isEm
pty()); | 681 return (documentURL.host() == resourceURL.host() && resourceURL.query().isEm
pty()); |
682 } | 682 } |
683 | 683 |
684 } // namespace WebCore | 684 } // namespace WebCore |
OLD | NEW |