Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(24)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/parser/XSSAuditor.cpp

Issue 1291723004: Remove all support for <applet> handling in Chrome. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Hopefully all the tests Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« Source/core/html/HTMLAppletElement.h ('K') | « Source/core/html/parser/XSSAuditor.h ('k') | Source/core/layout/LayoutApplet.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved.
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com).
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 416 matching lines...) Expand 10 before | Expand all | Expand 10 after
427 if (hasName(request.token, scriptTag)) { 427 if (hasName(request.token, scriptTag)) {
428 didBlockScript |= filterScriptToken(request); 428 didBlockScript |= filterScriptToken(request);
429 ASSERT(request.shouldAllowCDATA || !m_scriptTagNestingLevel); 429 ASSERT(request.shouldAllowCDATA || !m_scriptTagNestingLevel);
430 m_scriptTagNestingLevel++; 430 m_scriptTagNestingLevel++;
431 } else if (hasName(request.token, objectTag)) 431 } else if (hasName(request.token, objectTag))
432 didBlockScript |= filterObjectToken(request); 432 didBlockScript |= filterObjectToken(request);
433 else if (hasName(request.token, paramTag)) 433 else if (hasName(request.token, paramTag))
434 didBlockScript |= filterParamToken(request); 434 didBlockScript |= filterParamToken(request);
435 else if (hasName(request.token, embedTag)) 435 else if (hasName(request.token, embedTag))
436 didBlockScript |= filterEmbedToken(request); 436 didBlockScript |= filterEmbedToken(request);
437 else if (hasName(request.token, appletTag))
438 didBlockScript |= filterAppletToken(request);
439 else if (hasName(request.token, iframeTag) || hasName(request.token, frameTa g)) 437 else if (hasName(request.token, iframeTag) || hasName(request.token, frameTa g))
440 didBlockScript |= filterFrameToken(request); 438 didBlockScript |= filterFrameToken(request);
441 else if (hasName(request.token, metaTag)) 439 else if (hasName(request.token, metaTag))
442 didBlockScript |= filterMetaToken(request); 440 didBlockScript |= filterMetaToken(request);
443 else if (hasName(request.token, baseTag)) 441 else if (hasName(request.token, baseTag))
444 didBlockScript |= filterBaseToken(request); 442 didBlockScript |= filterBaseToken(request);
445 else if (hasName(request.token, formTag)) 443 else if (hasName(request.token, formTag))
446 didBlockScript |= filterFormToken(request); 444 didBlockScript |= filterFormToken(request);
447 else if (hasName(request.token, inputTag)) 445 else if (hasName(request.token, inputTag))
448 didBlockScript |= filterInputToken(request); 446 didBlockScript |= filterInputToken(request);
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
537 535
538 bool didBlockScript = false; 536 bool didBlockScript = false;
539 if (isContainedInRequest(canonicalizedSnippetForTagName(request))) { 537 if (isContainedInRequest(canonicalizedSnippetForTagName(request))) {
540 didBlockScript |= eraseAttributeIfInjected(request, codeAttr, String(), SrcLikeAttributeTruncation); 538 didBlockScript |= eraseAttributeIfInjected(request, codeAttr, String(), SrcLikeAttributeTruncation);
541 didBlockScript |= eraseAttributeIfInjected(request, srcAttr, blankURL(). string(), SrcLikeAttributeTruncation); 539 didBlockScript |= eraseAttributeIfInjected(request, srcAttr, blankURL(). string(), SrcLikeAttributeTruncation);
542 didBlockScript |= eraseAttributeIfInjected(request, typeAttr); 540 didBlockScript |= eraseAttributeIfInjected(request, typeAttr);
543 } 541 }
544 return didBlockScript; 542 return didBlockScript;
545 } 543 }
546 544
547 bool XSSAuditor::filterAppletToken(const FilterTokenRequest& request)
548 {
549 ASSERT(request.token.type() == HTMLToken::StartTag);
550 ASSERT(hasName(request.token, appletTag));
551
552 bool didBlockScript = false;
553 if (isContainedInRequest(canonicalizedSnippetForTagName(request))) {
554 didBlockScript |= eraseAttributeIfInjected(request, codeAttr, String(), SrcLikeAttributeTruncation);
555 didBlockScript |= eraseAttributeIfInjected(request, objectAttr);
556 }
557 return didBlockScript;
558 }
559
560 bool XSSAuditor::filterFrameToken(const FilterTokenRequest& request) 545 bool XSSAuditor::filterFrameToken(const FilterTokenRequest& request)
561 { 546 {
562 ASSERT(request.token.type() == HTMLToken::StartTag); 547 ASSERT(request.token.type() == HTMLToken::StartTag);
563 ASSERT(hasName(request.token, iframeTag) || hasName(request.token, frameTag) ); 548 ASSERT(hasName(request.token, iframeTag) || hasName(request.token, frameTag) );
564 549
565 bool didBlockScript = eraseAttributeIfInjected(request, srcdocAttr, String() , ScriptLikeAttributeTruncation); 550 bool didBlockScript = eraseAttributeIfInjected(request, srcdocAttr, String() , ScriptLikeAttributeTruncation);
566 if (isContainedInRequest(canonicalizedSnippetForTagName(request))) 551 if (isContainedInRequest(canonicalizedSnippetForTagName(request)))
567 didBlockScript |= eraseAttributeIfInjected(request, srcAttr, String(), S rcLikeAttributeTruncation); 552 didBlockScript |= eraseAttributeIfInjected(request, srcAttr, String(), S rcLikeAttributeTruncation);
568 553
569 return didBlockScript; 554 return didBlockScript;
(...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after
837 822
838 bool XSSAuditor::isSafeToSendToAnotherThread() const 823 bool XSSAuditor::isSafeToSendToAnotherThread() const
839 { 824 {
840 return m_documentURL.isSafeToSendToAnotherThread() 825 return m_documentURL.isSafeToSendToAnotherThread()
841 && m_decodedURL.isSafeToSendToAnotherThread() 826 && m_decodedURL.isSafeToSendToAnotherThread()
842 && m_decodedHTTPBody.isSafeToSendToAnotherThread() 827 && m_decodedHTTPBody.isSafeToSendToAnotherThread()
843 && m_httpBodyAsString.isSafeToSendToAnotherThread(); 828 && m_httpBodyAsString.isSafeToSendToAnotherThread();
844 } 829 }
845 830
846 } // namespace blink 831 } // namespace blink
OLDNEW
« Source/core/html/HTMLAppletElement.h ('K') | « Source/core/html/parser/XSSAuditor.h ('k') | Source/core/layout/LayoutApplet.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698