Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/parser/XSSAuditor.cpp

Issue 1311923004: Rename FormData/FormDataBuilder to EncodedFormData/FormDataEncoder respectively. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« Source/core/html/FormDataList.cpp ('K') | « Source/core/html/FormDataList.cpp ('k') | Source/core/html/parser/XSSAuditorDelegate.h » ('j') | Source/modules/fetch/FetchFormDataConsumerHandle.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved.
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com).
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 26 matching lines...) Expand all
37 #include "core/html/HTMLParamElement.h" 37 #include "core/html/HTMLParamElement.h"
38 #include "core/html/LinkRelAttribute.h" 38 #include "core/html/LinkRelAttribute.h"
39 #include "core/html/parser/HTMLDocumentParser.h" 39 #include "core/html/parser/HTMLDocumentParser.h"
40 #include "core/html/parser/HTMLParserIdioms.h" 40 #include "core/html/parser/HTMLParserIdioms.h"
41 #include "core/html/parser/TextResourceDecoder.h" 41 #include "core/html/parser/TextResourceDecoder.h"
42 #include "core/html/parser/XSSAuditorDelegate.h" 42 #include "core/html/parser/XSSAuditorDelegate.h"
43 #include "core/inspector/ConsoleMessage.h" 43 #include "core/inspector/ConsoleMessage.h"
44 #include "core/loader/DocumentLoader.h" 44 #include "core/loader/DocumentLoader.h"
45 #include "core/loader/MixedContentChecker.h" 45 #include "core/loader/MixedContentChecker.h"
46 #include "platform/JSONValues.h" 46 #include "platform/JSONValues.h"
47 #include "platform/network/FormData.h" 47 #include "platform/network/EncodedFormData.h"
48 #include "platform/text/DecodeEscapeSequences.h" 48 #include "platform/text/DecodeEscapeSequences.h"
49 #include "wtf/ASCIICType.h" 49 #include "wtf/ASCIICType.h"
50 #include "wtf/MainThread.h" 50 #include "wtf/MainThread.h"
51 51
52 namespace { 52 namespace {
53 53
54 // SecurityOrigin::urlWithUniqueSecurityOrigin() can't be used cross-thread, or we'd use it instead. 54 // SecurityOrigin::urlWithUniqueSecurityOrigin() can't be used cross-thread, or we'd use it instead.
55 const char kURLWithUniqueOrigin[] = "data:,"; 55 const char kURLWithUniqueOrigin[] = "data:,";
56 56
57 const char kSafeJavaScriptURL[] = "javascript:void(0)"; 57 const char kSafeJavaScriptURL[] = "javascript:void(0)";
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after
353 document->addConsoleMessage(ConsoleMessage::create(SecurityMessageSo urce, ErrorMessageLevel, "Error parsing header X-XSS-Protection: " + headerValue + ": " + errorDetails + " at character position " + String::format("%u", error Position) + ". The default protections will be applied.")); 353 document->addConsoleMessage(ConsoleMessage::create(SecurityMessageSo urce, ErrorMessageLevel, "Error parsing header X-XSS-Protection: " + headerValue + ": " + errorDetails + " at character position " + String::format("%u", error Position) + ". The default protections will be applied."));
354 354
355 ReflectedXSSDisposition cspHeader = document->contentSecurityPolicy()->r eflectedXSSDisposition(); 355 ReflectedXSSDisposition cspHeader = document->contentSecurityPolicy()->r eflectedXSSDisposition();
356 m_didSendValidCSPHeader = cspHeader != ReflectedXSSUnset && cspHeader != ReflectedXSSInvalid; 356 m_didSendValidCSPHeader = cspHeader != ReflectedXSSUnset && cspHeader != ReflectedXSSInvalid;
357 357
358 m_xssProtection = combineXSSProtectionHeaderAndCSP(xssProtectionHeader, cspHeader); 358 m_xssProtection = combineXSSProtectionHeaderAndCSP(xssProtectionHeader, cspHeader);
359 // FIXME: Combine the two report URLs in some reasonable way. 359 // FIXME: Combine the two report URLs in some reasonable way.
360 if (auditorDelegate) 360 if (auditorDelegate)
361 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); 361 auditorDelegate->setReportURL(xssProtectionReportURL.copy());
362 362
363 FormData* httpBody = documentLoader->request().httpBody(); 363 EncodedFormData* httpBody = documentLoader->request().httpBody();
364 if (httpBody && !httpBody->isEmpty()) 364 if (httpBody && !httpBody->isEmpty())
365 m_httpBodyAsString = httpBody->flattenToString(); 365 m_httpBodyAsString = httpBody->flattenToString();
366 } 366 }
367 367
368 setEncoding(m_encoding); 368 setEncoding(m_encoding);
369 } 369 }
370 370
371 void XSSAuditor::setEncoding(const WTF::TextEncoding& encoding) 371 void XSSAuditor::setEncoding(const WTF::TextEncoding& encoding)
372 { 372 {
373 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. 373 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter.
(...skipping 448 matching lines...) Expand 10 before | Expand all | Expand 10 after
822 822
823 bool XSSAuditor::isSafeToSendToAnotherThread() const 823 bool XSSAuditor::isSafeToSendToAnotherThread() const
824 { 824 {
825 return m_documentURL.isSafeToSendToAnotherThread() 825 return m_documentURL.isSafeToSendToAnotherThread()
826 && m_decodedURL.isSafeToSendToAnotherThread() 826 && m_decodedURL.isSafeToSendToAnotherThread()
827 && m_decodedHTTPBody.isSafeToSendToAnotherThread() 827 && m_decodedHTTPBody.isSafeToSendToAnotherThread()
828 && m_httpBodyAsString.isSafeToSendToAnotherThread(); 828 && m_httpBodyAsString.isSafeToSendToAnotherThread();
829 } 829 }
830 830
831 } // namespace blink 831 } // namespace blink
OLDNEW
« Source/core/html/FormDataList.cpp ('K') | « Source/core/html/FormDataList.cpp ('k') | Source/core/html/parser/XSSAuditorDelegate.h » ('j') | Source/modules/fetch/FetchFormDataConsumerHandle.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698