OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. | 2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
86 RefPtr<JSONObject> reportObject = JSONObject::create(); | 86 RefPtr<JSONObject> reportObject = JSONObject::create(); |
87 reportObject->setObject("xss-report", reportDetails.release()); | 87 reportObject->setObject("xss-report", reportDetails.release()); |
88 | 88 |
89 return FormData::create(reportObject->toJSONString().utf8().data()); | 89 return FormData::create(reportObject->toJSONString().utf8().data()); |
90 } | 90 } |
91 | 91 |
92 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) | 92 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) |
93 { | 93 { |
94 ASSERT(isMainThread()); | 94 ASSERT(isMainThread()); |
95 | 95 |
96 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, buildConso
leError(xssInfo, m_document->url().string())); | 96 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, buildConso
leError(xssInfo, m_document->url().string()), 0, ForceParserStateCollection); |
97 | 97 |
98 // stopAllLoaders can detach the Frame, so protect it. | 98 // stopAllLoaders can detach the Frame, so protect it. |
99 RefPtr<Frame> protect(m_document->frame()); | 99 RefPtr<Frame> protect(m_document->frame()); |
100 FrameLoader* frameLoader = m_document->frame()->loader(); | 100 FrameLoader* frameLoader = m_document->frame()->loader(); |
101 if (xssInfo.m_didBlockEntirePage) | 101 if (xssInfo.m_didBlockEntirePage) |
102 frameLoader->stopAllLoaders(); | 102 frameLoader->stopAllLoaders(); |
103 | 103 |
104 if (!m_didSendNotifications) { | 104 if (!m_didSendNotifications) { |
105 m_didSendNotifications = true; | 105 m_didSendNotifications = true; |
106 | 106 |
107 frameLoader->client()->didDetectXSS(m_document->url(), xssInfo.m_didBloc
kEntirePage); | 107 frameLoader->client()->didDetectXSS(m_document->url(), xssInfo.m_didBloc
kEntirePage); |
108 | 108 |
109 if (!m_reportURL.isEmpty()) | 109 if (!m_reportURL.isEmpty()) |
110 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, ge
nerateViolationReport(), PingLoader::XSSAuditorViolationReport); | 110 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, ge
nerateViolationReport(), PingLoader::XSSAuditorViolationReport); |
111 } | 111 } |
112 | 112 |
113 if (xssInfo.m_didBlockEntirePage) | 113 if (xssInfo.m_didBlockEntirePage) |
114 m_document->frame()->navigationScheduler()->scheduleLocationChange(m_doc
ument->securityOrigin(), SecurityOrigin::urlWithUniqueSecurityOrigin(), String()
); | 114 m_document->frame()->navigationScheduler()->scheduleLocationChange(m_doc
ument->securityOrigin(), SecurityOrigin::urlWithUniqueSecurityOrigin(), String()
); |
115 } | 115 } |
116 | 116 |
117 } // namespace WebCore | 117 } // namespace WebCore |
OLD | NEW |