OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. | 2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
45 message.append("The XSS Auditor "); | 45 message.append("The XSS Auditor "); |
46 message.append(m_didBlockEntirePage ? "blocked access to" | 46 message.append(m_didBlockEntirePage ? "blocked access to" |
47 : "refused to execute a script in"); | 47 : "refused to execute a script in"); |
48 message.append(" '"); | 48 message.append(" '"); |
49 message.append(m_originalURL); | 49 message.append(m_originalURL); |
50 message.append("' because "); | 50 message.append("' because "); |
51 message.append(m_didBlockEntirePage ? "the source code of a script" | 51 message.append(m_didBlockEntirePage ? "the source code of a script" |
52 : "its source code"); | 52 : "its source code"); |
53 message.append(" was found within the request."); | 53 message.append(" was found within the request."); |
54 | 54 |
55 if (m_didSendCSPHeader) | 55 if (m_didSendXSSProtectionHeader) |
56 message.append( | |
57 " The server sent a 'Content-Security-Policy' header requesting this " | |
58 "behavior."); | |
59 else if (m_didSendXSSProtectionHeader) | |
60 message.append( | 56 message.append( |
61 " The server sent an 'X-XSS-Protection' header requesting this " | 57 " The server sent an 'X-XSS-Protection' header requesting this " |
62 "behavior."); | 58 "behavior."); |
63 else | 59 else |
64 message.append( | 60 message.append( |
65 " The auditor was enabled as the server sent neither an " | 61 " The auditor was enabled as the server did not send an " |
66 "'X-XSS-Protection' nor 'Content-Security-Policy' header."); | 62 "'X-XSS-Protection' header."); |
67 | 63 |
68 return message.toString(); | 64 return message.toString(); |
69 } | 65 } |
70 | 66 |
71 bool XSSInfo::isSafeToSendToAnotherThread() const { | 67 bool XSSInfo::isSafeToSendToAnotherThread() const { |
72 return m_originalURL.isSafeToSendToAnotherThread(); | 68 return m_originalURL.isSafeToSendToAnotherThread(); |
73 } | 69 } |
74 | 70 |
75 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) | 71 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) |
76 : m_document(document), m_didSendNotifications(false) { | 72 : m_document(document), m_didSendNotifications(false) { |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
128 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, | 124 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, |
129 generateViolationReport(xssInfo), | 125 generateViolationReport(xssInfo), |
130 PingLoader::XSSAuditorViolationReport); | 126 PingLoader::XSSAuditorViolationReport); |
131 } | 127 } |
132 | 128 |
133 if (xssInfo.m_didBlockEntirePage) | 129 if (xssInfo.m_didBlockEntirePage) |
134 m_document->frame()->navigationScheduler().schedulePageBlock(m_document); | 130 m_document->frame()->navigationScheduler().schedulePageBlock(m_document); |
135 } | 131 } |
136 | 132 |
137 } // namespace blink | 133 } // namespace blink |
OLD | NEW |