Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(344)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/html/parser/XSSAuditorDelegate.cpp

Issue 2428473004: Remove the 'reflected-xss' directive from CSP. (Closed)
Patch Set: Test. Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/html/parser/XSSAuditorDelegate.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. 2 * Copyright (C) 2013 Google, Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 message.append("The XSS Auditor "); 45 message.append("The XSS Auditor ");
46 message.append(m_didBlockEntirePage ? "blocked access to" 46 message.append(m_didBlockEntirePage ? "blocked access to"
47 : "refused to execute a script in"); 47 : "refused to execute a script in");
48 message.append(" '"); 48 message.append(" '");
49 message.append(m_originalURL); 49 message.append(m_originalURL);
50 message.append("' because "); 50 message.append("' because ");
51 message.append(m_didBlockEntirePage ? "the source code of a script" 51 message.append(m_didBlockEntirePage ? "the source code of a script"
52 : "its source code"); 52 : "its source code");
53 message.append(" was found within the request."); 53 message.append(" was found within the request.");
54 54
55 if (m_didSendCSPHeader) 55 if (m_didSendXSSProtectionHeader)
56 message.append(
57 " The server sent a 'Content-Security-Policy' header requesting this "
58 "behavior.");
59 else if (m_didSendXSSProtectionHeader)
60 message.append( 56 message.append(
61 " The server sent an 'X-XSS-Protection' header requesting this " 57 " The server sent an 'X-XSS-Protection' header requesting this "
62 "behavior."); 58 "behavior.");
63 else 59 else
64 message.append( 60 message.append(
65 " The auditor was enabled as the server sent neither an " 61 " The auditor was enabled as the server did not send an "
66 "'X-XSS-Protection' nor 'Content-Security-Policy' header."); 62 "'X-XSS-Protection' header.");
67 63
68 return message.toString(); 64 return message.toString();
69 } 65 }
70 66
71 bool XSSInfo::isSafeToSendToAnotherThread() const { 67 bool XSSInfo::isSafeToSendToAnotherThread() const {
72 return m_originalURL.isSafeToSendToAnotherThread(); 68 return m_originalURL.isSafeToSendToAnotherThread();
73 } 69 }
74 70
75 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) 71 XSSAuditorDelegate::XSSAuditorDelegate(Document* document)
76 : m_document(document), m_didSendNotifications(false) { 72 : m_document(document), m_didSendNotifications(false) {
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, 124 PingLoader::sendViolationReport(m_document->frame(), m_reportURL,
129 generateViolationReport(xssInfo), 125 generateViolationReport(xssInfo),
130 PingLoader::XSSAuditorViolationReport); 126 PingLoader::XSSAuditorViolationReport);
131 } 127 }
132 128
133 if (xssInfo.m_didBlockEntirePage) 129 if (xssInfo.m_didBlockEntirePage)
134 m_document->frame()->navigationScheduler().schedulePageBlock(m_document); 130 m_document->frame()->navigationScheduler().schedulePageBlock(m_document);
135 } 131 }
136 132
137 } // namespace blink 133 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/html/parser/XSSAuditorDelegate.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698