OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
383 SecurityMessageSource, ErrorMessageLevel, | 383 SecurityMessageSource, ErrorMessageLevel, |
384 "Error parsing header X-XSS-Protection: " + headerValue + ": " + | 384 "Error parsing header X-XSS-Protection: " + headerValue + ": " + |
385 errorDetails + " at character position " + | 385 errorDetails + " at character position " + |
386 String::format("%u", errorPosition) + | 386 String::format("%u", errorPosition) + |
387 ". The default protections will be applied.")); | 387 ". The default protections will be applied.")); |
388 } | 388 } |
389 | 389 |
390 m_xssProtection = xssProtectionHeader; | 390 m_xssProtection = xssProtectionHeader; |
391 if (m_xssProtection == ReflectedXSSInvalid || | 391 if (m_xssProtection == ReflectedXSSInvalid || |
392 m_xssProtection == ReflectedXSSUnset) { | 392 m_xssProtection == ReflectedXSSUnset) { |
393 m_xssProtection = FilterReflectedXSS; | 393 m_xssProtection = BlockReflectedXSS; |
394 } | 394 } |
395 | 395 |
396 if (auditorDelegate) | 396 if (auditorDelegate) |
397 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); | 397 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); |
398 | 398 |
399 EncodedFormData* httpBody = documentLoader->request().httpBody(); | 399 EncodedFormData* httpBody = documentLoader->request().httpBody(); |
400 if (httpBody && !httpBody->isEmpty()) | 400 if (httpBody && !httpBody->isEmpty()) |
401 m_httpBodyAsString = httpBody->flattenToString(); | 401 m_httpBodyAsString = httpBody->flattenToString(); |
402 } | 402 } |
403 | 403 |
(...skipping 497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
901 } | 901 } |
902 | 902 |
903 bool XSSAuditor::isSafeToSendToAnotherThread() const { | 903 bool XSSAuditor::isSafeToSendToAnotherThread() const { |
904 return m_documentURL.isSafeToSendToAnotherThread() && | 904 return m_documentURL.isSafeToSendToAnotherThread() && |
905 m_decodedURL.isSafeToSendToAnotherThread() && | 905 m_decodedURL.isSafeToSendToAnotherThread() && |
906 m_decodedHTTPBody.isSafeToSendToAnotherThread() && | 906 m_decodedHTTPBody.isSafeToSendToAnotherThread() && |
907 m_httpBodyAsString.isSafeToSendToAnotherThread(); | 907 m_httpBodyAsString.isSafeToSendToAnotherThread(); |
908 } | 908 } |
909 | 909 |
910 } // namespace blink | 910 } // namespace blink |
OLD | NEW |