| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
| 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 383 SecurityMessageSource, ErrorMessageLevel, | 383 SecurityMessageSource, ErrorMessageLevel, |
| 384 "Error parsing header X-XSS-Protection: " + headerValue + ": " + | 384 "Error parsing header X-XSS-Protection: " + headerValue + ": " + |
| 385 errorDetails + " at character position " + | 385 errorDetails + " at character position " + |
| 386 String::format("%u", errorPosition) + | 386 String::format("%u", errorPosition) + |
| 387 ". The default protections will be applied.")); | 387 ". The default protections will be applied.")); |
| 388 } | 388 } |
| 389 | 389 |
| 390 m_xssProtection = xssProtectionHeader; | 390 m_xssProtection = xssProtectionHeader; |
| 391 if (m_xssProtection == ReflectedXSSInvalid || | 391 if (m_xssProtection == ReflectedXSSInvalid || |
| 392 m_xssProtection == ReflectedXSSUnset) { | 392 m_xssProtection == ReflectedXSSUnset) { |
| 393 m_xssProtection = FilterReflectedXSS; | 393 m_xssProtection = BlockReflectedXSS; |
| 394 } | 394 } |
| 395 | 395 |
| 396 if (auditorDelegate) | 396 if (auditorDelegate) |
| 397 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); | 397 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); |
| 398 | 398 |
| 399 EncodedFormData* httpBody = documentLoader->request().httpBody(); | 399 EncodedFormData* httpBody = documentLoader->request().httpBody(); |
| 400 if (httpBody && !httpBody->isEmpty()) | 400 if (httpBody && !httpBody->isEmpty()) |
| 401 m_httpBodyAsString = httpBody->flattenToString(); | 401 m_httpBodyAsString = httpBody->flattenToString(); |
| 402 } | 402 } |
| 403 | 403 |
| (...skipping 497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 901 } | 901 } |
| 902 | 902 |
| 903 bool XSSAuditor::isSafeToSendToAnotherThread() const { | 903 bool XSSAuditor::isSafeToSendToAnotherThread() const { |
| 904 return m_documentURL.isSafeToSendToAnotherThread() && | 904 return m_documentURL.isSafeToSendToAnotherThread() && |
| 905 m_decodedURL.isSafeToSendToAnotherThread() && | 905 m_decodedURL.isSafeToSendToAnotherThread() && |
| 906 m_decodedHTTPBody.isSafeToSendToAnotherThread() && | 906 m_decodedHTTPBody.isSafeToSendToAnotherThread() && |
| 907 m_httpBodyAsString.isSafeToSendToAnotherThread(); | 907 m_httpBodyAsString.isSafeToSendToAnotherThread(); |
| 908 } | 908 } |
| 909 | 909 |
| 910 } // namespace blink | 910 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2524013002:
XSS Auditor: Block by default. (Closed)
