OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
11 * notice, this list of conditions and the following disclaimer in the | 11 * notice, this list of conditions and the following disclaimer in the |
12 * documentation and/or other materials provided with the distribution. | 12 * documentation and/or other materials provided with the distribution. |
13 * | 13 * |
14 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY | 14 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY |
15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR | 17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR |
18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | 18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | 19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | 20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | 21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
25 */ | 25 */ |
26 | 26 |
27 #include "core/html/parser/XSSAuditor.h" | 27 #include "core/html/parser/XSSAuditor.h" |
28 | 28 |
| 29 #include <memory> |
29 #include "core/HTMLNames.h" | 30 #include "core/HTMLNames.h" |
30 #include "core/SVGNames.h" | 31 #include "core/SVGNames.h" |
31 #include "core/XLinkNames.h" | 32 #include "core/XLinkNames.h" |
32 #include "core/dom/Document.h" | 33 #include "core/dom/Document.h" |
33 #include "core/frame/LocalFrame.h" | 34 #include "core/frame/LocalFrame.h" |
34 #include "core/frame/Settings.h" | 35 #include "core/frame/Settings.h" |
35 #include "core/html/HTMLParamElement.h" | 36 #include "core/html/HTMLParamElement.h" |
36 #include "core/html/LinkRelAttribute.h" | 37 #include "core/html/LinkRelAttribute.h" |
37 #include "core/html/parser/HTMLDocumentParser.h" | 38 #include "core/html/parser/HTMLDocumentParser.h" |
38 #include "core/html/parser/HTMLParserIdioms.h" | 39 #include "core/html/parser/HTMLParserIdioms.h" |
39 #include "core/html/parser/TextResourceDecoder.h" | 40 #include "core/html/parser/TextResourceDecoder.h" |
40 #include "core/html/parser/XSSAuditorDelegate.h" | 41 #include "core/html/parser/XSSAuditorDelegate.h" |
41 #include "core/inspector/ConsoleMessage.h" | 42 #include "core/inspector/ConsoleMessage.h" |
42 #include "core/loader/DocumentLoader.h" | 43 #include "core/loader/DocumentLoader.h" |
43 #include "core/loader/MixedContentChecker.h" | 44 #include "core/loader/MixedContentChecker.h" |
44 #include "platform/network/EncodedFormData.h" | 45 #include "platform/network/EncodedFormData.h" |
45 #include "platform/text/DecodeEscapeSequences.h" | 46 #include "platform/text/DecodeEscapeSequences.h" |
46 #include "wtf/ASCIICType.h" | 47 #include "wtf/ASCIICType.h" |
47 #include "wtf/PtrUtil.h" | 48 #include "wtf/PtrUtil.h" |
48 #include <memory> | |
49 | 49 |
50 namespace { | 50 namespace { |
51 | 51 |
52 // SecurityOrigin::urlWithUniqueSecurityOrigin() can't be used cross-thread, or | 52 // SecurityOrigin::urlWithUniqueSecurityOrigin() can't be used cross-thread, or |
53 // we'd use it instead. | 53 // we'd use it instead. |
54 const char kURLWithUniqueOrigin[] = "data:,"; | 54 const char kURLWithUniqueOrigin[] = "data:,"; |
55 | 55 |
56 const char kSafeJavaScriptURL[] = "javascript:void(0)"; | 56 const char kSafeJavaScriptURL[] = "javascript:void(0)"; |
57 | 57 |
58 } // namespace | 58 } // namespace |
(...skipping 876 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
935 } | 935 } |
936 | 936 |
937 bool XSSAuditor::isSafeToSendToAnotherThread() const { | 937 bool XSSAuditor::isSafeToSendToAnotherThread() const { |
938 return m_documentURL.isSafeToSendToAnotherThread() && | 938 return m_documentURL.isSafeToSendToAnotherThread() && |
939 m_decodedURL.isSafeToSendToAnotherThread() && | 939 m_decodedURL.isSafeToSendToAnotherThread() && |
940 m_decodedHTTPBody.isSafeToSendToAnotherThread() && | 940 m_decodedHTTPBody.isSafeToSendToAnotherThread() && |
941 m_httpBodyAsString.isSafeToSendToAnotherThread(); | 941 m_httpBodyAsString.isSafeToSendToAnotherThread(); |
942 } | 942 } |
943 | 943 |
944 } // namespace blink | 944 } // namespace blink |
OLD | NEW |