OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. | 2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
97 | 97 |
98 std::unique_ptr<JSONObject> reportObject = JSONObject::create(); | 98 std::unique_ptr<JSONObject> reportObject = JSONObject::create(); |
99 reportObject->setObject("xss-report", std::move(reportDetails)); | 99 reportObject->setObject("xss-report", std::move(reportDetails)); |
100 | 100 |
101 return EncodedFormData::create(reportObject->toJSONString().utf8().data()); | 101 return EncodedFormData::create(reportObject->toJSONString().utf8().data()); |
102 } | 102 } |
103 | 103 |
104 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) { | 104 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) { |
105 ASSERT(isMainThread()); | 105 ASSERT(isMainThread()); |
106 | 106 |
107 UseCounter::count(m_document, xssInfo.m_didBlockEntirePage | 107 UseCounter::count(m_document, |
108 ? UseCounter::XSSAuditorBlockedEntirePage | 108 xssInfo.m_didBlockEntirePage |
109 : UseCounter::XSSAuditorBlockedScript); | 109 ? UseCounter::XSSAuditorBlockedEntirePage |
| 110 : UseCounter::XSSAuditorBlockedScript); |
110 | 111 |
111 m_document->addConsoleMessage(ConsoleMessage::create( | 112 m_document->addConsoleMessage(ConsoleMessage::create( |
112 JSMessageSource, ErrorMessageLevel, xssInfo.buildConsoleError())); | 113 JSMessageSource, ErrorMessageLevel, xssInfo.buildConsoleError())); |
113 | 114 |
114 FrameLoader& frameLoader = m_document->frame()->loader(); | 115 FrameLoader& frameLoader = m_document->frame()->loader(); |
115 if (xssInfo.m_didBlockEntirePage) | 116 if (xssInfo.m_didBlockEntirePage) |
116 frameLoader.stopAllLoaders(); | 117 frameLoader.stopAllLoaders(); |
117 | 118 |
118 if (!m_didSendNotifications && frameLoader.client()) { | 119 if (!m_didSendNotifications && frameLoader.client()) { |
119 m_didSendNotifications = true; | 120 m_didSendNotifications = true; |
120 | 121 |
121 frameLoader.client()->didDetectXSS(m_document->url(), | 122 frameLoader.client()->didDetectXSS(m_document->url(), |
122 xssInfo.m_didBlockEntirePage); | 123 xssInfo.m_didBlockEntirePage); |
123 | 124 |
124 if (!m_reportURL.isEmpty()) | 125 if (!m_reportURL.isEmpty()) |
125 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, | 126 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, |
126 generateViolationReport(xssInfo), | 127 generateViolationReport(xssInfo), |
127 PingLoader::XSSAuditorViolationReport); | 128 PingLoader::XSSAuditorViolationReport); |
128 } | 129 } |
129 | 130 |
130 if (xssInfo.m_didBlockEntirePage) { | 131 if (xssInfo.m_didBlockEntirePage) { |
131 m_document->frame()->navigationScheduler().schedulePageBlock( | 132 m_document->frame()->navigationScheduler().schedulePageBlock( |
132 m_document, ResourceError::BLOCKED_BY_XSS_AUDITOR); | 133 m_document, ResourceError::BLOCKED_BY_XSS_AUDITOR); |
133 } | 134 } |
134 } | 135 } |
135 | 136 |
136 } // namespace blink | 137 } // namespace blink |
OLD | NEW |