OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 631 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
642 DCHECK(HasName(request.token, baseTag)); | 642 DCHECK(HasName(request.token, baseTag)); |
643 | 643 |
644 return EraseAttributeIfInjected(request, hrefAttr, String(), | 644 return EraseAttributeIfInjected(request, hrefAttr, String(), |
645 kSrcLikeAttributeTruncation); | 645 kSrcLikeAttributeTruncation); |
646 } | 646 } |
647 | 647 |
648 bool XSSAuditor::FilterFormToken(const FilterTokenRequest& request) { | 648 bool XSSAuditor::FilterFormToken(const FilterTokenRequest& request) { |
649 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); | 649 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); |
650 DCHECK(HasName(request.token, formTag)); | 650 DCHECK(HasName(request.token, formTag)); |
651 | 651 |
652 return EraseAttributeIfInjected(request, actionAttr, kURLWithUniqueOrigin); | 652 return EraseAttributeIfInjected(request, actionAttr, kURLWithUniqueOrigin, |
| 653 kSrcLikeAttributeTruncation); |
653 } | 654 } |
654 | 655 |
655 bool XSSAuditor::FilterInputToken(const FilterTokenRequest& request) { | 656 bool XSSAuditor::FilterInputToken(const FilterTokenRequest& request) { |
656 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); | 657 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); |
657 DCHECK(HasName(request.token, inputTag)); | 658 DCHECK(HasName(request.token, inputTag)); |
658 | 659 |
659 return EraseAttributeIfInjected(request, formactionAttr, kURLWithUniqueOrigin, | 660 return EraseAttributeIfInjected(request, formactionAttr, kURLWithUniqueOrigin, |
660 kSrcLikeAttributeTruncation); | 661 kSrcLikeAttributeTruncation); |
661 } | 662 } |
662 | 663 |
(...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
937 } | 938 } |
938 | 939 |
939 bool XSSAuditor::IsSafeToSendToAnotherThread() const { | 940 bool XSSAuditor::IsSafeToSendToAnotherThread() const { |
940 return document_url_.IsSafeToSendToAnotherThread() && | 941 return document_url_.IsSafeToSendToAnotherThread() && |
941 decoded_url_.IsSafeToSendToAnotherThread() && | 942 decoded_url_.IsSafeToSendToAnotherThread() && |
942 decoded_http_body_.IsSafeToSendToAnotherThread() && | 943 decoded_http_body_.IsSafeToSendToAnotherThread() && |
943 http_body_as_string_.IsSafeToSendToAnotherThread(); | 944 http_body_as_string_.IsSafeToSendToAnotherThread(); |
944 } | 945 } |
945 | 946 |
946 } // namespace blink | 947 } // namespace blink |
OLD | NEW |