| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
| 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 631 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 642 DCHECK(HasName(request.token, baseTag)); | 642 DCHECK(HasName(request.token, baseTag)); |
| 643 | 643 |
| 644 return EraseAttributeIfInjected(request, hrefAttr, String(), | 644 return EraseAttributeIfInjected(request, hrefAttr, String(), |
| 645 kSrcLikeAttributeTruncation); | 645 kSrcLikeAttributeTruncation); |
| 646 } | 646 } |
| 647 | 647 |
| 648 bool XSSAuditor::FilterFormToken(const FilterTokenRequest& request) { | 648 bool XSSAuditor::FilterFormToken(const FilterTokenRequest& request) { |
| 649 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); | 649 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); |
| 650 DCHECK(HasName(request.token, formTag)); | 650 DCHECK(HasName(request.token, formTag)); |
| 651 | 651 |
| 652 return EraseAttributeIfInjected(request, actionAttr, kURLWithUniqueOrigin); | 652 return EraseAttributeIfInjected(request, actionAttr, kURLWithUniqueOrigin, |
| 653 kSrcLikeAttributeTruncation); |
| 653 } | 654 } |
| 654 | 655 |
| 655 bool XSSAuditor::FilterInputToken(const FilterTokenRequest& request) { | 656 bool XSSAuditor::FilterInputToken(const FilterTokenRequest& request) { |
| 656 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); | 657 DCHECK_EQ(request.token.GetType(), HTMLToken::kStartTag); |
| 657 DCHECK(HasName(request.token, inputTag)); | 658 DCHECK(HasName(request.token, inputTag)); |
| 658 | 659 |
| 659 return EraseAttributeIfInjected(request, formactionAttr, kURLWithUniqueOrigin, | 660 return EraseAttributeIfInjected(request, formactionAttr, kURLWithUniqueOrigin, |
| 660 kSrcLikeAttributeTruncation); | 661 kSrcLikeAttributeTruncation); |
| 661 } | 662 } |
| 662 | 663 |
| (...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 937 } | 938 } |
| 938 | 939 |
| 939 bool XSSAuditor::IsSafeToSendToAnotherThread() const { | 940 bool XSSAuditor::IsSafeToSendToAnotherThread() const { |
| 940 return document_url_.IsSafeToSendToAnotherThread() && | 941 return document_url_.IsSafeToSendToAnotherThread() && |
| 941 decoded_url_.IsSafeToSendToAnotherThread() && | 942 decoded_url_.IsSafeToSendToAnotherThread() && |
| 942 decoded_http_body_.IsSafeToSendToAnotherThread() && | 943 decoded_http_body_.IsSafeToSendToAnotherThread() && |
| 943 http_body_as_string_.IsSafeToSendToAnotherThread(); | 944 http_body_as_string_.IsSafeToSendToAnotherThread(); |
| 944 } | 945 } |
| 945 | 946 |
| 946 } // namespace blink | 947 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2868973003:
XSSAuditor: truncate form action attribute like other src-like attributes (Closed)
