OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
257 } | 257 } |
258 | 258 |
259 if (document->encoding().isValid()) | 259 if (document->encoding().isValid()) |
260 m_encoding = document->encoding(); | 260 m_encoding = document->encoding(); |
261 | 261 |
262 m_decodedURL = fullyDecodeString(m_documentURL.string(), m_encoding); | 262 m_decodedURL = fullyDecodeString(m_documentURL.string(), m_encoding); |
263 if (m_decodedURL.find(isRequiredForInjection) == kNotFound) | 263 if (m_decodedURL.find(isRequiredForInjection) == kNotFound) |
264 m_decodedURL = String(); | 264 m_decodedURL = String(); |
265 | 265 |
266 String httpBodyAsString; | 266 String httpBodyAsString; |
267 if (DocumentLoader* documentLoader = document->frame()->loader()->documentLo
ader()) { | 267 if (DocumentLoader* documentLoader = document->frame()->loader().documentLoa
der()) { |
268 DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, ("X-XSS-Protection")); | 268 DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, ("X-XSS-Protection")); |
269 String headerValue = documentLoader->response().httpHeaderField(XSSProte
ctionHeader); | 269 String headerValue = documentLoader->response().httpHeaderField(XSSProte
ctionHeader); |
270 String errorDetails; | 270 String errorDetails; |
271 unsigned errorPosition = 0; | 271 unsigned errorPosition = 0; |
272 String reportURL; | 272 String reportURL; |
273 KURL xssProtectionReportURL; | 273 KURL xssProtectionReportURL; |
274 | 274 |
275 // Process the X-XSS-Protection header, then mix in the CSP header's val
ue. | 275 // Process the X-XSS-Protection header, then mix in the CSP header's val
ue. |
276 ReflectedXSSDisposition xssProtectionHeader = parseXSSProtectionHeader(h
eaderValue, errorDetails, errorPosition, reportURL); | 276 ReflectedXSSDisposition xssProtectionHeader = parseXSSProtectionHeader(h
eaderValue, errorDetails, errorPosition, reportURL); |
277 m_didSendValidXSSProtectionHeader = xssProtectionHeader != ReflectedXSSU
nset && xssProtectionHeader != ReflectedXSSInvalid; | 277 m_didSendValidXSSProtectionHeader = xssProtectionHeader != ReflectedXSSU
nset && xssProtectionHeader != ReflectedXSSInvalid; |
(...skipping 447 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
725 } | 725 } |
726 | 726 |
727 bool XSSAuditor::isSafeToSendToAnotherThread() const | 727 bool XSSAuditor::isSafeToSendToAnotherThread() const |
728 { | 728 { |
729 return m_documentURL.isSafeToSendToAnotherThread() | 729 return m_documentURL.isSafeToSendToAnotherThread() |
730 && m_decodedURL.isSafeToSendToAnotherThread() | 730 && m_decodedURL.isSafeToSendToAnotherThread() |
731 && m_decodedHTTPBody.isSafeToSendToAnotherThread(); | 731 && m_decodedHTTPBody.isSafeToSendToAnotherThread(); |
732 } | 732 } |
733 | 733 |
734 } // namespace WebCore | 734 } // namespace WebCore |
OLD | NEW |