OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. | 2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
70 , m_didSendNotifications(false) | 70 , m_didSendNotifications(false) |
71 { | 71 { |
72 ASSERT(isMainThread()); | 72 ASSERT(isMainThread()); |
73 ASSERT(m_document); | 73 ASSERT(m_document); |
74 } | 74 } |
75 | 75 |
76 PassRefPtr<FormData> XSSAuditorDelegate::generateViolationReport(const XSSInfo&
xssInfo) | 76 PassRefPtr<FormData> XSSAuditorDelegate::generateViolationReport(const XSSInfo&
xssInfo) |
77 { | 77 { |
78 ASSERT(isMainThread()); | 78 ASSERT(isMainThread()); |
79 | 79 |
80 FrameLoader* frameLoader = m_document->frame()->loader(); | 80 FrameLoader& frameLoader = m_document->frame()->loader(); |
81 String httpBody; | 81 String httpBody; |
82 if (frameLoader->documentLoader()) { | 82 if (frameLoader.documentLoader()) { |
83 if (FormData* formData = frameLoader->documentLoader()->originalRequest(
).httpBody()) | 83 if (FormData* formData = frameLoader.documentLoader()->originalRequest()
.httpBody()) |
84 httpBody = formData->flattenToString(); | 84 httpBody = formData->flattenToString(); |
85 } | 85 } |
86 | 86 |
87 RefPtr<JSONObject> reportDetails = JSONObject::create(); | 87 RefPtr<JSONObject> reportDetails = JSONObject::create(); |
88 reportDetails->setString("request-url", xssInfo.m_originalURL); | 88 reportDetails->setString("request-url", xssInfo.m_originalURL); |
89 reportDetails->setString("request-body", httpBody); | 89 reportDetails->setString("request-body", httpBody); |
90 | 90 |
91 RefPtr<JSONObject> reportObject = JSONObject::create(); | 91 RefPtr<JSONObject> reportObject = JSONObject::create(); |
92 reportObject->setObject("xss-report", reportDetails.release()); | 92 reportObject->setObject("xss-report", reportDetails.release()); |
93 | 93 |
94 return FormData::create(reportObject->toJSONString().utf8().data()); | 94 return FormData::create(reportObject->toJSONString().utf8().data()); |
95 } | 95 } |
96 | 96 |
97 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) | 97 void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) |
98 { | 98 { |
99 ASSERT(isMainThread()); | 99 ASSERT(isMainThread()); |
100 | 100 |
101 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, xssInfo.bu
ildConsoleError()); | 101 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, xssInfo.bu
ildConsoleError()); |
102 | 102 |
103 // stopAllLoaders can detach the Frame, so protect it. | 103 // stopAllLoaders can detach the Frame, so protect it. |
104 RefPtr<Frame> protect(m_document->frame()); | 104 RefPtr<Frame> protect(m_document->frame()); |
105 FrameLoader* frameLoader = m_document->frame()->loader(); | 105 FrameLoader& frameLoader = m_document->frame()->loader(); |
106 if (xssInfo.m_didBlockEntirePage) | 106 if (xssInfo.m_didBlockEntirePage) |
107 frameLoader->stopAllLoaders(); | 107 frameLoader.stopAllLoaders(); |
108 | 108 |
109 if (!m_didSendNotifications) { | 109 if (!m_didSendNotifications) { |
110 m_didSendNotifications = true; | 110 m_didSendNotifications = true; |
111 | 111 |
112 frameLoader->client()->didDetectXSS(m_document->url(), xssInfo.m_didBloc
kEntirePage); | 112 frameLoader.client()->didDetectXSS(m_document->url(), xssInfo.m_didBlock
EntirePage); |
113 | 113 |
114 if (!m_reportURL.isEmpty()) | 114 if (!m_reportURL.isEmpty()) |
115 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, ge
nerateViolationReport(xssInfo), PingLoader::XSSAuditorViolationReport); | 115 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, ge
nerateViolationReport(xssInfo), PingLoader::XSSAuditorViolationReport); |
116 } | 116 } |
117 | 117 |
118 if (xssInfo.m_didBlockEntirePage) | 118 if (xssInfo.m_didBlockEntirePage) |
119 m_document->frame()->navigationScheduler().scheduleLocationChange(m_docu
ment->securityOrigin(), SecurityOrigin::urlWithUniqueSecurityOrigin(), String())
; | 119 m_document->frame()->navigationScheduler().scheduleLocationChange(m_docu
ment->securityOrigin(), SecurityOrigin::urlWithUniqueSecurityOrigin(), String())
; |
120 } | 120 } |
121 | 121 |
122 } // namespace WebCore | 122 } // namespace WebCore |
OLD | NEW |