OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
69 private: | 69 private: |
70 static const size_t kMaximumFragmentLengthTarget = 100; | 70 static const size_t kMaximumFragmentLengthTarget = 100; |
71 | 71 |
72 enum State { | 72 enum State { |
73 Uninitialized, | 73 Uninitialized, |
74 FilteringTokens, | 74 FilteringTokens, |
75 PermittingAdjacentCharacterTokens, | 75 PermittingAdjacentCharacterTokens, |
76 SuppressingAdjacentCharacterTokens | 76 SuppressingAdjacentCharacterTokens |
77 }; | 77 }; |
78 | 78 |
79 enum AttributeKind { | 79 enum TruncationKind { |
80 NormalAttribute, | 80 NoTruncation, |
81 SrcLikeAttribute, | 81 NormalAttributeTruncation, |
82 ScriptLikeAttribute | 82 SrcLikeAttributeTruncation, |
| 83 ScriptLikeAttributeTruncation |
83 }; | 84 }; |
84 | 85 |
85 bool filterStartToken(const FilterTokenRequest&); | 86 bool filterStartToken(const FilterTokenRequest&); |
86 void filterEndToken(const FilterTokenRequest&); | 87 void filterEndToken(const FilterTokenRequest&); |
87 bool filterCharacterToken(const FilterTokenRequest&); | 88 bool filterCharacterToken(const FilterTokenRequest&); |
88 bool filterScriptToken(const FilterTokenRequest&); | 89 bool filterScriptToken(const FilterTokenRequest&); |
89 bool filterObjectToken(const FilterTokenRequest&); | 90 bool filterObjectToken(const FilterTokenRequest&); |
90 bool filterParamToken(const FilterTokenRequest&); | 91 bool filterParamToken(const FilterTokenRequest&); |
91 bool filterEmbedToken(const FilterTokenRequest&); | 92 bool filterEmbedToken(const FilterTokenRequest&); |
92 bool filterAppletToken(const FilterTokenRequest&); | 93 bool filterAppletToken(const FilterTokenRequest&); |
93 bool filterFrameToken(const FilterTokenRequest&); | 94 bool filterFrameToken(const FilterTokenRequest&); |
94 bool filterMetaToken(const FilterTokenRequest&); | 95 bool filterMetaToken(const FilterTokenRequest&); |
95 bool filterBaseToken(const FilterTokenRequest&); | 96 bool filterBaseToken(const FilterTokenRequest&); |
96 bool filterFormToken(const FilterTokenRequest&); | 97 bool filterFormToken(const FilterTokenRequest&); |
97 bool filterInputToken(const FilterTokenRequest&); | 98 bool filterInputToken(const FilterTokenRequest&); |
98 bool filterButtonToken(const FilterTokenRequest&); | 99 bool filterButtonToken(const FilterTokenRequest&); |
99 | 100 |
100 bool eraseDangerousAttributesIfInjected(const FilterTokenRequest&); | 101 bool eraseDangerousAttributesIfInjected(const FilterTokenRequest&); |
101 bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName
&, const String& replacementValue = String(), AttributeKind treatment = NormalAt
tribute); | 102 bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName
&, const String& replacementValue = String(), TruncationKind treatment = NormalA
ttributeTruncation); |
102 | 103 |
103 String decodedSnippetForToken(const HTMLToken&); | 104 String canonicalizedSnippetForTagName(const FilterTokenRequest&); |
104 String decodedSnippetForName(const FilterTokenRequest&); | 105 String canonicalizedSnippetForJavaScript(const FilterTokenRequest&); |
105 String decodedSnippetForAttribute(const FilterTokenRequest&, const HTMLToken
::Attribute&, AttributeKind treatment = NormalAttribute); | 106 String snippetFromAttribute(const FilterTokenRequest&, const HTMLToken::Attr
ibute&); |
106 String decodedSnippetForJavaScript(const FilterTokenRequest&); | 107 String canonicalize(String, TruncationKind); |
107 | 108 |
108 bool isContainedInRequest(const String&); | 109 bool isContainedInRequest(const String&); |
109 bool isLikelySafeResource(const String& url); | 110 bool isLikelySafeResource(const String& url); |
110 | 111 |
111 KURL m_documentURL; | 112 KURL m_documentURL; |
112 bool m_isEnabled; | 113 bool m_isEnabled; |
113 | 114 |
114 ReflectedXSSDisposition m_xssProtection; | 115 ReflectedXSSDisposition m_xssProtection; |
115 bool m_didSendValidCSPHeader; | 116 bool m_didSendValidCSPHeader; |
116 bool m_didSendValidXSSProtectionHeader; | 117 bool m_didSendValidXSSProtectionHeader; |
117 | 118 |
118 String m_decodedURL; | 119 String m_decodedURL; |
119 String m_decodedHTTPBody; | 120 String m_decodedHTTPBody; |
120 String m_httpBodyAsString; | 121 String m_httpBodyAsString; |
121 OwnPtr<SuffixTree<ASCIICodebook> > m_decodedHTTPBodySuffixTree; | 122 OwnPtr<SuffixTree<ASCIICodebook> > m_decodedHTTPBodySuffixTree; |
122 | 123 |
123 State m_state; | 124 State m_state; |
124 bool m_scriptTagFoundInRequest; | 125 bool m_scriptTagFoundInRequest; |
125 unsigned m_scriptTagNestingLevel; | 126 unsigned m_scriptTagNestingLevel; |
126 WTF::TextEncoding m_encoding; | 127 WTF::TextEncoding m_encoding; |
127 }; | 128 }; |
128 | 129 |
129 } | 130 } |
130 | 131 |
131 #endif | 132 #endif |
OLD | NEW |