Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(504)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/parser/XSSAuditor.h

Issue 338193002: Refactor XSS Auditor string operations. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: nameFromAttribute() not needed until next CL lands. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | Source/core/html/parser/XSSAuditor.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
69 private: 69 private:
70 static const size_t kMaximumFragmentLengthTarget = 100; 70 static const size_t kMaximumFragmentLengthTarget = 100;
71 71
72 enum State { 72 enum State {
73 Uninitialized, 73 Uninitialized,
74 FilteringTokens, 74 FilteringTokens,
75 PermittingAdjacentCharacterTokens, 75 PermittingAdjacentCharacterTokens,
76 SuppressingAdjacentCharacterTokens 76 SuppressingAdjacentCharacterTokens
77 }; 77 };
78 78
79 enum AttributeKind { 79 enum TruncationKind {
80 NormalAttribute, 80 NoTruncation,
81 SrcLikeAttribute, 81 NormalAttributeTruncation,
82 ScriptLikeAttribute 82 SrcLikeAttributeTruncation,
83 ScriptLikeAttributeTruncation
83 }; 84 };
84 85
85 bool filterStartToken(const FilterTokenRequest&); 86 bool filterStartToken(const FilterTokenRequest&);
86 void filterEndToken(const FilterTokenRequest&); 87 void filterEndToken(const FilterTokenRequest&);
87 bool filterCharacterToken(const FilterTokenRequest&); 88 bool filterCharacterToken(const FilterTokenRequest&);
88 bool filterScriptToken(const FilterTokenRequest&); 89 bool filterScriptToken(const FilterTokenRequest&);
89 bool filterObjectToken(const FilterTokenRequest&); 90 bool filterObjectToken(const FilterTokenRequest&);
90 bool filterParamToken(const FilterTokenRequest&); 91 bool filterParamToken(const FilterTokenRequest&);
91 bool filterEmbedToken(const FilterTokenRequest&); 92 bool filterEmbedToken(const FilterTokenRequest&);
92 bool filterAppletToken(const FilterTokenRequest&); 93 bool filterAppletToken(const FilterTokenRequest&);
93 bool filterFrameToken(const FilterTokenRequest&); 94 bool filterFrameToken(const FilterTokenRequest&);
94 bool filterMetaToken(const FilterTokenRequest&); 95 bool filterMetaToken(const FilterTokenRequest&);
95 bool filterBaseToken(const FilterTokenRequest&); 96 bool filterBaseToken(const FilterTokenRequest&);
96 bool filterFormToken(const FilterTokenRequest&); 97 bool filterFormToken(const FilterTokenRequest&);
97 bool filterInputToken(const FilterTokenRequest&); 98 bool filterInputToken(const FilterTokenRequest&);
98 bool filterButtonToken(const FilterTokenRequest&); 99 bool filterButtonToken(const FilterTokenRequest&);
99 100
100 bool eraseDangerousAttributesIfInjected(const FilterTokenRequest&); 101 bool eraseDangerousAttributesIfInjected(const FilterTokenRequest&);
101 bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName &, const String& replacementValue = String(), AttributeKind treatment = NormalAt tribute); 102 bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName &, const String& replacementValue = String(), TruncationKind treatment = NormalA ttributeTruncation);
102 103
103 String decodedSnippetForToken(const HTMLToken&); 104 String canonicalizedSnippetForTagName(const FilterTokenRequest&);
104 String decodedSnippetForName(const FilterTokenRequest&); 105 String canonicalizedSnippetForJavaScript(const FilterTokenRequest&);
105 String decodedSnippetForAttribute(const FilterTokenRequest&, const HTMLToken ::Attribute&, AttributeKind treatment = NormalAttribute); 106 String snippetFromAttribute(const FilterTokenRequest&, const HTMLToken::Attr ibute&);
106 String decodedSnippetForJavaScript(const FilterTokenRequest&); 107 String canonicalize(String, TruncationKind);
107 108
108 bool isContainedInRequest(const String&); 109 bool isContainedInRequest(const String&);
109 bool isLikelySafeResource(const String& url); 110 bool isLikelySafeResource(const String& url);
110 111
111 KURL m_documentURL; 112 KURL m_documentURL;
112 bool m_isEnabled; 113 bool m_isEnabled;
113 114
114 ReflectedXSSDisposition m_xssProtection; 115 ReflectedXSSDisposition m_xssProtection;
115 bool m_didSendValidCSPHeader; 116 bool m_didSendValidCSPHeader;
116 bool m_didSendValidXSSProtectionHeader; 117 bool m_didSendValidXSSProtectionHeader;
117 118
118 String m_decodedURL; 119 String m_decodedURL;
119 String m_decodedHTTPBody; 120 String m_decodedHTTPBody;
120 String m_httpBodyAsString; 121 String m_httpBodyAsString;
121 OwnPtr<SuffixTree<ASCIICodebook> > m_decodedHTTPBodySuffixTree; 122 OwnPtr<SuffixTree<ASCIICodebook> > m_decodedHTTPBodySuffixTree;
122 123
123 State m_state; 124 State m_state;
124 bool m_scriptTagFoundInRequest; 125 bool m_scriptTagFoundInRequest;
125 unsigned m_scriptTagNestingLevel; 126 unsigned m_scriptTagNestingLevel;
126 WTF::TextEncoding m_encoding; 127 WTF::TextEncoding m_encoding;
127 }; 128 };
128 129
129 } 130 }
130 131
131 #endif 132 #endif
OLDNEW
« no previous file with comments | « no previous file | Source/core/html/parser/XSSAuditor.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698