OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. | 2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 25 matching lines...) Expand all Loading... |
36 #include "platform/JSONValues.h" | 36 #include "platform/JSONValues.h" |
37 #include "platform/network/FormData.h" | 37 #include "platform/network/FormData.h" |
38 #include "platform/weborigin/SecurityOrigin.h" | 38 #include "platform/weborigin/SecurityOrigin.h" |
39 #include "wtf/text/StringBuilder.h" | 39 #include "wtf/text/StringBuilder.h" |
40 | 40 |
41 namespace blink { | 41 namespace blink { |
42 | 42 |
43 String XSSInfo::buildConsoleError() const | 43 String XSSInfo::buildConsoleError() const |
44 { | 44 { |
45 StringBuilder message; | 45 StringBuilder message; |
46 message.append("The XSS Auditor "); | 46 message.appendLiteral("The XSS Auditor "); |
47 message.append(m_didBlockEntirePage ? "blocked access to" : "refused to exec
ute a script in"); | 47 message.append(m_didBlockEntirePage ? "blocked access to" : "refused to exec
ute a script in"); |
48 message.append(" '"); | 48 message.appendLiteral(" '"); |
49 message.append(m_originalURL); | 49 message.append(m_originalURL); |
50 message.append("' because "); | 50 message.appendLiteral("' because "); |
51 message.append(m_didBlockEntirePage ? "the source code of a script" : "its s
ource code"); | 51 message.append(m_didBlockEntirePage ? "the source code of a script" : "its s
ource code"); |
52 message.append(" was found within the request."); | 52 message.appendLiteral(" was found within the request."); |
53 | 53 |
54 if (m_didSendCSPHeader) | 54 if (m_didSendCSPHeader) |
55 message.append(" The server sent a 'Content-Security-Policy' header requ
esting this behavior."); | 55 message.appendLiteral(" The server sent a 'Content-Security-Policy' head
er requesting this behavior."); |
56 else if (m_didSendXSSProtectionHeader) | 56 else if (m_didSendXSSProtectionHeader) |
57 message.append(" The server sent an 'X-XSS-Protection' header requesting
this behavior."); | 57 message.appendLiteral(" The server sent an 'X-XSS-Protection' header req
uesting this behavior."); |
58 else | 58 else |
59 message.append(" The auditor was enabled as the server sent neither an '
X-XSS-Protection' nor 'Content-Security-Policy' header."); | 59 message.appendLiteral(" The auditor was enabled as the server sent neith
er an 'X-XSS-Protection' nor 'Content-Security-Policy' header."); |
60 | 60 |
61 return message.toString(); | 61 return message.toString(); |
62 } | 62 } |
63 | 63 |
64 bool XSSInfo::isSafeToSendToAnotherThread() const | 64 bool XSSInfo::isSafeToSendToAnotherThread() const |
65 { | 65 { |
66 return m_originalURL.isSafeToSendToAnotherThread(); | 66 return m_originalURL.isSafeToSendToAnotherThread(); |
67 } | 67 } |
68 | 68 |
69 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) | 69 XSSAuditorDelegate::XSSAuditorDelegate(Document* document) |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
119 | 119 |
120 if (!m_reportURL.isEmpty()) | 120 if (!m_reportURL.isEmpty()) |
121 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, ge
nerateViolationReport(xssInfo), PingLoader::XSSAuditorViolationReport); | 121 PingLoader::sendViolationReport(m_document->frame(), m_reportURL, ge
nerateViolationReport(xssInfo), PingLoader::XSSAuditorViolationReport); |
122 } | 122 } |
123 | 123 |
124 if (xssInfo.m_didBlockEntirePage) | 124 if (xssInfo.m_didBlockEntirePage) |
125 m_document->frame()->navigationScheduler().schedulePageBlock(m_document,
Referrer()); | 125 m_document->frame()->navigationScheduler().schedulePageBlock(m_document,
Referrer()); |
126 } | 126 } |
127 | 127 |
128 } // namespace blink | 128 } // namespace blink |
OLD | NEW |