| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. | 2 * Copyright (C) 2011 Adam Barth. All Rights Reserved. |
| 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). | 3 * Copyright (C) 2011 Daniel Bates (dbates@intudata.com). |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 25 */ | 25 */ |
| 26 | 26 |
| 27 #include "config.h" | 27 #include "config.h" |
| 28 #include "core/html/parser/XSSAuditor.h" | 28 #include "core/html/parser/XSSAuditor.h" |
| 29 | 29 |
| 30 #include "HTMLNames.h" | 30 #include "HTMLNames.h" |
| 31 #include "SVGNames.h" | 31 #include "SVGNames.h" |
| 32 #include "XLinkNames.h" | 32 #include "XLinkNames.h" |
| 33 #include "core/dom/Document.h" | 33 #include "core/dom/Document.h" |
| 34 #include "core/fetch/TextResourceDecoder.h" | |
| 35 #include "core/frame/ContentSecurityPolicy.h" | 34 #include "core/frame/ContentSecurityPolicy.h" |
| 36 #include "core/frame/Frame.h" | 35 #include "core/frame/Frame.h" |
| 37 #include "core/html/HTMLParamElement.h" | 36 #include "core/html/HTMLParamElement.h" |
| 38 #include "core/html/parser/HTMLDocumentParser.h" | 37 #include "core/html/parser/HTMLDocumentParser.h" |
| 39 #include "core/html/parser/HTMLParserIdioms.h" | 38 #include "core/html/parser/HTMLParserIdioms.h" |
| 39 #include "core/html/parser/TextResourceDecoder.h" |
| 40 #include "core/html/parser/XSSAuditorDelegate.h" | 40 #include "core/html/parser/XSSAuditorDelegate.h" |
| 41 #include "core/loader/DocumentLoader.h" | 41 #include "core/loader/DocumentLoader.h" |
| 42 #include "core/page/Settings.h" | 42 #include "core/page/Settings.h" |
| 43 #include "platform/JSONValues.h" | 43 #include "platform/JSONValues.h" |
| 44 #include "platform/network/FormData.h" | 44 #include "platform/network/FormData.h" |
| 45 #include "platform/text/DecodeEscapeSequences.h" | 45 #include "platform/text/DecodeEscapeSequences.h" |
| 46 #include "platform/weborigin/KURL.h" | 46 #include "platform/weborigin/KURL.h" |
| 47 #include "wtf/MainThread.h" | 47 #include "wtf/MainThread.h" |
| 48 #include "wtf/text/TextEncoding.h" | 48 #include "wtf/text/TextEncoding.h" |
| 49 | 49 |
| (...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 ASSERT(isMainThread()); | 215 ASSERT(isMainThread()); |
| 216 ASSERT(m_state == Uninitialized); | 216 ASSERT(m_state == Uninitialized); |
| 217 m_state = FilteringTokens; | 217 m_state = FilteringTokens; |
| 218 // When parsing a fragment, we don't enable the XSS auditor because it's | 218 // When parsing a fragment, we don't enable the XSS auditor because it's |
| 219 // too much overhead. | 219 // too much overhead. |
| 220 ASSERT(!m_isEnabled); | 220 ASSERT(!m_isEnabled); |
| 221 } | 221 } |
| 222 | 222 |
| 223 void XSSAuditor::init(Document* document, XSSAuditorDelegate* auditorDelegate) | 223 void XSSAuditor::init(Document* document, XSSAuditorDelegate* auditorDelegate) |
| 224 { | 224 { |
| 225 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. | |
| 226 const int suffixTreeDepth = 5; | |
| 227 | |
| 228 ASSERT(isMainThread()); | 225 ASSERT(isMainThread()); |
| 229 if (m_state != Uninitialized) | 226 if (m_state != Uninitialized) |
| 230 return; | 227 return; |
| 231 m_state = FilteringTokens; | 228 m_state = FilteringTokens; |
| 232 | 229 |
| 233 if (Settings* settings = document->settings()) | 230 if (Settings* settings = document->settings()) |
| 234 m_isEnabled = settings->xssAuditorEnabled(); | 231 m_isEnabled = settings->xssAuditorEnabled(); |
| 235 | 232 |
| 236 if (!m_isEnabled) | 233 if (!m_isEnabled) |
| 237 return; | 234 return; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 252 } | 249 } |
| 253 | 250 |
| 254 if (m_documentURL.protocolIsData()) { | 251 if (m_documentURL.protocolIsData()) { |
| 255 m_isEnabled = false; | 252 m_isEnabled = false; |
| 256 return; | 253 return; |
| 257 } | 254 } |
| 258 | 255 |
| 259 if (document->encoding().isValid()) | 256 if (document->encoding().isValid()) |
| 260 m_encoding = document->encoding(); | 257 m_encoding = document->encoding(); |
| 261 | 258 |
| 262 m_decodedURL = fullyDecodeString(m_documentURL.string(), m_encoding); | |
| 263 if (m_decodedURL.find(isRequiredForInjection) == kNotFound) | |
| 264 m_decodedURL = String(); | |
| 265 | |
| 266 String httpBodyAsString; | |
| 267 if (DocumentLoader* documentLoader = document->frame()->loader().documentLoa
der()) { | 259 if (DocumentLoader* documentLoader = document->frame()->loader().documentLoa
der()) { |
| 268 DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, ("X-XSS-Protection")); | 260 DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, ("X-XSS-Protection")); |
| 269 String headerValue = documentLoader->response().httpHeaderField(XSSProte
ctionHeader); | 261 String headerValue = documentLoader->response().httpHeaderField(XSSProte
ctionHeader); |
| 270 String errorDetails; | 262 String errorDetails; |
| 271 unsigned errorPosition = 0; | 263 unsigned errorPosition = 0; |
| 272 String reportURL; | 264 String reportURL; |
| 273 KURL xssProtectionReportURL; | 265 KURL xssProtectionReportURL; |
| 274 | 266 |
| 275 // Process the X-XSS-Protection header, then mix in the CSP header's val
ue. | 267 // Process the X-XSS-Protection header, then mix in the CSP header's val
ue. |
| 276 ReflectedXSSDisposition xssProtectionHeader = parseXSSProtectionHeader(h
eaderValue, errorDetails, errorPosition, reportURL); | 268 ReflectedXSSDisposition xssProtectionHeader = parseXSSProtectionHeader(h
eaderValue, errorDetails, errorPosition, reportURL); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 287 document->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel
, "Error parsing header X-XSS-Protection: " + headerValue + ": " + errorDetails
+ " at character position " + String::format("%u", errorPosition) + ". The defa
ult protections will be applied."); | 279 document->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel
, "Error parsing header X-XSS-Protection: " + headerValue + ": " + errorDetails
+ " at character position " + String::format("%u", errorPosition) + ". The defa
ult protections will be applied."); |
| 288 | 280 |
| 289 ReflectedXSSDisposition cspHeader = document->contentSecurityPolicy()->r
eflectedXSSDisposition(); | 281 ReflectedXSSDisposition cspHeader = document->contentSecurityPolicy()->r
eflectedXSSDisposition(); |
| 290 m_didSendValidCSPHeader = cspHeader != ReflectedXSSUnset && cspHeader !=
ReflectedXSSInvalid; | 282 m_didSendValidCSPHeader = cspHeader != ReflectedXSSUnset && cspHeader !=
ReflectedXSSInvalid; |
| 291 | 283 |
| 292 m_xssProtection = combineXSSProtectionHeaderAndCSP(xssProtectionHeader,
cspHeader); | 284 m_xssProtection = combineXSSProtectionHeaderAndCSP(xssProtectionHeader,
cspHeader); |
| 293 // FIXME: Combine the two report URLs in some reasonable way. | 285 // FIXME: Combine the two report URLs in some reasonable way. |
| 294 if (auditorDelegate) | 286 if (auditorDelegate) |
| 295 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); | 287 auditorDelegate->setReportURL(xssProtectionReportURL.copy()); |
| 296 FormData* httpBody = documentLoader->originalRequest().httpBody(); | 288 FormData* httpBody = documentLoader->originalRequest().httpBody(); |
| 297 if (httpBody && !httpBody->isEmpty()) { | 289 if (httpBody && !httpBody->isEmpty()) |
| 298 httpBodyAsString = httpBody->flattenToString(); | 290 m_httpBodyAsString = httpBody->flattenToString(); |
| 299 if (!httpBodyAsString.isEmpty()) { | |
| 300 m_decodedHTTPBody = fullyDecodeString(httpBodyAsString, m_encodi
ng); | |
| 301 if (m_decodedHTTPBody.find(isRequiredForInjection) == kNotFound) | |
| 302 m_decodedHTTPBody = String(); | |
| 303 if (m_decodedHTTPBody.length() >= miniumLengthForSuffixTree) | |
| 304 m_decodedHTTPBodySuffixTree = adoptPtr(new SuffixTree<ASCIIC
odebook>(m_decodedHTTPBody, suffixTreeDepth)); | |
| 305 } | |
| 306 } | |
| 307 } | 291 } |
| 308 | 292 |
| 309 if (m_decodedURL.isEmpty() && m_decodedHTTPBody.isEmpty()) { | 293 setEncoding(m_encoding); |
| 294 } |
| 295 |
| 296 void XSSAuditor::setEncoding(const WTF::TextEncoding& encoding) |
| 297 { |
| 298 const size_t miniumLengthForSuffixTree = 512; // FIXME: Tune this parameter. |
| 299 const int suffixTreeDepth = 5; |
| 300 |
| 301 if (!encoding.isValid()) |
| 302 return; |
| 303 |
| 304 m_encoding = encoding; |
| 305 |
| 306 m_decodedURL = fullyDecodeString(m_documentURL.string(), m_encoding); |
| 307 if (m_decodedURL.find(isRequiredForInjection) == kNotFound) |
| 308 m_decodedURL = String(); |
| 309 |
| 310 if (!m_httpBodyAsString.isEmpty()) { |
| 311 m_decodedHTTPBody = fullyDecodeString(m_httpBodyAsString, m_encoding); |
| 312 if (m_decodedHTTPBody.find(isRequiredForInjection) == kNotFound) |
| 313 m_decodedHTTPBody = String(); |
| 314 if (m_decodedHTTPBody.length() >= miniumLengthForSuffixTree) |
| 315 m_decodedHTTPBodySuffixTree = adoptPtr(new SuffixTree<ASCIICodeb
ook>(m_decodedHTTPBody, suffixTreeDepth)); |
| 316 } |
| 317 |
| 318 if (m_decodedURL.isEmpty() && m_decodedHTTPBody.isEmpty()) |
| 310 m_isEnabled = false; | 319 m_isEnabled = false; |
| 311 return; | |
| 312 } | |
| 313 } | 320 } |
| 314 | 321 |
| 315 PassOwnPtr<XSSInfo> XSSAuditor::filterToken(const FilterTokenRequest& request) | 322 PassOwnPtr<XSSInfo> XSSAuditor::filterToken(const FilterTokenRequest& request) |
| 316 { | 323 { |
| 317 ASSERT(m_state != Uninitialized); | 324 ASSERT(m_state != Uninitialized); |
| 318 if (!m_isEnabled || m_xssProtection == AllowReflectedXSS) | 325 if (!m_isEnabled || m_xssProtection == AllowReflectedXSS) |
| 319 return nullptr; | 326 return nullptr; |
| 320 | 327 |
| 321 bool didBlockScript = false; | 328 bool didBlockScript = false; |
| 322 if (request.token.type() == HTMLToken::StartTag) | 329 if (request.token.type() == HTMLToken::StartTag) |
| (...skipping 397 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 720 return false; | 727 return false; |
| 721 | 728 |
| 722 KURL resourceURL(m_documentURL, url); | 729 KURL resourceURL(m_documentURL, url); |
| 723 return (m_documentURL.host() == resourceURL.host() && resourceURL.query().is
Empty()); | 730 return (m_documentURL.host() == resourceURL.host() && resourceURL.query().is
Empty()); |
| 724 } | 731 } |
| 725 | 732 |
| 726 bool XSSAuditor::isSafeToSendToAnotherThread() const | 733 bool XSSAuditor::isSafeToSendToAnotherThread() const |
| 727 { | 734 { |
| 728 return m_documentURL.isSafeToSendToAnotherThread() | 735 return m_documentURL.isSafeToSendToAnotherThread() |
| 729 && m_decodedURL.isSafeToSendToAnotherThread() | 736 && m_decodedURL.isSafeToSendToAnotherThread() |
| 730 && m_decodedHTTPBody.isSafeToSendToAnotherThread(); | 737 && m_decodedHTTPBody.isSafeToSendToAnotherThread() |
| 738 && m_httpBodyAsString.isSafeToSendToAnotherThread(); |
| 731 } | 739 } |
| 732 | 740 |
| 733 } // namespace WebCore | 741 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 74513003:
Moved text decoding to the parser thread (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@parserthread_step25