OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
5 * Copyright (C) 2009 Google Inc. All rights reserved. | 5 * Copyright (C) 2009 Google Inc. All rights reserved. |
6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. | 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 337 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
348 | 348 |
349 charsetPos = pos; | 349 charsetPos = pos; |
350 charsetLen = endpos - pos; | 350 charsetLen = endpos - pos; |
351 return; | 351 return; |
352 } | 352 } |
353 } | 353 } |
354 | 354 |
355 ReflectedXSSDisposition parseXSSProtectionHeader(const String& header, String& f ailureReason, unsigned& failurePosition, String& reportURL) | 355 ReflectedXSSDisposition parseXSSProtectionHeader(const String& header, String& f ailureReason, unsigned& failurePosition, String& reportURL) |
356 { | 356 { |
357 DEFINE_STATIC_LOCAL(String, failureReasonInvalidToggle, ("expected 0 or 1")) ; | 357 DEFINE_STATIC_LOCAL(String, failureReasonInvalidToggle, ("expected 0 or 1")) ; |
358 DEFINE_STATIC_LOCAL(String, failureReasonInvalidDisable, ("'0' disables prot ections, and may not be followed by any characters")); | |
358 DEFINE_STATIC_LOCAL(String, failureReasonInvalidSeparator, ("expected semico lon")); | 359 DEFINE_STATIC_LOCAL(String, failureReasonInvalidSeparator, ("expected semico lon")); |
359 DEFINE_STATIC_LOCAL(String, failureReasonInvalidEquals, ("expected equals si gn")); | 360 DEFINE_STATIC_LOCAL(String, failureReasonInvalidEquals, ("expected equals si gn")); |
360 DEFINE_STATIC_LOCAL(String, failureReasonInvalidMode, ("invalid mode directi ve")); | 361 DEFINE_STATIC_LOCAL(String, failureReasonInvalidMode, ("invalid mode directi ve")); |
361 DEFINE_STATIC_LOCAL(String, failureReasonInvalidReport, ("invalid report dir ective")); | 362 DEFINE_STATIC_LOCAL(String, failureReasonInvalidReport, ("invalid report dir ective")); |
362 DEFINE_STATIC_LOCAL(String, failureReasonDuplicateMode, ("duplicate mode dir ective")); | 363 DEFINE_STATIC_LOCAL(String, failureReasonDuplicateMode, ("duplicate mode dir ective")); |
363 DEFINE_STATIC_LOCAL(String, failureReasonDuplicateReport, ("duplicate report directive")); | 364 DEFINE_STATIC_LOCAL(String, failureReasonDuplicateReport, ("duplicate report directive")); |
364 DEFINE_STATIC_LOCAL(String, failureReasonInvalidDirective, ("unrecognized di rective")); | 365 DEFINE_STATIC_LOCAL(String, failureReasonInvalidDirective, ("unrecognized di rective")); |
365 | 366 |
366 unsigned pos = 0; | 367 unsigned pos = 0; |
367 | 368 |
368 if (!skipWhiteSpace(header, pos, false)) | 369 if (!skipWhiteSpace(header, pos, false)) |
369 return ReflectedXSSUnset; | 370 return ReflectedXSSUnset; |
370 | 371 |
371 if (header[pos] == '0') | 372 if (header[pos] == '0') { |
372 return AllowReflectedXSS; | 373 pos++; |
374 skipWhiteSpace(header, pos, false); | |
375 if (pos == header.length()) | |
376 return AllowReflectedXSS; | |
Tom Sepez
2013/11/28 00:09:15
I'm almost inclined to suggest getting rid of the
| |
377 failureReason = failureReasonInvalidDisable; | |
378 return ReflectedXSSInvalid; | |
379 } | |
373 | 380 |
374 if (header[pos++] != '1') { | 381 if (header[pos++] != '1') { |
375 failureReason = failureReasonInvalidToggle; | 382 failureReason = failureReasonInvalidToggle; |
376 return ReflectedXSSInvalid; | 383 return ReflectedXSSInvalid; |
377 } | 384 } |
378 | 385 |
379 ReflectedXSSDisposition result = FilterReflectedXSS; | 386 ReflectedXSSDisposition result = FilterReflectedXSS; |
380 bool modeDirectiveSeen = false; | 387 bool modeDirectiveSeen = false; |
381 bool reportDirectiveSeen = false; | 388 bool reportDirectiveSeen = false; |
382 | 389 |
(...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
679 | 686 |
680 size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned cha r>& body) | 687 size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned cha r>& body) |
681 { | 688 { |
682 body.clear(); | 689 body.clear(); |
683 body.append(data, length); | 690 body.append(data, length); |
684 | 691 |
685 return length; | 692 return length; |
686 } | 693 } |
687 | 694 |
688 } | 695 } |
OLD | NEW |