Index: Source/platform/network/HTTPParsers.cpp |
diff --git a/Source/platform/network/HTTPParsers.cpp b/Source/platform/network/HTTPParsers.cpp |
index 772188d21ae5cd135882ab668c53a9a25f92c082..32f1dc97cd6324fc21469142d1c5c8cc893a0fc4 100644 |
--- a/Source/platform/network/HTTPParsers.cpp |
+++ b/Source/platform/network/HTTPParsers.cpp |
@@ -355,6 +355,7 @@ void findCharsetInMediaType(const String& mediaType, unsigned& charsetPos, unsig |
ReflectedXSSDisposition parseXSSProtectionHeader(const String& header, String& failureReason, unsigned& failurePosition, String& reportURL) |
{ |
DEFINE_STATIC_LOCAL(String, failureReasonInvalidToggle, ("expected 0 or 1")); |
+ DEFINE_STATIC_LOCAL(String, failureReasonInvalidDisable, ("'0' disables protections, and may not be followed by any characters")); |
DEFINE_STATIC_LOCAL(String, failureReasonInvalidSeparator, ("expected semicolon")); |
DEFINE_STATIC_LOCAL(String, failureReasonInvalidEquals, ("expected equals sign")); |
DEFINE_STATIC_LOCAL(String, failureReasonInvalidMode, ("invalid mode directive")); |
@@ -368,8 +369,14 @@ ReflectedXSSDisposition parseXSSProtectionHeader(const String& header, String& f |
if (!skipWhiteSpace(header, pos, false)) |
return ReflectedXSSUnset; |
- if (header[pos] == '0') |
- return AllowReflectedXSS; |
+ if (header[pos] == '0') { |
+ pos++; |
+ skipWhiteSpace(header, pos, false); |
+ if (pos == header.length()) |
+ return AllowReflectedXSS; |
Tom Sepez
2013/11/28 00:09:15
I'm almost inclined to suggest getting rid of the
|
+ failureReason = failureReasonInvalidDisable; |
+ return ReflectedXSSInvalid; |
+ } |
if (header[pos++] != '1') { |
failureReason = failureReasonInvalidToggle; |