diff options
Diffstat (limited to 'Source/WebCore/html/parser/XSSAuditor.h')
| -rw-r--r-- | Source/WebCore/html/parser/XSSAuditor.h | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/Source/WebCore/html/parser/XSSAuditor.h b/Source/WebCore/html/parser/XSSAuditor.h index 28fe3dec9..dc82add7c 100644 --- a/Source/WebCore/html/parser/XSSAuditor.h +++ b/Source/WebCore/html/parser/XSSAuditor.h @@ -23,15 +23,13 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef XSSAuditor_h -#define XSSAuditor_h +#pragma once #include "HTMLToken.h" #include "HTTPParsers.h" #include "URL.h" #include "SuffixTree.h" #include "TextEncoding.h" -#include <wtf/PassOwnPtr.h> namespace WebCore { @@ -62,7 +60,6 @@ public: void initForFragment(); std::unique_ptr<XSSInfo> filterToken(const FilterTokenRequest&); - bool isSafeToSendToAnotherThread() const; private: static const size_t kMaximumFragmentLengthTarget = 100; @@ -72,7 +69,8 @@ private: Initialized }; - enum AttributeKind { + enum class TruncationStyle { + None, NormalAttribute, SrcLikeAttribute, ScriptLikeAttribute @@ -86,7 +84,7 @@ private: bool filterParamToken(const FilterTokenRequest&); bool filterEmbedToken(const FilterTokenRequest&); bool filterAppletToken(const FilterTokenRequest&); - bool filterIframeToken(const FilterTokenRequest&); + bool filterFrameToken(const FilterTokenRequest&); bool filterMetaToken(const FilterTokenRequest&); bool filterBaseToken(const FilterTokenRequest&); bool filterFormToken(const FilterTokenRequest&); @@ -94,12 +92,12 @@ private: bool filterButtonToken(const FilterTokenRequest&); bool eraseDangerousAttributesIfInjected(const FilterTokenRequest&); - bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName&, const String& replacementValue = String(), AttributeKind treatment = NormalAttribute); + bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName&, const String& replacementValue = String(), TruncationStyle = TruncationStyle::NormalAttribute); - String decodedSnippetForToken(const HTMLToken&); - String decodedSnippetForName(const FilterTokenRequest&); - String decodedSnippetForAttribute(const FilterTokenRequest&, const HTMLToken::Attribute&, AttributeKind treatment = NormalAttribute); - String decodedSnippetForJavaScript(const FilterTokenRequest&); + String canonicalizedSnippetForTagName(const FilterTokenRequest&); + String canonicalizedSnippetForJavaScript(const FilterTokenRequest&); + String snippetFromAttribute(const FilterTokenRequest&, const HTMLToken::Attribute&); + String canonicalize(const String&, TruncationStyle); bool isContainedInRequest(const String&); bool isLikelySafeResource(const String& url); @@ -107,8 +105,7 @@ private: URL m_documentURL; bool m_isEnabled; - ContentSecurityPolicy::ReflectedXSSDisposition m_xssProtection; - bool m_didSendValidCSPHeader; + XSSProtectionDisposition m_xssProtection; bool m_didSendValidXSSProtectionHeader; String m_decodedURL; @@ -116,11 +113,9 @@ private: std::unique_ptr<SuffixTree<ASCIICodebook>> m_decodedHTTPBodySuffixTree; State m_state; - String m_cachedDecodedSnippet; + bool m_wasScriptTagFoundInRequest { false }; unsigned m_scriptTagNestingLevel; TextEncoding m_encoding; }; -} - -#endif +} // namespace WebCore |