1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
|
/*
* Copyright (C) 2011 Adam Barth. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef XSSAuditor_h
#define XSSAuditor_h
#include "HTMLToken.h"
#include "HTTPParsers.h"
#include "KURL.h"
#include "SuffixTree.h"
#include "TextEncoding.h"
#include <wtf/PassOwnPtr.h>
namespace WebCore {
class Document;
class HTMLDocumentParser;
class HTMLSourceTracker;
class XSSInfo;
class XSSAuditorDelegate;
struct FilterTokenRequest {
FilterTokenRequest(HTMLToken& token, HTMLSourceTracker& sourceTracker, bool shouldAllowCDATA)
: token(token)
, sourceTracker(sourceTracker)
, shouldAllowCDATA(shouldAllowCDATA)
{ }
HTMLToken& token;
HTMLSourceTracker& sourceTracker;
bool shouldAllowCDATA;
};
class XSSAuditor {
WTF_MAKE_NONCOPYABLE(XSSAuditor);
public:
XSSAuditor();
void init(Document*, XSSAuditorDelegate*);
void initForFragment();
PassOwnPtr<XSSInfo> filterToken(const FilterTokenRequest&);
bool isSafeToSendToAnotherThread() const;
private:
static const size_t kMaximumFragmentLengthTarget = 100;
enum State {
Uninitialized,
Initialized
};
enum AttributeKind {
NormalAttribute,
SrcLikeAttribute,
ScriptLikeAttribute
};
bool filterStartToken(const FilterTokenRequest&);
void filterEndToken(const FilterTokenRequest&);
bool filterCharacterToken(const FilterTokenRequest&);
bool filterScriptToken(const FilterTokenRequest&);
bool filterObjectToken(const FilterTokenRequest&);
bool filterParamToken(const FilterTokenRequest&);
bool filterEmbedToken(const FilterTokenRequest&);
bool filterAppletToken(const FilterTokenRequest&);
bool filterIframeToken(const FilterTokenRequest&);
bool filterMetaToken(const FilterTokenRequest&);
bool filterBaseToken(const FilterTokenRequest&);
bool filterFormToken(const FilterTokenRequest&);
bool filterInputToken(const FilterTokenRequest&);
bool filterButtonToken(const FilterTokenRequest&);
bool eraseDangerousAttributesIfInjected(const FilterTokenRequest&);
bool eraseAttributeIfInjected(const FilterTokenRequest&, const QualifiedName&, const String& replacementValue = String(), AttributeKind treatment = NormalAttribute);
String decodedSnippetForToken(const HTMLToken&);
String decodedSnippetForName(const FilterTokenRequest&);
String decodedSnippetForAttribute(const FilterTokenRequest&, const HTMLToken::Attribute&, AttributeKind treatment = NormalAttribute);
String decodedSnippetForJavaScript(const FilterTokenRequest&);
bool isContainedInRequest(const String&);
bool isLikelySafeResource(const String& url);
KURL m_documentURL;
bool m_isEnabled;
ContentSecurityPolicy::ReflectedXSSDisposition m_xssProtection;
bool m_didSendValidCSPHeader;
bool m_didSendValidXSSProtectionHeader;
String m_decodedURL;
String m_decodedHTTPBody;
OwnPtr<SuffixTree<ASCIICodebook> > m_decodedHTTPBodySuffixTree;
State m_state;
String m_cachedDecodedSnippet;
unsigned m_scriptTagNestingLevel;
TextEncoding m_encoding;
};
}
#endif
|