Home | History | Annotate | Download | only in parser 
      1 /*
      2  * Copyright (C) 2013 Google, Inc. All Rights Reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  * 1. Redistributions of source code must retain the above copyright
      8  *    notice, this list of conditions and the following disclaimer.
      9  * 2. Redistributions in binary form must reproduce the above copyright
     10  *    notice, this list of conditions and the following disclaimer in the
     11  *    documentation and/or other materials provided with the distribution.
     12  *
     13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
     14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
     17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
     18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
     20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
     21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  */
     25 
     26 #ifndef XSSAuditorDelegate_h
     27 #define XSSAuditorDelegate_h
     28 
     29 #include "platform/weborigin/KURL.h"
     30 #include "wtf/OwnPtr.h"
     31 #include "wtf/PassOwnPtr.h"
     32 #include "wtf/Vector.h"
     33 #include "wtf/text/TextPosition.h"
     34 #include "wtf/text/WTFString.h"
     35 
     36 namespace WebCore {
     37 
     38 class Document;
     39 class FormData;
     40 
     41 class XSSInfo {
     42 public:
     43     static PassOwnPtr<XSSInfo> create(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader)
     44     {
     45         return adoptPtr(new XSSInfo(originalURL, didBlockEntirePage, didSendXSSProtectionHeader, didSendCSPHeader));
     46     }
     47 
     48     String buildConsoleError() const;
     49     bool isSafeToSendToAnotherThread() const;
     50 
     51     String m_originalURL;
     52     bool m_didBlockEntirePage;
     53     bool m_didSendXSSProtectionHeader;
     54     bool m_didSendCSPHeader;
     55     TextPosition m_textPosition;
     56 
     57 private:
     58     XSSInfo(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader)
     59         : m_originalURL(originalURL.isolatedCopy())
     60         , m_didBlockEntirePage(didBlockEntirePage)
     61         , m_didSendXSSProtectionHeader(didSendXSSProtectionHeader)
     62         , m_didSendCSPHeader(didSendCSPHeader)
     63     { }
     64 };
     65 
     66 class XSSAuditorDelegate {
     67     WTF_MAKE_NONCOPYABLE(XSSAuditorDelegate);
     68 public:
     69     explicit XSSAuditorDelegate(Document*);
     70 
     71     void didBlockScript(const XSSInfo&);
     72     void setReportURL(const KURL& url) { m_reportURL = url; }
     73 
     74 private:
     75     PassRefPtr<FormData> generateViolationReport(const XSSInfo&);
     76 
     77     Document* m_document;
     78     bool m_didSendNotifications;
     79     KURL m_reportURL;
     80 };
     81 
     82 typedef Vector<OwnPtr<XSSInfo> > XSSInfoStream;
     83 
     84 }
     85 
     86 #endif
     87