Home | History | Annotate | Download | only in parser 
      1 /*
      2  * Copyright (C) 2013 Google, Inc. All Rights Reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  * 1. Redistributions of source code must retain the above copyright
      8  *    notice, this list of conditions and the following disclaimer.
      9  * 2. Redistributions in binary form must reproduce the above copyright
     10  *    notice, this list of conditions and the following disclaimer in the
     11  *    documentation and/or other materials provided with the distribution.
     12  *
     13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
     14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
     17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
     18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
     20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
     21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  */
     25 
     26 #ifndef XSSAuditorDelegate_h
     27 #define XSSAuditorDelegate_h
     28 
     29 #include "platform/heap/Handle.h"
     30 #include "platform/weborigin/KURL.h"
     31 #include "wtf/OwnPtr.h"
     32 #include "wtf/PassOwnPtr.h"
     33 #include "wtf/Vector.h"
     34 #include "wtf/text/TextPosition.h"
     35 #include "wtf/text/WTFString.h"
     36 
     37 namespace blink {
     38 
     39 class Document;
     40 class FormData;
     41 
     42 class XSSInfo {
     43 public:
     44     static PassOwnPtr<XSSInfo> create(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader)
     45     {
     46         return adoptPtr(new XSSInfo(originalURL, didBlockEntirePage, didSendXSSProtectionHeader, didSendCSPHeader));
     47     }
     48 
     49     String buildConsoleError() const;
     50     bool isSafeToSendToAnotherThread() const;
     51 
     52     String m_originalURL;
     53     bool m_didBlockEntirePage;
     54     bool m_didSendXSSProtectionHeader;
     55     bool m_didSendCSPHeader;
     56     TextPosition m_textPosition;
     57 
     58 private:
     59     XSSInfo(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader)
     60         : m_originalURL(originalURL.isolatedCopy())
     61         , m_didBlockEntirePage(didBlockEntirePage)
     62         , m_didSendXSSProtectionHeader(didSendXSSProtectionHeader)
     63         , m_didSendCSPHeader(didSendCSPHeader)
     64     { }
     65 };
     66 
     67 class XSSAuditorDelegate FINAL {
     68     DISALLOW_ALLOCATION();
     69     WTF_MAKE_NONCOPYABLE(XSSAuditorDelegate);
     70 public:
     71     explicit XSSAuditorDelegate(Document*);
     72     void trace(Visitor*);
     73 
     74     void didBlockScript(const XSSInfo&);
     75     void setReportURL(const KURL& url) { m_reportURL = url; }
     76 
     77 private:
     78     PassRefPtr<FormData> generateViolationReport(const XSSInfo&);
     79 
     80     RawPtrWillBeMember<Document> m_document;
     81     bool m_didSendNotifications;
     82     KURL m_reportURL;
     83 };
     84 
     85 typedef Vector<OwnPtr<XSSInfo> > XSSInfoStream;
     86 
     87 }
     88 
     89 #endif
     90