FCL/sf/mw/qtwebkit: WebCore/page/XSSAuditor.cpp@303757a437d3 (annotated)

0 4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1	/*
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	2	* Copyright (C) 2008, 2009 Daniel Bates (dbates@intudata.com)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	3	* All rights reserved.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	4	*
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	5	* Redistribution and use in source and binary forms, with or without
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	6	* modification, are permitted provided that the following conditions
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	7	* are met:
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	8	* 1. Redistributions of source code must retain the above copyright
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	9	* notice, this list of conditions and the following disclaimer.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	10	* 2. Redistributions in binary form must reproduce the above copyright
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	11	* notice, this list of conditions and the following disclaimer in the
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	12	* documentation and/or other materials provided with the distribution.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	13	*
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	14	* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	15	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	16	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	17	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	18	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	19	* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	20	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	21	* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	22	* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	24	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	25	*/
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	26
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	27	#include "config.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	28	#include "XSSAuditor.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	29
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	30	#include <wtf/StdLibExtras.h>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	31	#include <wtf/Vector.h>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	32
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	33	#include "Console.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	34	#include "DocumentLoader.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	35	#include "DOMWindow.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	36	#include "Frame.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	37	#include "KURL.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	38	#include "LegacyPreloadScanner.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	39	#include "ResourceResponseBase.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	40	#include "ScriptSourceCode.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	41	#include "Settings.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	42	#include "TextResourceDecoder.h"
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	43	#include <wtf/text/CString.h>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	44
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	45	using namespace WTF;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	46
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	47	namespace WebCore {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	48
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	49	static bool isNonCanonicalCharacter(UChar c)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	50	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	51	// We remove all non-ASCII characters, including non-printable ASCII characters.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	52	//
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	53	// Note, we don't remove backslashes like PHP stripslashes(), which among other things converts "\\0" to the \0 character.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	54	// Instead, we remove backslashes and zeros (since the string "\\0" =(remove backslashes)=> "0"). However, this has the
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	55	// adverse effect that we remove any legitimate zeros from a string.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	56	//
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	57	// For instance: new String("http://localhost:8000") => new String("http://localhost:8").
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	58	return (c == '\\' \|\| c == '0' \|\| c < ' ' \|\| c >= 127);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	59	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	60
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	61	static bool isIllegalURICharacter(UChar c)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	62	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	63	// The characters described in section 2.4.3 of RFC 2396 <http://www.faqs.org/rfcs/rfc2396.html> in addition to the
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	64	// single quote character "'" are considered illegal URI characters. That is, the following characters cannot appear
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	65	// in a valid URI: ', ", <, >
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	66	//
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	67	// If the request does not contain these characters then we can assume that no inline scripts have been injected
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	68	// into the response page, because it is impossible to write an inline script of the form <script>...</script>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	69	// without "<", ">".
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	70	return (c == '\'' \|\| c == '"' \|\| c == '<' \|\| c == '>');
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	71	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	72
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	73	String XSSAuditor::CachingURLCanonicalizer::canonicalizeURL(FormData* formData, const TextEncoding& encoding, bool decodeEntities,
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	74	bool decodeURLEscapeSequencesTwice)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	75	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	76	if (decodeEntities == m_decodeEntities && decodeURLEscapeSequencesTwice == m_decodeURLEscapeSequencesTwice
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	77	&& encoding == m_encoding && formData == m_formData)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	78	return m_cachedCanonicalizedURL;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	79	m_formData = formData;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	80	return canonicalizeURL(formData->flattenToString(), encoding, decodeEntities, decodeURLEscapeSequencesTwice);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	81	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	82
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	83	String XSSAuditor::CachingURLCanonicalizer::canonicalizeURL(const String& url, const TextEncoding& encoding, bool decodeEntities,
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	84	bool decodeURLEscapeSequencesTwice)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	85	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	86	if (decodeEntities == m_decodeEntities && decodeURLEscapeSequencesTwice == m_decodeURLEscapeSequencesTwice
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	87	&& encoding == m_encoding && url == m_inputURL)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	88	return m_cachedCanonicalizedURL;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	89
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	90	m_cachedCanonicalizedURL = canonicalize(decodeURL(url, encoding, decodeEntities, decodeURLEscapeSequencesTwice));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	91	m_inputURL = url;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	92	m_encoding = encoding;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	93	m_decodeEntities = decodeEntities;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	94	m_decodeURLEscapeSequencesTwice = decodeURLEscapeSequencesTwice;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	95	++m_generation;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	96	return m_cachedCanonicalizedURL;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	97	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	98
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	99	void XSSAuditor::CachingURLCanonicalizer::clear()
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	100	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	101	m_formData.clear();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	102	m_inputURL = String();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	103	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	104
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	105	XSSAuditor::XSSAuditor(Frame* frame)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	106	: m_frame(frame)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	107	, m_generationOfSuffixTree(-1)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	108	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	109	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	110
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	111	XSSAuditor::~XSSAuditor()
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	112	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	113	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	114
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	115	bool XSSAuditor::isEnabled() const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	116	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	117	Settings* settings = m_frame->settings();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	118	return (settings && settings->xssAuditorEnabled());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	119	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	120
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	121	bool XSSAuditor::canEvaluate(const String& code) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	122	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	123	if (!isEnabled())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	124	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	125
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	126	FindTask task;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	127	task.string = code;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	128	task.decodeEntities = false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	129	task.allowRequestIfNoIllegalURICharacters = true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	130
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	131	if (findInRequest(task)) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	132	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	133	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	134	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	135	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	136	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	137	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	138
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	139	bool XSSAuditor::canEvaluateJavaScriptURL(const String& code) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	140	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	141	if (!isEnabled())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	142	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	143
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	144	FindTask task;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	145	task.string = code;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	146	task.decodeURLEscapeSequencesTwice = true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	147
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	148	if (findInRequest(task)) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	149	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	150	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	151	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	152	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	153	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	154	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	155
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	156	bool XSSAuditor::canCreateInlineEventListener(const String&, const String& code) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	157	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	158	if (!isEnabled())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	159	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	160
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	161	FindTask task;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	162	task.string = code;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	163	task.allowRequestIfNoIllegalURICharacters = true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	164
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	165	if (findInRequest(task)) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	166	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	167	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	168	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	169	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	170	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	171	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	172
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	173	bool XSSAuditor::canLoadExternalScriptFromSrc(const String& url) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	174	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	175	if (!isEnabled())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	176	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	177
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	178	if (isSameOriginResource(url))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	179	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	180
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	181	FindTask task;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	182	task.string = url;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	183	task.allowRequestIfNoIllegalURICharacters = true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	184
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	185	if (findInRequest(task)) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	186	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	187	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	188	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	189	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	190	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	191	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	192
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	193	bool XSSAuditor::canLoadObject(const String& url) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	194	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	195	if (!isEnabled())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	196	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	197
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	198	if (isSameOriginResource(url))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	199	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	200
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	201	FindTask task;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	202	task.string = url;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	203	task.allowRequestIfNoIllegalURICharacters = true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	204
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	205	if (findInRequest(task)) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	206	String consoleMessage = String::format("Refused to load an object. URL found within request: \"%s\".\n", url.utf8().data());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	207	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	208	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	209	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	210	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	211	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	212
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	213	bool XSSAuditor::canSetBaseElementURL(const String& url) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	214	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	215	if (!isEnabled())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	216	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	217
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	218	if (isSameOriginResource(url))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	219	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	220
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	221	FindTask task;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	222	task.string = url;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	223	task.allowRequestIfNoIllegalURICharacters = true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	224
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	225	if (findInRequest(task)) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	226	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to load from document base URL. URL found within request.\n"));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	227	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	228	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	229	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	230	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	231	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	232
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	233	String XSSAuditor::canonicalize(const String& string)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	234	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	235	String result = decodeHTMLEntities(string);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	236	return result.removeCharacters(&isNonCanonicalCharacter);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	237	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	238
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	239	String XSSAuditor::decodeURL(const String& string, const TextEncoding& encoding, bool decodeEntities, bool decodeURLEscapeSequencesTwice)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	240	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	241	String result;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	242	String url = string;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	243
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	244	url.replace('+', ' ');
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	245	result = decodeURLEscapeSequences(url);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	246	CString utf8Url = result.utf8();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	247	String decodedResult = encoding.decode(utf8Url.data(), utf8Url.length());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	248	if (!decodedResult.isEmpty())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	249	result = decodedResult;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	250	if (decodeURLEscapeSequencesTwice) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	251	result = decodeURLEscapeSequences(result);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	252	utf8Url = result.utf8();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	253	decodedResult = encoding.decode(utf8Url.data(), utf8Url.length());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	254	if (!decodedResult.isEmpty())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	255	result = decodedResult;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	256	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	257	if (decodeEntities)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	258	result = decodeHTMLEntities(result);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	259	return result;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	260	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	261
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	262	String XSSAuditor::decodeHTMLEntities(const String& string, bool leaveUndecodableEntitiesUntouched)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	263	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	264	SegmentedString source(string);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	265	SegmentedString sourceShadow;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	266	Vector<UChar> result;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	267
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	268	while (!source.isEmpty()) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	269	UChar cc = *source;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	270	source.advance();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	271
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	272	if (cc != '&') {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	273	result.append(cc);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	274	continue;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	275	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	276
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	277	if (leaveUndecodableEntitiesUntouched)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	278	sourceShadow = source;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	279	bool notEnoughCharacters = false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	280	unsigned entity = LegacyPreloadScanner::consumeEntity(source, notEnoughCharacters);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	281	// We ignore notEnoughCharacters because we might as well use this loop
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	282	// to copy the remaining characters into \|result\|.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	283
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	284	if (entity > 0xFFFF) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	285	result.append(U16_LEAD(entity));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	286	result.append(U16_TRAIL(entity));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	287	} else if (entity && (!leaveUndecodableEntitiesUntouched \|\| entity != 0xFFFD)){
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	288	result.append(entity);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	289	} else {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	290	result.append('&');
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	291	if (leaveUndecodableEntitiesUntouched)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	292	source = sourceShadow;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	293	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	294	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	295
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	296	return String::adopt(result);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	297	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	298
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	299	bool XSSAuditor::isSameOriginResource(const String& url) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	300	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	301	// If the resource is loaded from the same URL as the enclosing page, it's
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	302	// probably not an XSS attack, so we reduce false positives by allowing the
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	303	// request. If the resource has a query string, we're more suspicious,
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	304	// however, because that's pretty rare and the attacker might be able to
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	305	// trick a server-side script into doing something dangerous with the query
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	306	// string.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	307	KURL resourceURL(m_frame->document()->url(), url);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	308	return (m_frame->document()->url().host() == resourceURL.host() && resourceURL.query().isEmpty());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	309	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	310
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	311	XSSProtectionDisposition XSSAuditor::xssProtection() const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	312	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	313	DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, ("X-XSS-Protection"));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	314
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	315	Frame* frame = m_frame;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	316	if (frame->document()->url() == blankURL())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	317	frame = m_frame->tree()->parent();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	318
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	319	return parseXSSProtectionHeader(frame->loader()->documentLoader()->response().httpHeaderField(XSSProtectionHeader));
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	320	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	321
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	322	bool XSSAuditor::findInRequest(const FindTask& task) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	323	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	324	bool result = false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	325	Frame* parentFrame = m_frame->tree()->parent();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	326	Frame* blockFrame = parentFrame;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	327	if (parentFrame && m_frame->document()->url() == blankURL())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	328	result = findInRequest(parentFrame, task);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	329	if (!result) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	330	result = findInRequest(m_frame, task);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	331	blockFrame = m_frame;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	332	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	333	if (!result)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	334	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	335
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	336	switch (xssProtection()) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	337	case XSSProtectionDisabled:
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	338	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	339	case XSSProtectionEnabled:
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	340	break;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	341	case XSSProtectionBlockEnabled:
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	342	if (blockFrame) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	343	blockFrame->loader()->stopAllLoaders();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	344	blockFrame->redirectScheduler()->scheduleLocationChange(blankURL(), String());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	345	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	346	break;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	347	default:
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	348	ASSERT_NOT_REACHED();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	349	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	350	return true;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	351	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	352
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	353	bool XSSAuditor::findInRequest(Frame* frame, const FindTask& task) const
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	354	{
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	355	ASSERT(frame->document());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	356
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	357	if (!frame->document()->decoder()) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	358	// Note, JavaScript URLs do not have a charset.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	359	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	360	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	361
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	362	if (task.string.isEmpty())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	363	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	364
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	365	DocumentLoader *documentLoader = frame->loader()->documentLoader();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	366	if (!documentLoader)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	367	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	368
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	369	FormData* formDataObj = documentLoader->originalRequest().httpBody();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	370	const bool hasFormData = formDataObj && !formDataObj->isEmpty();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	371	String pageURL = frame->document()->url().string();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	372
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	373	if (!hasFormData) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	374	// We clear out our form data caches, in case we're holding onto a bunch of memory.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	375	m_formDataCache.clear();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	376	m_formDataSuffixTree.clear();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	377	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	378
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	379	String canonicalizedString;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	380	if (!hasFormData && task.string.length() > 2 * pageURL.length()) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	381	// Q: Why do we bother to do this check at all?
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	382	// A: Canonicalizing large inline scripts can be expensive. We want to
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	383	// reduce the size of the string before we call canonicalize below,
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	384	// since it could result in an unneeded allocation and memcpy.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	385	//
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	386	// Q: Why do we multiply by two here?
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	387	// A: We attempt to detect reflected XSS even when the server
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	388	// transforms the attacker's input with addSlashes. The best the
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	389	// attacker can do get the server to inflate his/her input by a
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	390	// factor of two by sending " characters, which the server
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	391	// transforms to \".
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	392	canonicalizedString = task.string.substring(0, 2 * pageURL.length());
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	393	} else
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	394	canonicalizedString = task.string;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	395
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	396	if (frame->document()->url().protocolIs("data"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	397	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	398
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	399	canonicalizedString = canonicalize(canonicalizedString);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	400	if (canonicalizedString.isEmpty())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	401	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	402
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	403	if (!task.context.isEmpty())
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	404	canonicalizedString = task.context + canonicalizedString;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	405
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	406	String decodedPageURL = m_pageURLCache.canonicalizeURL(pageURL, frame->document()->decoder()->encoding(), task.decodeEntities, task.decodeURLEscapeSequencesTwice);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	407
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	408	if (task.allowRequestIfNoIllegalURICharacters && !hasFormData && decodedPageURL.find(&isIllegalURICharacter, 0) == -1)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	409	return false; // Injection is impossible because the request does not contain any illegal URI characters.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	410
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	411	if (decodedPageURL.find(canonicalizedString, 0, false) != -1)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	412	return true; // We've found the string in the GET data.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	413
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	414	if (hasFormData) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	415	String decodedFormData = m_formDataCache.canonicalizeURL(formDataObj, frame->document()->decoder()->encoding(), task.decodeEntities, task.decodeURLEscapeSequencesTwice);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	416
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	417	if (m_generationOfSuffixTree != m_formDataCache.generation()) {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	418	m_formDataSuffixTree = new SuffixTree<ASCIICodebook>(decodedFormData, 5);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	419	m_generationOfSuffixTree = m_formDataCache.generation();
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	420	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	421
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	422	// Try a fast-reject via the suffixTree.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	423	if (m_formDataSuffixTree && !m_formDataSuffixTree->mightContain(canonicalizedString))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	424	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	425
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	426	if (decodedFormData.find(canonicalizedString, 0, false) != -1)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	427	return true; // We found the string in the POST data.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	428	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	429
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	430	return false;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	431	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	432
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	433	} // namespace WebCore
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	434

author	Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
	Mon, 04 Oct 2010 01:32:07 +0300
changeset 2	303757a437d3
parent 0	4f2f89ce4247
permissions	-rw-r--r--