2011-02-05 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 5 Feb 2011 22:55:14 +0000 (22:55 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 5 Feb 2011 22:55:14 +0000 (22:55 +0000)
        Reviewed by Eric Seidel.

        Delete XSSAuditor
        https://bugs.webkit.org/show_bug.cgi?id=53859

        The job of the XSSAuditor is now done by the XSSFilter.  In the future,
        we might rename XSSFilter to XSSAuditor.

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL):
        * bindings/ScriptControllerBase.h:
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::ScriptController):
        (WebCore::ScriptController::evaluateInWorld):
        * bindings/js/ScriptController.h:
        * bindings/js/ScriptEventListener.cpp:
        (WebCore::createAttributeEventListener):
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::ScriptController):
        (WebCore::ScriptController::evaluate):
        * bindings/v8/ScriptController.h:
        * bindings/v8/ScriptEventListener.cpp:
        (WebCore::createAttributeEventListener):
        * dom/Document.cpp:
        (WebCore::Document::implicitOpen):
        (WebCore::Document::processBaseElement):
        * dom/ScriptableDocumentParser.cpp:
        (WebCore::ScriptableDocumentParser::ScriptableDocumentParser):
        * dom/ScriptableDocumentParser.h:
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::shouldLoadExternalScriptFromSrc):
        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::requestObject):
        (WebCore::SubframeLoader::loadMediaPlayerProxyPlugin):
        * page/XSSAuditor.cpp: Removed.
        * page/XSSAuditor.h: Removed.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77752 268f45cc-cd09-0410-ab3c-d52691b4dbfc

22 files changed:
Source/WebCore/Android.mk
Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/GNUmakefile.am
Source/WebCore/WebCore.gypi
Source/WebCore/WebCore.vcproj/WebCore.vcproj
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/bindings/ScriptControllerBase.cpp
Source/WebCore/bindings/ScriptControllerBase.h
Source/WebCore/bindings/js/ScriptController.cpp
Source/WebCore/bindings/js/ScriptController.h
Source/WebCore/bindings/js/ScriptEventListener.cpp
Source/WebCore/bindings/v8/ScriptController.cpp
Source/WebCore/bindings/v8/ScriptController.h
Source/WebCore/bindings/v8/ScriptEventListener.cpp
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/ScriptableDocumentParser.cpp
Source/WebCore/dom/ScriptableDocumentParser.h
Source/WebCore/html/parser/HTMLDocumentParser.cpp
Source/WebCore/loader/SubframeLoader.cpp
Source/WebCore/page/XSSAuditor.cpp [deleted file]
Source/WebCore/page/XSSAuditor.h [deleted file]

index 96c6309ac34ec972e6adbe0d97abacfec5ccc1ca..aa983b4ef68c91ed751a3db988b634afe1b7113e 100644 (file)
@@ -445,7 +445,6 @@ LOCAL_SRC_FILES := $(LOCAL_SRC_FILES) \
        page/UserContentURLPattern.cpp \
        page/WindowFeatures.cpp \
        page/WorkerNavigator.cpp \
-       page/XSSAuditor.cpp \
        \
        page/android/DragControllerAndroid.cpp \
        page/android/EventHandlerAndroid.cpp \
index 406a5bf526a549de8db43ca513b7996b9380eeba..d1782bb692e4c61e72938723e2aedce04ef64a1f 100644 (file)
@@ -1288,7 +1288,6 @@ SET(WebCore_SOURCES
     page/UserContentURLPattern.cpp
     page/WindowFeatures.cpp
     page/WorkerNavigator.cpp
-    page/XSSAuditor.cpp
 
     page/animation/AnimationBase.cpp
     page/animation/AnimationController.cpp
index f68c792ca3de0f7c70b14ce92290ac764c5e1ba4..54ade7512314930b21fc5aadc16dacd58b8919f4 100644 (file)
@@ -1,3 +1,48 @@
+2011-02-05  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Delete XSSAuditor
+        https://bugs.webkit.org/show_bug.cgi?id=53859
+
+        The job of the XSSAuditor is now done by the XSSFilter.  In the future,
+        we might rename XSSFilter to XSSAuditor.
+
+        * Android.mk:
+        * CMakeLists.txt:
+        * GNUmakefile.am:
+        * WebCore.gypi:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.xcodeproj/project.pbxproj:
+        * bindings/ScriptControllerBase.cpp:
+        (WebCore::ScriptController::executeIfJavaScriptURL):
+        * bindings/ScriptControllerBase.h:
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::ScriptController):
+        (WebCore::ScriptController::evaluateInWorld):
+        * bindings/js/ScriptController.h:
+        * bindings/js/ScriptEventListener.cpp:
+        (WebCore::createAttributeEventListener):
+        * bindings/v8/ScriptController.cpp:
+        (WebCore::ScriptController::ScriptController):
+        (WebCore::ScriptController::evaluate):
+        * bindings/v8/ScriptController.h:
+        * bindings/v8/ScriptEventListener.cpp:
+        (WebCore::createAttributeEventListener):
+        * dom/Document.cpp:
+        (WebCore::Document::implicitOpen):
+        (WebCore::Document::processBaseElement):
+        * dom/ScriptableDocumentParser.cpp:
+        (WebCore::ScriptableDocumentParser::ScriptableDocumentParser):
+        * dom/ScriptableDocumentParser.h:
+        * html/parser/HTMLDocumentParser.cpp:
+        (WebCore::HTMLDocumentParser::shouldLoadExternalScriptFromSrc):
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::requestObject):
+        (WebCore::SubframeLoader::loadMediaPlayerProxyPlugin):
+        * page/XSSAuditor.cpp: Removed.
+        * page/XSSAuditor.h: Removed.
+
 2011-02-05  Anders Carlsson  <andersca@apple.com>
 
         Reviewed by Darin Adler.
index 75a50cd60c89e111d5cf82dc23196c02e85c66f9..ba7df3bfe32126d9080c35e6bf4d0d8455b9994b 100644 (file)
@@ -2294,8 +2294,6 @@ webcore_sources += \
        Source/WebCore/page/WindowFeatures.h \
        Source/WebCore/page/WorkerNavigator.cpp \
        Source/WebCore/page/WorkerNavigator.h \
-       Source/WebCore/page/XSSAuditor.cpp \
-       Source/WebCore/page/XSSAuditor.h \
        Source/WebCore/platform/animation/Animation.cpp \
        Source/WebCore/platform/animation/Animation.h \
        Source/WebCore/platform/animation/AnimationList.cpp \
index 376a7e97eaf6cea330a404d568b20227875af191..59401f9684bdac6045d291dd58fd2509fb418151 100644 (file)
             'page/WindowFeatures.h',
             'page/WorkerNavigator.cpp',
             'page/WorkerNavigator.h',
-            'page/XSSAuditor.cpp',
-            'page/XSSAuditor.h',
             'platform/audio/AudioArray.h',
             'platform/audio/AudioBus.h',
             'platform/audio/AudioBus.cpp',
index db349e1ba8ddc922e7cf525681c50cb19fd9cbe1..852ca413b0520c48e877b7338c2b1825303389a8 100755 (executable)
                                RelativePath="..\page\WorkerNavigator.h"
                                >
                        </File>
-                       <File
-                               RelativePath="..\page\XSSAuditor.cpp"
-                               >
-                       </File>
-                       <File
-                               RelativePath="..\page\XSSAuditor.h"
-                               >
-                       </File>
                        <Filter
                                Name="win"
                                >
index 8a8d97f8dd0cd5b0c056c7149c47fbaf7e3ba4b8..aad30be795d166a4f132e132a1032e72a5fecd3f 100644 (file)
                97C471DC12F925BD0086354B /* ContentSecurityPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 97C471DA12F925BD0086354B /* ContentSecurityPolicy.h */; settings = {ATTRIBUTES = (Private, ); }; };
                97DCE20110807C750057D394 /* HistoryController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97DCE1FF10807C750057D394 /* HistoryController.cpp */; };
                97DCE20210807C750057D394 /* HistoryController.h in Headers */ = {isa = PBXBuildFile; fileRef = 97DCE20010807C750057D394 /* HistoryController.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               97DD4D860FDF4D6E00ECF9A4 /* XSSAuditor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97DD4D840FDF4D6D00ECF9A4 /* XSSAuditor.cpp */; };
-               97DD4D870FDF4D6E00ECF9A4 /* XSSAuditor.h in Headers */ = {isa = PBXBuildFile; fileRef = 97DD4D850FDF4D6E00ECF9A4 /* XSSAuditor.h */; };
                97EF7DFE107E55B700D7C49C /* ScriptControllerBase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97EF7DFD107E55B700D7C49C /* ScriptControllerBase.cpp */; };
                9B417064125662B3006B28FC /* ApplyBlockElementCommand.h in Headers */ = {isa = PBXBuildFile; fileRef = 9B417062125662B3006B28FC /* ApplyBlockElementCommand.h */; settings = {ATTRIBUTES = (Private, ); }; };
                9B417065125662B3006B28FC /* ApplyBlockElementCommand.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 9B417063125662B3006B28FC /* ApplyBlockElementCommand.cpp */; };
                97C471DA12F925BD0086354B /* ContentSecurityPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ContentSecurityPolicy.h; sourceTree = "<group>"; };
                97DCE1FF10807C750057D394 /* HistoryController.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HistoryController.cpp; sourceTree = "<group>"; };
                97DCE20010807C750057D394 /* HistoryController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HistoryController.h; sourceTree = "<group>"; };
-               97DD4D840FDF4D6D00ECF9A4 /* XSSAuditor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = XSSAuditor.cpp; sourceTree = "<group>"; };
-               97DD4D850FDF4D6E00ECF9A4 /* XSSAuditor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = XSSAuditor.h; sourceTree = "<group>"; };
                97EF7DFD107E55B700D7C49C /* ScriptControllerBase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScriptControllerBase.cpp; sourceTree = "<group>"; };
                9B417062125662B3006B28FC /* ApplyBlockElementCommand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ApplyBlockElementCommand.h; sourceTree = "<group>"; };
                9B417063125662B3006B28FC /* ApplyBlockElementCommand.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ApplyBlockElementCommand.cpp; sourceTree = "<group>"; };
                                E1271A130EEEC80400F61213 /* WorkerNavigator.cpp */,
                                E1271A0A0EEEC77A00F61213 /* WorkerNavigator.h */,
                                E1271A510EEECD1C00F61213 /* WorkerNavigator.idl */,
-                               97DD4D840FDF4D6D00ECF9A4 /* XSSAuditor.cpp */,
-                               97DD4D850FDF4D6E00ECF9A4 /* XSSAuditor.h */,
                        );
                        path = page;
                        sourceTree = "<group>";
                                E1F1E8300C3C2BB9006DB391 /* XSLTExtensions.h in Headers */,
                                93F199ED08245E59001E9ABC /* XSLTProcessor.h in Headers */,
                                E1BE512E0CF6C512002EA959 /* XSLTUnicodeSort.h in Headers */,
-                               97DD4D870FDF4D6E00ECF9A4 /* XSSAuditor.h in Headers */,
                                BC8AE34F12EA096A00EB3AE6 /* ScrollableArea.h in Headers */,
                                4F2D205412EAE7B3005C2874 /* InspectorAgent.h in Headers */,
                                BC9585E112F0989500755821 /* PlatformGestureEvent.h in Headers */,
                                93F19B0408245E59001E9ABC /* XSLTProcessor.cpp in Sources */,
                                93F19B0508245E59001E9ABC /* XSLTProcessorLibxslt.cpp in Sources */,
                                E1BE512D0CF6C512002EA959 /* XSLTUnicodeSort.cpp in Sources */,
-                               97DD4D860FDF4D6E00ECF9A4 /* XSSAuditor.cpp in Sources */,
                                BC8AE34E12EA096A00EB3AE6 /* ScrollableArea.cpp in Sources */,
                                4F2D205512EAE7B3005C2874 /* InspectorAgent.cpp in Sources */,
                                977E2DCD12F0E28300C13379 /* HTMLSourceTracker.cpp in Sources */,
index 85e8b0c6ef7a65748733cf34fd3ce9f1fcbd1482..7871e0e747def0281d8ac489a5ba4605027f6b78 100644 (file)
@@ -27,7 +27,6 @@
 #include "ScriptSourceCode.h"
 #include "ScriptValue.h"
 #include "Settings.h"
-#include "XSSAuditor.h"
 
 namespace WebCore {
 
@@ -88,9 +87,7 @@ bool ScriptController::executeIfJavaScriptURL(const KURL& url, ShouldReplaceDocu
     const int javascriptSchemeLength = sizeof("javascript:") - 1;
 
     String decodedURL = decodeURLEscapeSequences(url.string());
-    ScriptValue result;
-    if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL))
-        result = executeScript(decodedURL.substring(javascriptSchemeLength), false, AllowXSS);
+    ScriptValue result = executeScript(decodedURL.substring(javascriptSchemeLength), false, AllowXSS);
 
     // If executing script caused this frame to be removed from the page, we
     // don't want to try to replace its document!
index ed6ca620915026c98c888f85870f38f3505cef45..70031c9462994f3ef4cda0cd7b250eca3f73b3f0 100644 (file)
@@ -37,7 +37,7 @@ enum ReasonForCallingCanExecuteScripts {
     NotAboutToExecuteScript
 };
 
-// Whether to call the XSSAuditor to audit a script before passing it to the JavaScript engine.
+// FIXME: Remove this enum and all references to it.
 enum ShouldAllowXSS {
     AllowXSS,
     DoNotAllowXSS
index cf55080b3f295b85b146960dcab0f3225902fff0..84608b11a92481afd40c17ba22b791fea6906ee2 100644 (file)
@@ -40,7 +40,6 @@
 #include "StorageNamespace.h"
 #include "UserGestureIndicator.h"
 #include "WebCoreJSClientData.h"
-#include "XSSAuditor.h"
 #include "npruntime_impl.h"
 #include "runtime_root.h"
 #include <debugger/Debugger.h>
@@ -72,7 +71,6 @@ ScriptController::ScriptController(Frame* frame)
 #if PLATFORM(MAC)
     , m_windowScriptObject(0)
 #endif
-    , m_XSSAuditor(new XSSAuditor(frame))
 {
 #if PLATFORM(MAC) && ENABLE(JAVA_BRIDGE)
     static bool initializedJavaJSBindings;
@@ -116,16 +114,11 @@ JSDOMWindowShell* ScriptController::createWindowShell(DOMWrapperWorld* world)
     return windowShell;
 }
 
-ScriptValue ScriptController::evaluateInWorld(const ScriptSourceCode& sourceCode, DOMWrapperWorld* world, ShouldAllowXSS shouldAllowXSS)
+ScriptValue ScriptController::evaluateInWorld(const ScriptSourceCode& sourceCode, DOMWrapperWorld* world, ShouldAllowXSS)
 {
     const SourceCode& jsSourceCode = sourceCode.jsSourceCode();
     String sourceURL = ustringToString(jsSourceCode.provider()->url());
 
-    if (shouldAllowXSS == DoNotAllowXSS && !m_XSSAuditor->canEvaluate(sourceCode.source())) {
-        // This script is not safe to be evaluated.
-        return JSValue();
-    }
-
     // evaluate code. Returns the JS return value or 0
     // if there was none, an error occurred or the type couldn't be converted.
 
index 413b88abd7f97fdb31a160101d0e84caf2669c0d..e5bd5023f5783d629f08d14aa5540deae32f21a6 100644 (file)
@@ -59,7 +59,6 @@ class Node;
 class ScriptSourceCode;
 class ScriptValue;
 class Widget;
-class XSSAuditor;
 
 typedef HashMap<void*, RefPtr<JSC::Bindings::RootObject> > RootObjectMap;
 
@@ -168,8 +167,6 @@ public:
     NPObject* createScriptObjectForPluginElement(HTMLPlugInElement*);
     NPObject* windowScriptNPObject();
 #endif
-    
-    XSSAuditor* xssAuditor() { return m_XSSAuditor.get(); }
 
 private:
     JSDOMWindowShell* initScript(DOMWrapperWorld* world);
@@ -202,9 +199,6 @@ private:
 #if PLATFORM(MAC)
     RetainPtr<WebScriptObject> m_windowScriptObject;
 #endif
-    
-    // The XSSAuditor associated with this ScriptController.
-    OwnPtr<XSSAuditor> m_XSSAuditor;
 };
 
 } // namespace WebCore
index d2baf82e321acffc29afdf7c0159d36ed043d6f0..3a03f592c1a2a7afb21485603292b8b90b2f3f9f 100644 (file)
@@ -36,7 +36,6 @@
 #include "EventListener.h"
 #include "JSNode.h"
 #include "Frame.h"
-#include "XSSAuditor.h"
 #include <runtime/JSLock.h>
 
 using namespace JSC;
@@ -66,11 +65,6 @@ PassRefPtr<JSLazyEventListener> createAttributeEventListener(Node* node, Attribu
         if (!scriptController->canExecuteScripts(AboutToExecuteScript))
             return 0;
 
-        if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
-            // This script is not safe to execute.
-            return 0;
-        }
-
         lineNumber = scriptController->eventHandlerLineNumber();
         sourceURL = node->document()->url().string();
     }
@@ -94,11 +88,6 @@ PassRefPtr<JSLazyEventListener> createAttributeEventListener(Frame* frame, Attri
     if (!scriptController->canExecuteScripts(AboutToExecuteScript))
         return 0;
 
-    if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
-        // This script is not safe to execute.
-        return 0;
-    }
-
     lineNumber = scriptController->eventHandlerLineNumber();
     sourceURL = frame->document()->url().string();
     JSObject* wrapper = toJSDOMWindow(frame, mainThreadNormalWorld());
index 701bd197d73e6cdba7306ba5671ed17b83905cd4..5313f1cf28bac4c63443f769f414dcfe72936a80 100644 (file)
@@ -61,7 +61,6 @@
 #include "V8NPObject.h"
 #include "V8Proxy.h"
 #include "Widget.h"
-#include "XSSAuditor.h"
 #include <wtf/StdLibExtras.h>
 #include <wtf/text/CString.h>
 
@@ -117,7 +116,6 @@ ScriptController::ScriptController(Frame* frame)
 #if ENABLE(NETSCAPE_PLUGIN_API)
     , m_windowScriptNPObject(0)
 #endif
-    , m_XSSAuditor(new XSSAuditor(frame))
 {
 }
 
@@ -219,17 +217,12 @@ void ScriptController::evaluateInIsolatedWorld(unsigned worldID, const Vector<Sc
 }
 
 // Evaluate a script file in the environment of this proxy.
-ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode, ShouldAllowXSS shouldAllowXSS)
+ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode, ShouldAllowXSS)
 {
     String sourceURL = sourceCode.url();
     const String* savedSourceURL = m_sourceURL;
     m_sourceURL = &sourceURL;
 
-    if (shouldAllowXSS == DoNotAllowXSS && !m_XSSAuditor->canEvaluate(sourceCode.source())) {
-        // This script is not safe to be evaluated.
-        return ScriptValue();
-    }
-
     v8::HandleScope handleScope;
     v8::Handle<v8::Context> v8Context = V8Proxy::mainWorldContext(m_proxy->frame());
     if (v8Context.IsEmpty())
index 7664846eeb299e5a391519f0baab604651e20b86..9829c3a12461de26ad4b893015b37ab046811221 100644 (file)
@@ -61,7 +61,6 @@ class Frame;
 class HTMLPlugInElement;
 class ScriptSourceCode;
 class Widget;
-class XSSAuditor;
 
 class ScriptController {
 public:
@@ -106,8 +105,6 @@ public:
     ScriptController* windowShell(DOMWrapperWorld*) { return this; }
     ScriptController* existingWindowShell(DOMWrapperWorld*) { return this; }
 
-    XSSAuditor* xssAuditor() { return m_XSSAuditor.get(); }
-
     void collectGarbage();
 
     // Notify V8 that the system is running low on memory.
@@ -215,8 +212,6 @@ private:
 #if ENABLE(NETSCAPE_PLUGIN_API)
     NPObject* m_windowScriptNPObject;
 #endif
-    // The XSSAuditor associated with this ScriptController.
-    OwnPtr<XSSAuditor> m_XSSAuditor;
 };
 
 } // namespace WebCore
index b46fc5a6d563bc9d6d4d4e6f633a129cf99136e1..0d758d946c612fcdb0002557ffd43c6da53ebbd3 100644 (file)
@@ -39,7 +39,6 @@
 #include "DocumentParser.h"
 #include "V8AbstractEventListener.h"
 #include "V8Binding.h"
-#include "XSSAuditor.h"
 
 namespace WebCore {
 
@@ -59,11 +58,6 @@ PassRefPtr<V8LazyEventListener> createAttributeEventListener(Node* node, Attribu
         if (!scriptController->canExecuteScripts(AboutToExecuteScript))
             return 0;
 
-        if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
-            // This script is not safe to execute.
-            return 0;
-        }
-
         position = scriptController->eventHandlerPosition();
         sourceURL = node->document()->url().string();
     }
@@ -84,11 +78,6 @@ PassRefPtr<V8LazyEventListener> createAttributeEventListener(Frame* frame, Attri
     if (!scriptController->canExecuteScripts(AboutToExecuteScript))
         return 0;
 
-    if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
-        // This script is not safe to execute.
-        return 0;
-    }
-
     TextPosition0 position = scriptController->eventHandlerPosition();
     String sourceURL = frame->document()->url().string();
     return V8LazyEventListener::create(attr->localName().string(), frame->document()->isSVGDocument(), attr->value(), sourceURL, position, WorldContextHandle(UseMainWorld));
index 2520ae8c2cebfde075933a3e294fef91b475a1fa..10792fcf6b4e23c69f669210bc96834feb0231b7 100644 (file)
 #include "XMLHttpRequest.h"
 #include "XMLNSNames.h"
 #include "XMLNames.h"
-#include "XSSAuditor.h"
 #include "htmlediting.h"
 #include <wtf/CurrentTime.h>
 #include <wtf/HashFunctions.h>
@@ -1952,10 +1951,6 @@ void Document::implicitOpen()
     setParsing(true);
     setReadyState(Loading);
 
-    ScriptableDocumentParser* parser = scriptableDocumentParser();
-    if (m_frame && parser)
-        parser->setXSSAuditor(m_frame->script()->xssAuditor());
-
     // If we reload, the animation controller sticks around and has
     // a stale animation time. We need to update it here.
     if (m_frame && m_frame->animation())
@@ -2303,7 +2298,7 @@ void Document::processBaseElement()
     KURL baseElementURL;
     if (href) {
         String strippedHref = stripLeadingAndTrailingHTMLSpaces(*href);
-        if (!strippedHref.isEmpty() && (!frame() || frame()->script()->xssAuditor()->canSetBaseElementURL(*href)))
+        if (!strippedHref.isEmpty())
             baseElementURL = KURL(url(), strippedHref);
     }
     if (m_baseElementURL != baseElementURL) {
index 0712a15befa073b4501557a8466f2591878bcae7..91a138547dcbbc9c7b9dd403e497e7ffa561df0f 100644 (file)
@@ -30,7 +30,6 @@ namespace WebCore {
 
 ScriptableDocumentParser::ScriptableDocumentParser(Document* document)
     : DecodedDataDocumentParser(document)
-    , m_xssAuditor(0)
 {
 }
 
index d9bf85cabf45533c981be60fc5ba969775e4243c..1e34dde908e8b35be49277f9196c5f2214e54c16 100644 (file)
@@ -31,8 +31,6 @@
 
 namespace WebCore {
 
-class XSSAuditor;
-
 class ScriptableDocumentParser : public DecodedDataDocumentParser {
 public:
     // Only used by Document::open for deciding if its safe to act on a
@@ -49,17 +47,11 @@ public:
     virtual int lineNumber() const = 0;
     virtual TextPosition0 textPosition() const = 0;
 
-    XSSAuditor* xssAuditor() const { return m_xssAuditor; }
-    void setXSSAuditor(XSSAuditor* auditor) { m_xssAuditor = auditor; }
-
 protected:
     explicit ScriptableDocumentParser(Document*);
 
 private:
     virtual ScriptableDocumentParser* asScriptableDocumentParser() { return this; }
-
-    // The XSSAuditor associated with this document parser.
-    XSSAuditor* m_xssAuditor;
 };
 
 }
index 7c223b223e6bb2d2018c0e78a42fed6c2f1c9964..ebbe1b6c47b5f6349dab009c13224bac13cde362 100644 (file)
@@ -39,7 +39,6 @@
 #include "InspectorInstrumentation.h"
 #include "NestingLevelIncrementer.h"
 #include "Settings.h"
-#include "XSSAuditor.h"
 #include <wtf/CurrentTime.h>
 
 namespace WebCore {
@@ -456,11 +455,10 @@ void HTMLDocumentParser::stopWatchingForLoad(CachedResource* cachedScript)
     cachedScript->removeClient(this);
 }
 
-bool HTMLDocumentParser::shouldLoadExternalScriptFromSrc(const AtomicString& srcValue)
+bool HTMLDocumentParser::shouldLoadExternalScriptFromSrc(const AtomicString&)
 {
-    if (!xssAuditor())
-        return true;
-    return xssAuditor()->canLoadExternalScriptFromSrc(srcValue);
+    // FIXME: Add Content-Security-Policy hook here.
+    return true;
 }
 
 void HTMLDocumentParser::notifyFinished(CachedResource* cachedResource)
index ae8ce98b002d270381330a6c5d4973e8a4fe9cb6..8bfd4744a94a529334c1931832df04cd8780df21 100644 (file)
@@ -46,7 +46,6 @@
 #include "RenderEmbeddedObject.h"
 #include "RenderView.h"
 #include "Settings.h"
-#include "XSSAuditor.h"
 
 #if ENABLE(PLUGIN_PROXY_FOR_VIDEO)
 #include "HTMLMediaElement.h"
@@ -103,11 +102,6 @@ bool SubframeLoader::requestObject(HTMLPlugInImageElement* ownerElement, const S
 {
     if (url.isEmpty() && mimeType.isEmpty())
         return false;
-    
-    if (!m_frame->script()->xssAuditor()->canLoadObject(url)) {
-        // It is unsafe to honor the request for this object.
-        return false;
-    }
 
     // FIXME: None of this code should use renderers!
     RenderEmbeddedObject* renderer = ownerElement->renderEmbeddedObject();
@@ -150,9 +144,6 @@ PassRefPtr<Widget> SubframeLoader::loadMediaPlayerProxyPlugin(Node* node, const
 {
     ASSERT(node->hasTagName(videoTag) || node->hasTagName(audioTag));
 
-    if (!m_frame->script()->xssAuditor()->canLoadObject(url.string()))
-        return 0;
-
     KURL completedURL;
     if (!url.isEmpty())
         completedURL = completeURL(url);
diff --git a/Source/WebCore/page/XSSAuditor.cpp b/Source/WebCore/page/XSSAuditor.cpp
deleted file mode 100644 (file)
index 94e5f57..0000000
+++ /dev/null
@@ -1,432 +0,0 @@
-/*
- * Copyright (C) 2008, 2009 Daniel Bates (dbates@intudata.com)
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "XSSAuditor.h"
-
-#include <wtf/StdLibExtras.h>
-#include <wtf/Vector.h>
-
-#include "Console.h"
-#include "DocumentLoader.h"
-#include "DOMWindow.h"
-#include "Frame.h"
-#include "HTMLEntityParser.h"
-#include "KURL.h"
-#include "ResourceResponseBase.h"
-#include "ScriptSourceCode.h"
-#include "Settings.h"
-#include "TextResourceDecoder.h"
-#include <wtf/text/CString.h>
-#include <wtf/text/StringConcatenate.h>
-
-namespace WebCore {
-
-static bool isNonCanonicalCharacter(UChar c)
-{
-    // We remove all non-ASCII characters, including non-printable ASCII characters.
-    //
-    // Note, we don't remove backslashes like PHP stripslashes(), which among other things converts "\\0" to the \0 character.
-    // Instead, we remove backslashes and zeros (since the string "\\0" =(remove backslashes)=> "0"). However, this has the 
-    // adverse effect that we remove any legitimate zeros from a string.
-    //
-    // For instance: new String("http://localhost:8000") => new String("http://localhost:8").
-    return (c == '\\' || c == '0' || c < ' ' || c >= 127);
-}
-
-static bool isIllegalURICharacter(UChar c)
-{
-    // The characters described in section 2.4.3 of RFC 2396 <http://www.faqs.org/rfcs/rfc2396.html> in addition to the 
-    // single quote character "'" are considered illegal URI characters. That is, the following characters cannot appear
-    // in a valid URI: ', ", <, >
-    //
-    // If the request does not contain these characters then we can assume that no inline scripts have been injected 
-    // into the response page, because it is impossible to write an inline script of the form <script>...</script>
-    // without "<", ">".
-    return (c == '\'' || c == '"' || c == '<' || c == '>');
-}
-
-String XSSAuditor::CachingURLCanonicalizer::canonicalizeURL(FormData* formData, const TextEncoding& encoding, bool decodeEntities, 
-                                                            bool decodeURLEscapeSequencesTwice)
-{
-    if (decodeEntities == m_decodeEntities && decodeURLEscapeSequencesTwice == m_decodeURLEscapeSequencesTwice 
-        && encoding == m_encoding && formData == m_formData)
-        return m_cachedCanonicalizedURL;
-    m_formData = formData;
-    return canonicalizeURL(formData->flattenToString(), encoding, decodeEntities, decodeURLEscapeSequencesTwice);
-}
-
-String XSSAuditor::CachingURLCanonicalizer::canonicalizeURL(const String& url, const TextEncoding& encoding, bool decodeEntities, 
-                                                            bool decodeURLEscapeSequencesTwice)
-{
-    if (decodeEntities == m_decodeEntities && decodeURLEscapeSequencesTwice == m_decodeURLEscapeSequencesTwice 
-        && encoding == m_encoding && url == m_inputURL)
-        return m_cachedCanonicalizedURL;
-
-    m_cachedCanonicalizedURL = canonicalize(decodeURL(url, encoding, decodeEntities, decodeURLEscapeSequencesTwice));
-    m_inputURL = url;
-    m_encoding = encoding;
-    m_decodeEntities = decodeEntities;
-    m_decodeURLEscapeSequencesTwice = decodeURLEscapeSequencesTwice;
-    ++m_generation;
-    return m_cachedCanonicalizedURL;
-}
-
-void XSSAuditor::CachingURLCanonicalizer::clear()
-{
-    m_formData.clear();
-    m_inputURL = String();
-}
-
-XSSAuditor::XSSAuditor(Frame* frame)
-    : m_frame(frame)
-    , m_generationOfSuffixTree(-1)
-{
-}
-
-XSSAuditor::~XSSAuditor()
-{
-}
-
-bool XSSAuditor::isEnabled() const
-{
-    // FIXME: Remove this class if the transition to XSSFilter goes smoothly.
-    return false;
-}
-
-bool XSSAuditor::canEvaluate(const String& code) const
-{
-    if (!isEnabled())
-        return true;
-
-    FindTask task;
-    task.string = code;
-    task.decodeEntities = false;
-    task.allowRequestIfNoIllegalURICharacters = true;
-
-    if (findInRequest(task)) {
-        DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
-        m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
-        return false;
-    }
-    return true;
-}
-
-bool XSSAuditor::canEvaluateJavaScriptURL(const String& code) const
-{
-    if (!isEnabled())
-        return true;
-
-    FindTask task;
-    task.string = code;
-    task.decodeURLEscapeSequencesTwice = true;
-
-    if (findInRequest(task)) {
-        DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
-        m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
-        return false;
-    }
-    return true;
-}
-
-bool XSSAuditor::canCreateInlineEventListener(const String&, const String& code) const
-{
-    if (!isEnabled())
-        return true;
-
-    FindTask task;
-    task.string = code;
-    task.allowRequestIfNoIllegalURICharacters = true;
-
-    if (findInRequest(task)) {
-        DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
-        m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
-        return false;
-    }
-    return true;
-}
-
-bool XSSAuditor::canLoadExternalScriptFromSrc(const String& url) const
-{
-    if (!isEnabled())
-        return true;
-
-    if (isSameOriginResource(url))
-        return true;
-
-    FindTask task;
-    task.string = url;
-    task.allowRequestIfNoIllegalURICharacters = true;
-
-    if (findInRequest(task)) {
-        DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
-        m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
-        return false;
-    }
-    return true;
-}
-
-bool XSSAuditor::canLoadObject(const String& url) const
-{
-    if (!isEnabled())
-        return true;
-
-    if (isSameOriginResource(url))
-        return true;
-
-    FindTask task;
-    task.string = url;
-    task.allowRequestIfNoIllegalURICharacters = true;
-
-    if (findInRequest(task)) {
-        String consoleMessage = makeString("Refused to load an object. URL found within request: \"", url, "\".\n");
-        m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
-        return false;
-    }
-    return true;
-}
-
-bool XSSAuditor::canSetBaseElementURL(const String& url) const
-{
-    if (!isEnabled())
-        return true;
-
-    if (isSameOriginResource(url))
-        return true;
-
-    FindTask task;
-    task.string = url;
-    task.allowRequestIfNoIllegalURICharacters = true;
-
-    if (findInRequest(task)) {
-        DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to load from document base URL. URL found within request.\n"));
-        m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
-        return false;
-    }
-    return true;
-}
-
-String XSSAuditor::canonicalize(const String& string)
-{
-    String result = decodeHTMLEntities(string);
-    return result.removeCharacters(&isNonCanonicalCharacter);
-}
-
-String XSSAuditor::decodeURL(const String& string, const TextEncoding& encoding, bool decodeEntities, bool decodeURLEscapeSequencesTwice)
-{
-    String result;
-    String url = string;
-
-    url.replace('+', ' ');
-    result = decodeURLEscapeSequences(url);
-    CString utf8Url = result.utf8();
-    String decodedResult = encoding.decode(utf8Url.data(), utf8Url.length());
-    if (!decodedResult.isEmpty())
-        result = decodedResult;
-    if (decodeURLEscapeSequencesTwice) {
-        result = decodeURLEscapeSequences(result);
-        utf8Url = result.utf8();
-        decodedResult = encoding.decode(utf8Url.data(), utf8Url.length());
-        if (!decodedResult.isEmpty())
-            result = decodedResult;
-    }
-    if (decodeEntities)
-        result = decodeHTMLEntities(result);
-    return result;
-}
-
-String XSSAuditor::decodeHTMLEntities(const String& string, bool leaveUndecodableEntitiesUntouched)
-{
-    SegmentedString source(string);
-    SegmentedString sourceShadow;
-    Vector<UChar> result;
-    
-    while (!source.isEmpty()) {
-        UChar cc = *source;
-        source.advance();
-        
-        if (cc != '&') {
-            result.append(cc);
-            continue;
-        }
-        
-        if (leaveUndecodableEntitiesUntouched)
-            sourceShadow = source;
-        bool notEnoughCharacters = false;
-        Vector<UChar, 16> decodedEntity;
-        bool success = consumeHTMLEntity(source, decodedEntity, notEnoughCharacters);
-        // We ignore notEnoughCharacters because we might as well use this loop
-        // to copy the remaining characters into |result|.
-        if (!success || (!leaveUndecodableEntitiesUntouched && decodedEntity.size() == 1 && decodedEntity[0] == 0xFFFD)) {
-            result.append('&');
-            if (leaveUndecodableEntitiesUntouched)
-                source = sourceShadow;
-        } else {
-            Vector<UChar>::const_iterator iter = decodedEntity.begin();
-            for (; iter != decodedEntity.end(); ++iter)
-                result.append(*iter);
-        }
-    }
-    
-    return String::adopt(result);
-}
-
-bool XSSAuditor::isSameOriginResource(const String& url) const
-{
-    // If the resource is loaded from the same URL as the enclosing page, it's
-    // probably not an XSS attack, so we reduce false positives by allowing the
-    // request. If the resource has a query string, we're more suspicious,
-    // however, because that's pretty rare and the attacker might be able to
-    // trick a server-side script into doing something dangerous with the query
-    // string.
-    KURL resourceURL(m_frame->document()->url(), url);
-    return (m_frame->document()->url().host() == resourceURL.host() && resourceURL.query().isEmpty());
-}
-
-XSSProtectionDisposition XSSAuditor::xssProtection() const
-{
-    DEFINE_STATIC_LOCAL(String, XSSProtectionHeader, ("X-XSS-Protection"));
-
-    Frame* frame = m_frame;
-    if (frame->document()->url() == blankURL())
-        frame = m_frame->tree()->parent();
-
-    return parseXSSProtectionHeader(frame->loader()->documentLoader()->response().httpHeaderField(XSSProtectionHeader));
-}
-
-bool XSSAuditor::findInRequest(const FindTask& task) const
-{
-    bool result = false;
-    Frame* parentFrame = m_frame->tree()->parent();
-    Frame* blockFrame = parentFrame;
-    if (parentFrame && m_frame->document()->url() == blankURL())
-        result = findInRequest(parentFrame, task);
-    if (!result) {
-        result = findInRequest(m_frame, task);
-        blockFrame = m_frame;
-    }
-    if (!result)
-        return false;
-
-    switch (xssProtection()) {
-    case XSSProtectionDisabled:
-        return false;
-    case XSSProtectionEnabled:
-        break;
-    case XSSProtectionBlockEnabled:
-        if (blockFrame) {
-            blockFrame->loader()->stopAllLoaders();
-            blockFrame->navigationScheduler()->scheduleLocationChange(blockFrame->document()->securityOrigin(), blankURL(), String());
-        }
-        break;
-    default:
-        ASSERT_NOT_REACHED();
-    }
-    return true;
-}
-
-bool XSSAuditor::findInRequest(Frame* frame, const FindTask& task) const
-{
-    ASSERT(frame->document());
-
-    if (!frame->document()->decoder()) {
-        // Note, JavaScript URLs do not have a charset.
-        return false;
-    }
-
-    if (task.string.isEmpty())
-        return false;
-
-    DocumentLoader *documentLoader = frame->loader()->documentLoader();
-    if (!documentLoader)
-        return false;
-
-    FormData* formDataObj = documentLoader->originalRequest().httpBody();
-    const bool hasFormData = formDataObj && !formDataObj->isEmpty();
-    String pageURL = frame->document()->url().string();
-
-    if (!hasFormData) {
-        // We clear out our form data caches, in case we're holding onto a bunch of memory.
-        m_formDataCache.clear();
-        m_formDataSuffixTree.clear();
-    }
-
-    String canonicalizedString;
-    if (!hasFormData && task.string.length() > 2 * pageURL.length()) {
-        // Q: Why do we bother to do this check at all?
-        // A: Canonicalizing large inline scripts can be expensive.  We want to
-        //    reduce the size of the string before we call canonicalize below,
-        //    since it could result in an unneeded allocation and memcpy.
-        //
-        // Q: Why do we multiply by two here?
-        // A: We attempt to detect reflected XSS even when the server
-        //    transforms the attacker's input with addSlashes.  The best the
-        //    attacker can do get the server to inflate his/her input by a
-        //    factor of two by sending " characters, which the server
-        //    transforms to \".
-        canonicalizedString = task.string.substring(0, 2 * pageURL.length());
-    } else
-        canonicalizedString = task.string;
-
-    if (frame->document()->url().protocolIsData())
-        return false;
-
-    canonicalizedString = canonicalize(canonicalizedString);
-    if (canonicalizedString.isEmpty())
-        return false;
-
-    if (!task.context.isEmpty())
-        canonicalizedString = task.context + canonicalizedString;
-
-    String decodedPageURL = m_pageURLCache.canonicalizeURL(pageURL, frame->document()->decoder()->encoding(), task.decodeEntities, task.decodeURLEscapeSequencesTwice);
-
-    if (task.allowRequestIfNoIllegalURICharacters && !hasFormData && decodedPageURL.find(&isIllegalURICharacter, 0) == notFound)
-        return false; // Injection is impossible because the request does not contain any illegal URI characters.
-
-    if (decodedPageURL.find(canonicalizedString, 0, false) != notFound)
-        return true; // We've found the string in the GET data.
-
-    if (hasFormData) {
-        String decodedFormData = m_formDataCache.canonicalizeURL(formDataObj, frame->document()->decoder()->encoding(), task.decodeEntities, task.decodeURLEscapeSequencesTwice);
-
-        if (m_generationOfSuffixTree != m_formDataCache.generation()) {
-            m_formDataSuffixTree = new SuffixTree<ASCIICodebook>(decodedFormData, 5);
-            m_generationOfSuffixTree = m_formDataCache.generation();
-        }
-
-        // Try a fast-reject via the suffixTree.
-        if (m_formDataSuffixTree && !m_formDataSuffixTree->mightContain(canonicalizedString))
-            return false;
-
-        if (decodedFormData.find(canonicalizedString, 0, false) != notFound)
-            return true; // We found the string in the POST data.
-    }
-
-    return false;
-}
-
-} // namespace WebCore
-
diff --git a/Source/WebCore/page/XSSAuditor.h b/Source/WebCore/page/XSSAuditor.h
deleted file mode 100644 (file)
index 5beed61..0000000
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright (C) 2008, 2009 Daniel Bates (dbates@intudata.com)
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef XSSAuditor_h
-#define XSSAuditor_h
-
-#include "HTTPParsers.h"
-#include "PlatformString.h"
-#include "SuffixTree.h"
-#include "TextEncoding.h"
-
-namespace WebCore {
-
-    class FormData;
-    class Frame;
-    class ScriptSourceCode;
-
-    // The XSSAuditor class is used to prevent type 1 cross-site scripting
-    // vulnerabilities (also known as reflected vulnerabilities).
-    //
-    // More specifically, the XSSAuditor class decides whether the execution of
-    // a script is to be allowed or denied based on the content of any
-    // user-submitted data, including:
-    //
-    // * the URL.
-    // * the HTTP-POST data.
-    //
-    // If the source code of a script resembles any user-submitted data then it
-    // is denied execution.
-    //
-    // When you instantiate the XSSAuditor you must specify the Frame of the
-    // page that you wish to audit.
-    //
-    // Bindings
-    //
-    // An XSSAuditor is instantiated within the constructor of a
-    // ScriptController object and passed the Frame the script originated. The
-    // ScriptController calls back to the XSSAuditor to determine whether a
-    // JavaScript script is safe to execute before executing it. The following
-    // methods call into XSSAuditor:
-    //
-    // * ScriptController::evaluateInWorld - used to evaluate JavaScript scripts.
-    // * ScriptController::executeIfJavaScriptURL - used to evaluate JavaScript URLs.
-    // * ScriptEventListener::createAttributeEventListener - used to create JavaScript event handlers.
-    // * HTMLBaseElement::process - used to set the document base URL.
-    // * HTMLDocumentParser::shouldLoadExternalScriptFromSrc - used to load external JavaScript scripts.
-    // * SubframeLoader::requestObject - used to load <object>/<embed> elements.
-    //
-    class XSSAuditor {
-        WTF_MAKE_NONCOPYABLE(XSSAuditor); WTF_MAKE_FAST_ALLOCATED;
-    public:
-        XSSAuditor(Frame*);
-        ~XSSAuditor();
-
-        bool isEnabled() const;
-
-        // Determines whether the script should be allowed or denied execution
-        // based on the content of any user-submitted data.
-        bool canEvaluate(const String& code) const;
-
-        // Determines whether the JavaScript URL should be allowed or denied execution
-        // based on the content of any user-submitted data.
-        bool canEvaluateJavaScriptURL(const String& code) const;
-
-        // Determines whether the event listener should be created based on the
-        // content of any user-submitted data.
-        bool canCreateInlineEventListener(const String& functionName, const String& code) const;
-
-        // Determines whether the external script should be loaded based on the
-        // content of any user-submitted data.
-        bool canLoadExternalScriptFromSrc(const String& url) const;
-
-        // Determines whether object should be loaded based on the content of
-        // any user-submitted data.
-        //
-        // This method is called by SubframeLoader::requestObject.
-        bool canLoadObject(const String& url) const;
-
-        // Determines whether the base URL should be changed based on the content
-        // of any user-submitted data.
-        //
-        // This method is called by HTMLBaseElement::process.
-        bool canSetBaseElementURL(const String& url) const;
-
-    private:
-        class CachingURLCanonicalizer
-        {
-        public:
-            CachingURLCanonicalizer() : m_decodeEntities(false), m_decodeURLEscapeSequencesTwice(false), m_generation(0) { }
-            String canonicalizeURL(FormData*, const TextEncoding& encoding, bool decodeEntities, 
-                                   bool decodeURLEscapeSequencesTwice);
-            String canonicalizeURL(const String& url, const TextEncoding& encoding, bool decodeEntities, 
-                                   bool decodeURLEscapeSequencesTwice);
-
-            void clear();
-
-            int generation() const { return m_generation; }
-
-        private:
-            // The parameters we were called with last.
-            String m_inputURL;
-            TextEncoding m_encoding;
-            bool m_decodeEntities;
-            bool m_decodeURLEscapeSequencesTwice;
-            RefPtr<FormData> m_formData;
-
-            // Incremented every time we see a new URL.
-            int m_generation;
-
-            // The cached result.
-            String m_cachedCanonicalizedURL;
-        };
-
-        struct FindTask {
-            FindTask()
-                : decodeEntities(true)
-                , allowRequestIfNoIllegalURICharacters(false)
-                , decodeURLEscapeSequencesTwice(false)
-            {
-            }
-
-            String context;
-            String string;
-            bool decodeEntities;
-            bool allowRequestIfNoIllegalURICharacters;
-            bool decodeURLEscapeSequencesTwice;
-        };
-
-        static String canonicalize(const String&);
-        static String decodeURL(const String& url, const TextEncoding& encoding, bool decodeEntities, 
-                                bool decodeURLEscapeSequencesTwice = false);
-        static String decodeHTMLEntities(const String&, bool leaveUndecodableEntitiesUntouched = true);
-
-        bool isSameOriginResource(const String& url) const;
-        bool findInRequest(const FindTask&) const;
-        bool findInRequest(Frame*, const FindTask&) const;
-
-        XSSProtectionDisposition xssProtection() const;
-
-        // The frame to audit.
-        Frame* m_frame;
-
-        // A state store to help us avoid canonicalizing the same URL repeated.
-        // When a page has form data, we need two caches: one to store the
-        // canonicalized URL and another to store the cannonicalized form
-        // data. If we only had one cache, we'd always generate a cache miss
-        // and load some pages extremely slowly.
-        // https://bugs.webkit.org/show_bug.cgi?id=35373
-        mutable CachingURLCanonicalizer m_pageURLCache;
-        mutable CachingURLCanonicalizer m_formDataCache;
-
-        mutable OwnPtr<SuffixTree<ASCIICodebook> > m_formDataSuffixTree;
-        mutable int m_generationOfSuffixTree;
-    };
-
-} // namespace WebCore
-
-#endif // XSSAuditor_h