1/* 2 * Copyright (C) 2013 Google, Inc. All Rights Reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#ifndef XSSAuditorDelegate_h 27#define XSSAuditorDelegate_h 28 29#include "platform/heap/Handle.h" 30#include "platform/weborigin/KURL.h" 31#include "wtf/OwnPtr.h" 32#include "wtf/PassOwnPtr.h" 33#include "wtf/Vector.h" 34#include "wtf/text/TextPosition.h" 35#include "wtf/text/WTFString.h" 36 37namespace blink { 38 39class Document; 40class FormData; 41 42class XSSInfo { 43public: 44 static PassOwnPtr<XSSInfo> create(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader) 45 { 46 return adoptPtr(new XSSInfo(originalURL, didBlockEntirePage, didSendXSSProtectionHeader, didSendCSPHeader)); 47 } 48 49 String buildConsoleError() const; 50 bool isSafeToSendToAnotherThread() const; 51 52 String m_originalURL; 53 bool m_didBlockEntirePage; 54 bool m_didSendXSSProtectionHeader; 55 bool m_didSendCSPHeader; 56 TextPosition m_textPosition; 57 58private: 59 XSSInfo(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader) 60 : m_originalURL(originalURL.isolatedCopy()) 61 , m_didBlockEntirePage(didBlockEntirePage) 62 , m_didSendXSSProtectionHeader(didSendXSSProtectionHeader) 63 , m_didSendCSPHeader(didSendCSPHeader) 64 { } 65}; 66 67class XSSAuditorDelegate FINAL { 68 DISALLOW_ALLOCATION(); 69 WTF_MAKE_NONCOPYABLE(XSSAuditorDelegate); 70public: 71 explicit XSSAuditorDelegate(Document*); 72 void trace(Visitor*); 73 74 void didBlockScript(const XSSInfo&); 75 void setReportURL(const KURL& url) { m_reportURL = url; } 76 77private: 78 PassRefPtr<FormData> generateViolationReport(const XSSInfo&); 79 80 RawPtrWillBeMember<Document> m_document; 81 bool m_didSendNotifications; 82 KURL m_reportURL; 83}; 84 85typedef Vector<OwnPtr<XSSInfo> > XSSInfoStream; 86 87} 88 89#endif 90