1/*
2 * Copyright (C) 2013 Google, Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 *    notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 *    notice, this list of conditions and the following disclaimer in the
11 *    documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#ifndef XSSAuditorDelegate_h
27#define XSSAuditorDelegate_h
28
29#include "platform/heap/Handle.h"
30#include "platform/weborigin/KURL.h"
31#include "wtf/OwnPtr.h"
32#include "wtf/PassOwnPtr.h"
33#include "wtf/Vector.h"
34#include "wtf/text/TextPosition.h"
35#include "wtf/text/WTFString.h"
36
37namespace blink {
38
39class Document;
40class FormData;
41
42class XSSInfo {
43public:
44    static PassOwnPtr<XSSInfo> create(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader)
45    {
46        return adoptPtr(new XSSInfo(originalURL, didBlockEntirePage, didSendXSSProtectionHeader, didSendCSPHeader));
47    }
48
49    String buildConsoleError() const;
50    bool isSafeToSendToAnotherThread() const;
51
52    String m_originalURL;
53    bool m_didBlockEntirePage;
54    bool m_didSendXSSProtectionHeader;
55    bool m_didSendCSPHeader;
56    TextPosition m_textPosition;
57
58private:
59    XSSInfo(const String& originalURL, bool didBlockEntirePage, bool didSendXSSProtectionHeader, bool didSendCSPHeader)
60        : m_originalURL(originalURL.isolatedCopy())
61        , m_didBlockEntirePage(didBlockEntirePage)
62        , m_didSendXSSProtectionHeader(didSendXSSProtectionHeader)
63        , m_didSendCSPHeader(didSendCSPHeader)
64    { }
65};
66
67class XSSAuditorDelegate FINAL {
68    DISALLOW_ALLOCATION();
69    WTF_MAKE_NONCOPYABLE(XSSAuditorDelegate);
70public:
71    explicit XSSAuditorDelegate(Document*);
72    void trace(Visitor*);
73
74    void didBlockScript(const XSSInfo&);
75    void setReportURL(const KURL& url) { m_reportURL = url; }
76
77private:
78    PassRefPtr<FormData> generateViolationReport(const XSSInfo&);
79
80    RawPtrWillBeMember<Document> m_document;
81    bool m_didSendNotifications;
82    KURL m_reportURL;
83};
84
85typedef Vector<OwnPtr<XSSInfo> > XSSInfoStream;
86
87}
88
89#endif
90