FCL/sf/mw/qt: src/3rdparty/webkit/WebCore/page/XSSAuditor.cpp@f7bc934e204c (annotated)

0 1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	1	/*
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	2	* Copyright (C) 2008, 2009 Daniel Bates (dbates@intudata.com)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	3	* All rights reserved.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	4	*
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	5	* Redistribution and use in source and binary forms, with or without
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	6	* modification, are permitted provided that the following conditions
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	7	* are met:
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	8	* 1. Redistributions of source code must retain the above copyright
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	9	* notice, this list of conditions and the following disclaimer.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	10	* 2. Redistributions in binary form must reproduce the above copyright
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	11	* notice, this list of conditions and the following disclaimer in the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	12	* documentation and/or other materials provided with the distribution.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	13	*
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	14	* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	15	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	16	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	17	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	18	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	19	* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	20	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	21	* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	22	* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	24	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	25	*/
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	26
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	27	#include "config.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	28	#include "XSSAuditor.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	29
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	30	#include <wtf/StdLibExtras.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	31	#include <wtf/Vector.h>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	32
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	33	#include "Console.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	34	#include "CString.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	35	#include "DocumentLoader.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	36	#include "DOMWindow.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	37	#include "Frame.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	38	#include "KURL.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	39	#include "PreloadScanner.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	40	#include "ResourceResponseBase.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	41	#include "ScriptSourceCode.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	42	#include "Settings.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	43	#include "TextResourceDecoder.h"
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	44
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	45	using namespace WTF;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	46
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	47	namespace WebCore {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	48
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	49	static bool isNonCanonicalCharacter(UChar c)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	50	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	51	// We remove all non-ASCII characters, including non-printable ASCII characters.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	52	//
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	53	// Note, we don't remove backslashes like PHP stripslashes(), which among other things converts "\\0" to the \0 character.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	54	// Instead, we remove backslashes and zeros (since the string "\\0" =(remove backslashes)=> "0"). However, this has the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	55	// adverse effect that we remove any legitimate zeros from a string.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	56	//
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	57	// For instance: new String("http://localhost:8000") => new String("http://localhost:8").
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	58	return (c == '\\' \|\| c == '0' \|\| c < ' ' \|\| c >= 127);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	59	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	60
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	61	static bool isIllegalURICharacter(UChar c)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	62	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	63	// The characters described in section 2.4.3 of RFC 2396 <http://www.faqs.org/rfcs/rfc2396.html> in addition to the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	64	// single quote character "'" are considered illegal URI characters. That is, the following characters cannot appear
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	65	// in a valid URI: ', ", <, >
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	66	//
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	67	// If the request does not contain these characters then we can assume that no inline scripts have been injected
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	68	// into the response page, because it is impossible to write an inline script of the form <script>...</script>
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	69	// without "<", ">".
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	70	return (c == '\'' \|\| c == '"' \|\| c == '<' \|\| c == '>');
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	71	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	72
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	73	String XSSAuditor::CachingURLCanonicalizer::canonicalizeURL(const String& url, const TextEncoding& encoding, bool decodeEntities,
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	74	bool decodeURLEscapeSequencesTwice)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	75	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	76	if (decodeEntities == m_decodeEntities && decodeURLEscapeSequencesTwice == m_decodeURLEscapeSequencesTwice
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	77	&& encoding == m_encoding && url == m_inputURL)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	78	return m_cachedCanonicalizedURL;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	79
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	80	m_cachedCanonicalizedURL = canonicalize(decodeURL(url, encoding, decodeEntities, decodeURLEscapeSequencesTwice));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	81	m_inputURL = url;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	82	m_encoding = encoding;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	83	m_decodeEntities = decodeEntities;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	84	m_decodeURLEscapeSequencesTwice = decodeURLEscapeSequencesTwice;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	85	return m_cachedCanonicalizedURL;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	86	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	87
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	88	XSSAuditor::XSSAuditor(Frame* frame)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	89	: m_frame(frame)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	90	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	91	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	92
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	93	XSSAuditor::~XSSAuditor()
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	94	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	95	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	96
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	97	bool XSSAuditor::isEnabled() const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	98	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	99	Settings* settings = m_frame->settings();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	100	return (settings && settings->xssAuditorEnabled());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	101	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	102
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	103	bool XSSAuditor::canEvaluate(const String& code) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	104	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	105	if (!isEnabled())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	106	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	107
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	108	if (findInRequest(code, false, true)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	109	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	110	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	111	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	112	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	113	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	114	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	115
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	116	bool XSSAuditor::canEvaluateJavaScriptURL(const String& code) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	117	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	118	if (!isEnabled())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	119	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	120
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	121	if (findInRequest(code, true, false, true)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	122	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	123	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	124	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	125	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	126	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	127	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	128
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	129	bool XSSAuditor::canCreateInlineEventListener(const String&, const String& code) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	130	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	131	if (!isEnabled())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	132	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	133
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	134	if (findInRequest(code, true, true)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	135	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	136	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	137	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	138	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	139	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	140	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	141
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	142	bool XSSAuditor::canLoadExternalScriptFromSrc(const String& context, const String& url) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	143	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	144	if (!isEnabled())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	145	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	146
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	147	// If the script is loaded from the same URL as the enclosing page, it's
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	148	// probably not an XSS attack, so we reduce false positives by allowing the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	149	// script. If the script has a query string, we're more suspicious,
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	150	// however, because that's pretty rare and the attacker might be able to
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	151	// trick a server-side script into doing something dangerous with the query
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	152	// string.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	153	KURL scriptURL(m_frame->document()->url(), url);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	154	if (m_frame->document()->url().host() == scriptURL.host() && scriptURL.query().isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	155	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	156
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	157	if (findInRequest(context + url)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	158	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request.\n"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	159	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	160	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	161	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	162	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	163	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	164
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	165	bool XSSAuditor::canLoadObject(const String& url) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	166	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	167	if (!isEnabled())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	168	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	169
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	170	if (findInRequest(url)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	171	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	172	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	173	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	174	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	175	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	176	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	177
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	178	bool XSSAuditor::canSetBaseElementURL(const String& url) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	179	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	180	if (!isEnabled())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	181	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	182
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	183	KURL baseElementURL(m_frame->document()->url(), url);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	184	if (m_frame->document()->url().host() != baseElementURL.host() && findInRequest(url)) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	185	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute a JavaScript script. Source code of script found within request"));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	186	m_frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	187	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	188	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	189	return true;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	190	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	191
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	192	String XSSAuditor::canonicalize(const String& string)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	193	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	194	String result = decodeHTMLEntities(string);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	195	return result.removeCharacters(&isNonCanonicalCharacter);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	196	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	197
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	198	String XSSAuditor::decodeURL(const String& string, const TextEncoding& encoding, bool decodeEntities, bool decodeURLEscapeSequencesTwice)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	199	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	200	String result;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	201	String url = string;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	202
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	203	url.replace('+', ' ');
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	204	result = decodeURLEscapeSequences(url);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	205	CString utf8Url = result.utf8();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	206	String decodedResult = encoding.decode(utf8Url.data(), utf8Url.length());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	207	if (!decodedResult.isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	208	result = decodedResult;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	209	if (decodeURLEscapeSequencesTwice) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	210	result = decodeURLEscapeSequences(result);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	211	utf8Url = result.utf8();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	212	decodedResult = encoding.decode(utf8Url.data(), utf8Url.length());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	213	if (!decodedResult.isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	214	result = decodedResult;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	215	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	216	if (decodeEntities)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	217	result = decodeHTMLEntities(result);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	218	return result;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	219	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	220
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	221	String XSSAuditor::decodeHTMLEntities(const String& string, bool leaveUndecodableEntitiesUntouched)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	222	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	223	SegmentedString source(string);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	224	SegmentedString sourceShadow;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	225	Vector<UChar> result;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	226
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	227	while (!source.isEmpty()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	228	UChar cc = *source;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	229	source.advance();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	230
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	231	if (cc != '&') {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	232	result.append(cc);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	233	continue;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	234	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	235
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	236	if (leaveUndecodableEntitiesUntouched)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	237	sourceShadow = source;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	238	bool notEnoughCharacters = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	239	unsigned entity = PreloadScanner::consumeEntity(source, notEnoughCharacters);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	240	// We ignore notEnoughCharacters because we might as well use this loop
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	241	// to copy the remaining characters into \|result\|.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	242
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	243	if (entity > 0xFFFF) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	244	result.append(U16_LEAD(entity));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	245	result.append(U16_TRAIL(entity));
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	246	} else if (entity && (!leaveUndecodableEntitiesUntouched \|\| entity != 0xFFFD)){
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	247	result.append(entity);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	248	} else {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	249	result.append('&');
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	250	if (leaveUndecodableEntitiesUntouched)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	251	source = sourceShadow;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	252	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	253	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	254
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	255	return String::adopt(result);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	256	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	257
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	258	bool XSSAuditor::findInRequest(const String& string, bool decodeEntities, bool allowRequestIfNoIllegalURICharacters,
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	259	bool decodeURLEscapeSequencesTwice) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	260	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	261	bool result = false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	262	Frame* parentFrame = m_frame->tree()->parent();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	263	if (parentFrame && m_frame->document()->url() == blankURL())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	264	result = findInRequest(parentFrame, string, decodeEntities, allowRequestIfNoIllegalURICharacters, decodeURLEscapeSequencesTwice);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	265	if (!result)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	266	result = findInRequest(m_frame, string, decodeEntities, allowRequestIfNoIllegalURICharacters, decodeURLEscapeSequencesTwice);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	267	return result;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	268	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	269
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	270	bool XSSAuditor::findInRequest(Frame* frame, const String& string, bool decodeEntities, bool allowRequestIfNoIllegalURICharacters,
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	271	bool decodeURLEscapeSequencesTwice) const
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	272	{
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	273	ASSERT(frame->document());
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	274
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	275	if (!frame->document()->decoder()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	276	// Note, JavaScript URLs do not have a charset.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	277	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	278	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	279
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	280	if (string.isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	281	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	282
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	283	FormData* formDataObj = frame->loader()->documentLoader()->originalRequest().httpBody();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	284	String pageURL = frame->document()->url().string();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	285
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	286	if (!formDataObj && string.length() >= 2 * pageURL.length()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	287	// Q: Why do we bother to do this check at all?
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	288	// A: Canonicalizing large inline scripts can be expensive. We want to
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	289	// bail out before the call to canonicalize below, which could
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	290	// result in an unneeded allocation and memcpy.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	291	//
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	292	// Q: Why do we multiply by two here?
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	293	// A: We attempt to detect reflected XSS even when the server
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	294	// transforms the attacker's input with addSlashes. The best the
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	295	// attacker can do get the server to inflate his/her input by a
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	296	// factor of two by sending " characters, which the server
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	297	// transforms to \".
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	298	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	299	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	300
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	301	if (frame->document()->url().protocolIs("data"))
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	302	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	303
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	304	String canonicalizedString = canonicalize(string);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	305	if (canonicalizedString.isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	306	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	307
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	308	if (string.length() < pageURL.length()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	309	// The string can actually fit inside the pageURL.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	310	String decodedPageURL = m_cache.canonicalizeURL(pageURL, frame->document()->decoder()->encoding(), decodeEntities, decodeURLEscapeSequencesTwice);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	311
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	312	if (allowRequestIfNoIllegalURICharacters && (!formDataObj \|\| formDataObj->isEmpty())
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	313	&& decodedPageURL.find(&isIllegalURICharacter, 0) == -1)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	314	return false; // Injection is impossible because the request does not contain any illegal URI characters.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	315
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	316	if (decodedPageURL.find(canonicalizedString, 0, false) != -1)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	317	return true; // We've found the smoking gun.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	318	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	319
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	320	if (formDataObj && !formDataObj->isEmpty()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	321	String formData = formDataObj->flattenToString();
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	322	if (string.length() < formData.length()) {
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	323	// Notice it is sufficient to compare the length of the string to
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	324	// the url-encoded POST data because the length of the url-decoded
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	325	// code is less than or equal to the length of the url-encoded
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	326	// string.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	327	String decodedFormData = m_cache.canonicalizeURL(formData, frame->document()->decoder()->encoding(), decodeEntities, decodeURLEscapeSequencesTwice);
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	328	if (decodedFormData.find(canonicalizedString, 0, false) != -1)
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	329	return true; // We found the string in the POST data.
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	330	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	331	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	332
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	333	return false;
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	334	}
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	335
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	336	} // namespace WebCore
1918ee327afb Revision: 200952 Alex Gilkes <alex.gilkes@nokia.com> parents: diff changeset	337

author	eckhart.koppen@nokia.com
	Wed, 31 Mar 2010 11:06:36 +0300
changeset 7	f7bc934e204c
parent 0	1918ee327afb
child 30	5dc02b23752f
permissions	-rw-r--r--