diff options
Diffstat (limited to 'src/3rdparty/webkit/WebCore/page/XSSAuditor.h')
-rw-r--r-- | src/3rdparty/webkit/WebCore/page/XSSAuditor.h | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/3rdparty/webkit/WebCore/page/XSSAuditor.h b/src/3rdparty/webkit/WebCore/page/XSSAuditor.h index 7974d1c823..6c6a56c2b6 100644 --- a/src/3rdparty/webkit/WebCore/page/XSSAuditor.h +++ b/src/3rdparty/webkit/WebCore/page/XSSAuditor.h @@ -74,13 +74,17 @@ namespace WebCore { // based on the content of any user-submitted data. bool canEvaluate(const String& sourceCode) const; + // Determines whether the JavaScript URL should be allowed or denied execution + // based on the content of any user-submitted data. + bool canEvaluateJavaScriptURL(const String& code) const; + // Determines whether the event listener should be created based on the // content of any user-submitted data. bool canCreateInlineEventListener(const String& functionName, const String& code) const; // Determines whether the external script should be loaded based on the // content of any user-submitted data. - bool canLoadExternalScriptFromSrc(const String& url) const; + bool canLoadExternalScriptFromSrc(const String& context, const String& url) const; // Determines whether object should be loaded based on the content of // any user-submitted data. @@ -88,12 +92,24 @@ namespace WebCore { // This method is called by FrameLoader::requestObject. bool canLoadObject(const String& url) const; + // Determines whether the base URL should be changed based on the content + // of any user-submitted data. + // + // This method is called by HTMLBaseElement::process. + bool canSetBaseElementURL(const String& url) const; + private: - static String decodeURL(const String& url, const TextEncoding& encoding = UTF8Encoding(), bool allowControlCharacters = false); + static String decodeURL(const String& url, const TextEncoding& encoding = UTF8Encoding(), bool allowNullCharacters = false, + bool allowNonNullControlCharacters = true, bool decodeHTMLentities = true, + bool leaveUndecodableHTMLEntitiesUntouched = false); + + static String decodeHTMLEntities(const String&, bool leaveUndecodableHTMLEntitiesUntouched = false); - bool findInRequest(const String&) const; + bool findInRequest(const String&, bool matchNullCharacters = true, bool matchNonNullControlCharacters = true, + bool decodeHTMLentities = true, bool leaveUndecodableHTMLEntitiesUntouched = false) const; - bool findInRequest(Frame*, const String&) const; + bool findInRequest(Frame*, const String&, bool matchNullCharacters = true, bool matchNonNullControlCharacters = true, + bool decodeHTMLentities = true, bool leaveUndecodableHTMLEntitiesUntouched = false) const; // The frame to audit. Frame* m_frame; |