tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

CSPViolationData.cpp (3268B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include "mozilla/dom/CSPViolationData.h"
      8 
      9 #include <utility>
     10 
     11 #include "mozilla/dom/Element.h"
     12 #include "mozilla/dom/nsCSPContext.h"
     13 #include "nsCharTraits.h"
     14 #include "nsContentUtils.h"
     15 
     16 namespace mozilla::dom {
     17 
     18 /* static */
     19 const nsDependentSubstring CSPViolationData::MaybeTruncateSample(
     20    const nsAString& aSample) {
     21  uint32_t length = aSample.Length();
     22  uint32_t maybeTruncatedLength = nsCSPContext::ScriptSampleMaxLength();
     23  if (length > maybeTruncatedLength) {
     24    // Don't cut off right before a low surrogate. Just include it.
     25    // TODO(bug 1935996): Should we also count previous surrogate pairs as
     26    // single characters?
     27    if (NS_IS_LOW_SURROGATE(aSample[maybeTruncatedLength])) {
     28      maybeTruncatedLength++;
     29    }
     30  }
     31  return Substring(aSample, 0, maybeTruncatedLength);
     32 }
     33 
     34 static const nsString MaybeTruncateSampleWithEllipsis(
     35    const nsAString& aSample) {
     36  const nsDependentSubstring sample =
     37      CSPViolationData::MaybeTruncateSample(aSample);
     38  return sample.Length() < aSample.Length()
     39             ? sample + nsContentUtils::GetLocalizedEllipsis()
     40             : nsString(aSample);
     41 }
     42 
     43 CSPViolationData::CSPViolationData(uint32_t aViolatedPolicyIndex,
     44                                   Resource&& aResource,
     45                                   const CSPDirective aEffectiveDirective,
     46                                   const nsACString& aSourceFile,
     47                                   uint32_t aLineNumber, uint32_t aColumnNumber,
     48                                   Element* aElement, const nsAString& aSample,
     49                                   const nsACString& aHashSHA256)
     50    : mViolatedPolicyIndex{aViolatedPolicyIndex},
     51      mResource{std::move(aResource)},
     52      mEffectiveDirective{aEffectiveDirective},
     53      mSourceFile{aSourceFile},
     54      mLineNumber{aLineNumber},
     55      mColumnNumber{aColumnNumber},
     56      mElement{aElement},
     57      // For TrustedTypesSink/TrustedTypesPolicy, sample is already truncated
     58      // and formatted in ReportSinkTypeMismatch/PolicyCreationViolations.
     59      // TODO(bug 1935996): The specifications do not mention adding an
     60      // ellipsis.
     61      mSample{(BlockedContentSourceOrUnknown() ==
     62                   BlockedContentSource::TrustedTypesSink ||
     63               BlockedContentSourceOrUnknown() ==
     64                   BlockedContentSource::TrustedTypesPolicy)
     65                  ? nsString(aSample)
     66                  : MaybeTruncateSampleWithEllipsis(aSample)},
     67      mHashSHA256{aHashSHA256} {}
     68 
     69 // Required for `mElement`, since its destructor requires a definition of
     70 // `Element`.
     71 CSPViolationData::~CSPViolationData() = default;
     72 
     73 auto CSPViolationData::BlockedContentSourceOrUnknown() const
     74    -> BlockedContentSource {
     75  return mResource.is<CSPViolationData::BlockedContentSource>()
     76             ? mResource.as<CSPViolationData::BlockedContentSource>()
     77             : CSPViolationData::BlockedContentSource::Unknown;
     78 }
     79 }  // namespace mozilla::dom