private void CreateXssProtection(IContentSecurityPolicyReflectedXss policy, HttpRequestArgs args)
{
string xssmode = String.Empty;
if (policy != null)
{
if (!String.IsNullOrEmpty(policy.Mode))
{
switch (policy.Mode.ToLower())
{
case "allow":
xssmode = "0";
break;
case "filter":
xssmode = "1";
break;
case "block":
default:
xssmode = "1; mode=block";
break;
}
args.Context.Response.Headers.Add(XXssProtection, xssmode);
}
}
}
private string GenerateReflectiveXssPolicy(IContentSecurityPolicyReflectedXss csp)
{
string source = String.Empty;
if (csp != null)
{
if (!String.IsNullOrEmpty(csp.Mode))
{
source = csp.Name + " " + csp.Mode + ";";
}
}
return(source);
}
private IContentSecurityPolicyReflectedXss GetReflectedXssOptions(Item i)
{
IContentSecurityPolicyReflectedXss reflectedXss = null;
if (i != null)
{
string fieldName = CspFieldIds.ReflextedXssSourceFieldId;
reflectedXss = new ReflectiveXssContentSecurityPolicySource();
var optionsField = i.Fields[fieldName];
var listField = (MultilistField)optionsField;
var options = listField.GetItems();
foreach (var option in options)
{
switch (option.Name.ToLower())
{
case "allow":
reflectedXss.Mode = "allow";
break;
case "filter":
reflectedXss.Mode = "filter";
break;
case "block":
reflectedXss.Mode = "block";
break;
default:
break;
}
}
}
return(reflectedXss);
}
