private void CreateXssProtection(IContentSecurityPolicyReflectedXss policy, HttpRequestArgs args) { string xssmode = String.Empty; if (policy != null) { if (!String.IsNullOrEmpty(policy.Mode)) { switch (policy.Mode.ToLower()) { case "allow": xssmode = "0"; break; case "filter": xssmode = "1"; break; case "block": default: xssmode = "1; mode=block"; break; } args.Context.Response.Headers.Add(XXssProtection, xssmode); } } }
private string GenerateReflectiveXssPolicy(IContentSecurityPolicyReflectedXss csp) { string source = String.Empty; if (csp != null) { if (!String.IsNullOrEmpty(csp.Mode)) { source = csp.Name + " " + csp.Mode + ";"; } } return(source); }
private IContentSecurityPolicyReflectedXss GetReflectedXssOptions(Item i) { IContentSecurityPolicyReflectedXss reflectedXss = null; if (i != null) { string fieldName = CspFieldIds.ReflextedXssSourceFieldId; reflectedXss = new ReflectiveXssContentSecurityPolicySource(); var optionsField = i.Fields[fieldName]; var listField = (MultilistField)optionsField; var options = listField.GetItems(); foreach (var option in options) { switch (option.Name.ToLower()) { case "allow": reflectedXss.Mode = "allow"; break; case "filter": reflectedXss.Mode = "filter"; break; case "block": reflectedXss.Mode = "block"; break; default: break; } } } return(reflectedXss); }