Contents

module SecureHeaders
  class XXssProtectionBuildError < StandardError; end
  class XXssProtection < Header
    module Constants
      X_XSS_PROTECTION_HEADER_NAME = 'X-XSS-Protection'
      DEFAULT_VALUE = "1"
      VALID_X_XSS_HEADER = /\A[01](; mode=block)?\z/i
    end
    include Constants

    def initialize(config=nil)
      @config = config
      validate_config unless @config.nil?
    end

    def name
      X_XSS_PROTECTION_HEADER_NAME
    end

    def value
      case @config
      when NilClass
        DEFAULT_VALUE
      when String
        @config
      else
        value = @config[:value].to_s
        value += "; mode=#{@config[:mode]}" if @config[:mode]
        value
      end
    end

    private

    def validate_config
      if @config.is_a? Hash
        if !@config[:value]
          raise XXssProtectionBuildError.new(":value key is missing")
        elsif @config[:value]
          unless [0,1].include?(@config[:value].to_i)
            raise XXssProtectionBuildError.new(":value must be 1 or 0")
          end

          if @config[:mode] && @config[:mode].casecmp('block') != 0
            raise XXssProtectionBuildError.new(":mode must nil or 'block'")
          end
        end
      elsif @config.is_a? String
        raise XXssProtectionBuildError.new("Invalid format (see VALID_X_XSS_HEADER)") unless @config =~ VALID_X_XSS_HEADER
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version	Path
secure_headers-1.3.3	lib/secure_headers/headers/x_xss_protection.rb
secure_headers-1.3.2	lib/secure_headers/headers/x_xss_protection.rb
secure_headers-1.3.1	lib/secure_headers/headers/x_xss_protection.rb
secure_headers-1.3.0	lib/secure_headers/headers/x_xss_protection.rb
secure_headers-1.2.0	lib/secure_headers/headers/x_xss_protection.rb
secure_headers-1.1.1	lib/secure_headers/headers/x_xss_protection.rb
secure_headers-1.1.0	lib/secure_headers/headers/x_xss_protection.rb
secure_headers-1.0.0	lib/secure_headers/headers/x_xss_protection.rb