Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(193)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/csp_validator.cc

Issue 9909019: Add schema chrome-extension-resource:// for extension resources (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Update Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/extensions/extension_resource_protocols.h ('K') | « chrome/common/chrome_paths.cc ('k') | chrome/common/extensions/csp_validator_unittest.cc » ('j') | chrome/common/extensions/extension_file_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/csp_validator.h" 5 #include "chrome/common/extensions/csp_validator.h"
6 6
7 #include "base/string_split.h" 7 #include "base/string_split.h"
8 #include "base/string_tokenizer.h" 8 #include "base/string_tokenizer.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 10
(...skipping 25 matching lines...) Expand all
36 StringToLowerASCII(&source); 36 StringToLowerASCII(&source);
37 37
38 if (EndsWith(source, "*", true)) 38 if (EndsWith(source, "*", true))
39 return false; 39 return false;
40 40
41 // We might need to relax this whitelist over time. 41 // We might need to relax this whitelist over time.
42 if (source == "'self'" || 42 if (source == "'self'" ||
43 source == "'none'" || 43 source == "'none'" ||
44 StartsWithASCII(source, "https://", true) || 44 StartsWithASCII(source, "https://", true) ||
45 StartsWithASCII(source, "chrome://", true) || 45 StartsWithASCII(source, "chrome://", true) ||
46 StartsWithASCII(source, "chrome-extension://", true)) { 46 StartsWithASCII(source, "chrome-extension://", true) ||
47 StartsWithASCII(source, "chrome-extension-resource:", true)) {
Aaron Boodman 2012/04/18 17:52:24 Why not "//" here too?
Peng 2012/04/18 18:29:16 Because I tried "CER://" here and default CSP, it
47 continue; 48 continue;
Tom Sepez 2012/04/18 18:03:01 There has needed to be a comment here for some tim
48 } 49 }
49 50
50 return false; 51 return false;
51 } 52 }
52 53
53 return true; // Empty values default to 'none', which is secure. 54 return true; // Empty values default to 'none', which is secure.
54 } 55 }
55 56
56 // Returns true if |directive_name| matches |status.directive_name|. 57 // Returns true if |directive_name| matches |status.directive_name|.
57 bool UpdateStatus(const std::string& directive_name, 58 bool UpdateStatus(const std::string& directive_name,
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
114 object_src_status.seen_in_policy; 115 object_src_status.seen_in_policy;
115 } 116 }
116 117
117 return default_src_status.seen_in_policy || 118 return default_src_status.seen_in_policy ||
118 (script_src_status.seen_in_policy && object_src_status.seen_in_policy); 119 (script_src_status.seen_in_policy && object_src_status.seen_in_policy);
119 } 120 }
120 121
121 } // csp_validator 122 } // csp_validator
122 123
123 } // extensions 124 } // extensions
OLDNEW
« chrome/browser/extensions/extension_resource_protocols.h ('K') | « chrome/common/chrome_paths.cc ('k') | chrome/common/extensions/csp_validator_unittest.cc » ('j') | chrome/common/extensions/extension_file_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698