OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 935 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
946 return m_selfSource->matches(url, DidNotRedirect); | 946 return m_selfSource->matches(url, DidNotRedirect); |
947 } | 947 } |
948 | 948 |
949 bool ContentSecurityPolicy::protocolMatchesSelf(const KURL& url) const | 949 bool ContentSecurityPolicy::protocolMatchesSelf(const KURL& url) const |
950 { | 950 { |
951 if (equalIgnoringCase("http", m_selfProtocol)) | 951 if (equalIgnoringCase("http", m_selfProtocol)) |
952 return url.protocolIsInHTTPFamily(); | 952 return url.protocolIsInHTTPFamily(); |
953 return equalIgnoringCase(url.protocol(), m_selfProtocol); | 953 return equalIgnoringCase(url.protocol(), m_selfProtocol); |
954 } | 954 } |
955 | 955 |
| 956 bool ContentSecurityPolicy::selfMatchesInnerURL() const |
| 957 { |
| 958 // Due to backwards-compatibility concerns, we allow 'self' to match blob an
d filesystem URLs |
| 959 // if we're in a context that bypasses Content Security Policy in the main w
orld. |
| 960 // |
| 961 // TODO(mkwst): Revisit this once embedders have an opportunity to update th
eir extension models. |
| 962 return m_executionContext && SchemeRegistry::schemeShouldBypassContentSecuri
tyPolicy(m_executionContext->securityOrigin()->protocol()); |
| 963 } |
| 964 |
956 bool ContentSecurityPolicy::shouldBypassMainWorld(const ExecutionContext* contex
t) | 965 bool ContentSecurityPolicy::shouldBypassMainWorld(const ExecutionContext* contex
t) |
957 { | 966 { |
958 if (context && context->isDocument()) { | 967 if (context && context->isDocument()) { |
959 const Document* document = toDocument(context); | 968 const Document* document = toDocument(context); |
960 if (document->frame()) | 969 if (document->frame()) |
961 return document->frame()->script().shouldBypassMainWorldCSP(); | 970 return document->frame()->script().shouldBypassMainWorldCSP(); |
962 } | 971 } |
963 return false; | 972 return false; |
964 } | 973 } |
965 | 974 |
(...skipping 27 matching lines...) Expand all Loading... |
993 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1002 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
994 return !m_violationReportsSent.contains(report.impl()->hash()); | 1003 return !m_violationReportsSent.contains(report.impl()->hash()); |
995 } | 1004 } |
996 | 1005 |
997 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1006 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
998 { | 1007 { |
999 m_violationReportsSent.add(report.impl()->hash()); | 1008 m_violationReportsSent.add(report.impl()->hash()); |
1000 } | 1009 } |
1001 | 1010 |
1002 } // namespace blink | 1011 } // namespace blink |
OLD | NEW |