| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 231 void enforceSandboxFlags(SandboxFlags); | 231 void enforceSandboxFlags(SandboxFlags); |
| 232 void enforceSuborigin(const String&); | 232 void enforceSuborigin(const String&); |
| 233 void enforceStrictMixedContentChecking(); | 233 void enforceStrictMixedContentChecking(); |
| 234 String evalDisabledErrorMessage() const; | 234 String evalDisabledErrorMessage() const; |
| 235 | 235 |
| 236 void setInsecureRequestsPolicy(SecurityContext::InsecureRequestsPolicy); | 236 void setInsecureRequestsPolicy(SecurityContext::InsecureRequestsPolicy); |
| 237 SecurityContext::InsecureRequestsPolicy insecureRequestsPolicy() const { ret
urn m_insecureRequestsPolicy; }; | 237 SecurityContext::InsecureRequestsPolicy insecureRequestsPolicy() const { ret
urn m_insecureRequestsPolicy; }; |
| 238 | 238 |
| 239 bool urlMatchesSelf(const KURL&) const; | 239 bool urlMatchesSelf(const KURL&) const; |
| 240 bool protocolMatchesSelf(const KURL&) const; | 240 bool protocolMatchesSelf(const KURL&) const; |
| 241 bool selfMatchesInnerURL() const; |
| 241 | 242 |
| 242 bool experimentalFeaturesEnabled() const; | 243 bool experimentalFeaturesEnabled() const; |
| 243 | 244 |
| 244 bool shouldSendCSPHeader(Resource::Type) const; | 245 bool shouldSendCSPHeader(Resource::Type) const; |
| 245 | 246 |
| 246 static bool shouldBypassMainWorld(const ExecutionContext*); | 247 static bool shouldBypassMainWorld(const ExecutionContext*); |
| 247 | 248 |
| 248 static bool isDirectiveName(const String&); | 249 static bool isDirectiveName(const String&); |
| 249 | 250 |
| 250 // These functions are used to debug using ResourceContext to apply | 251 // These functions are used to debug using ResourceContext to apply |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 292 String m_disableEvalErrorMessage; | 293 String m_disableEvalErrorMessage; |
| 293 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; | 294 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; |
| 294 | 295 |
| 295 OwnPtr<CSPSource> m_selfSource; | 296 OwnPtr<CSPSource> m_selfSource; |
| 296 String m_selfProtocol; | 297 String m_selfProtocol; |
| 297 }; | 298 }; |
| 298 | 299 |
| 299 } | 300 } |
| 300 | 301 |
| 301 #endif | 302 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1178373004:
'blob:' URLs should not match 'self' in CSP source expression lists. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master