| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/csp_validator.h" | 5 #include "extensions/common/csp_validator.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/strings/string_split.h" | 9 #include "base/strings/string_split.h" |
| 10 #include "base/strings/string_tokenizer.h" | 10 #include "base/strings/string_tokenizer.h" |
| (...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 285 AllowedToHaveInsecureObjectSrc(options, directives); | 285 AllowedToHaveInsecureObjectSrc(options, directives); |
| 286 | 286 |
| 287 std::vector<std::string> sane_csp_parts; | 287 std::vector<std::string> sane_csp_parts; |
| 288 std::vector<InstallWarning> default_src_csp_warnings; | 288 std::vector<InstallWarning> default_src_csp_warnings; |
| 289 for (size_t i = 0; i < directives.size(); ++i) { | 289 for (size_t i = 0; i < directives.size(); ++i) { |
| 290 std::string& input = directives[i]; | 290 std::string& input = directives[i]; |
| 291 base::StringTokenizer tokenizer(input, " \t\r\n"); | 291 base::StringTokenizer tokenizer(input, " \t\r\n"); |
| 292 if (!tokenizer.GetNext()) | 292 if (!tokenizer.GetNext()) |
| 293 continue; | 293 continue; |
| 294 | 294 |
| 295 std::string directive_name = tokenizer.token(); | 295 std::string directive_name = base::ToLowerASCII(tokenizer.token_piece()); |
| 296 base::StringToLowerASCII(&directive_name); | |
| 297 | |
| 298 if (UpdateStatus(directive_name, &tokenizer, &default_src_status, options, | 296 if (UpdateStatus(directive_name, &tokenizer, &default_src_status, options, |
| 299 &sane_csp_parts, &default_src_csp_warnings)) | 297 &sane_csp_parts, &default_src_csp_warnings)) |
| 300 continue; | 298 continue; |
| 301 if (UpdateStatus(directive_name, &tokenizer, &script_src_status, options, | 299 if (UpdateStatus(directive_name, &tokenizer, &script_src_status, options, |
| 302 &sane_csp_parts, warnings)) | 300 &sane_csp_parts, warnings)) |
| 303 continue; | 301 continue; |
| 304 if (!allow_insecure_object_src && | 302 if (!allow_insecure_object_src && |
| 305 UpdateStatus(directive_name, &tokenizer, &object_src_status, options, | 303 UpdateStatus(directive_name, &tokenizer, &object_src_status, options, |
| 306 &sane_csp_parts, warnings)) | 304 &sane_csp_parts, warnings)) |
| 307 continue; | 305 continue; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 bool ContentSecurityPolicyIsSandboxed( | 339 bool ContentSecurityPolicyIsSandboxed( |
| 342 const std::string& policy, Manifest::Type type) { | 340 const std::string& policy, Manifest::Type type) { |
| 343 // See http://www.w3.org/TR/CSP/#parse-a-csp-policy for parsing algorithm. | 341 // See http://www.w3.org/TR/CSP/#parse-a-csp-policy for parsing algorithm. |
| 344 bool seen_sandbox = false; | 342 bool seen_sandbox = false; |
| 345 for (const std::string& input : base::SplitString( | 343 for (const std::string& input : base::SplitString( |
| 346 policy, ";", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) { | 344 policy, ";", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) { |
| 347 base::StringTokenizer tokenizer(input, " \t\r\n"); | 345 base::StringTokenizer tokenizer(input, " \t\r\n"); |
| 348 if (!tokenizer.GetNext()) | 346 if (!tokenizer.GetNext()) |
| 349 continue; | 347 continue; |
| 350 | 348 |
| 351 std::string directive_name = tokenizer.token(); | 349 std::string directive_name = base::ToLowerASCII(tokenizer.token_piece()); |
| 352 base::StringToLowerASCII(&directive_name); | |
| 353 | |
| 354 if (directive_name != kSandboxDirectiveName) | 350 if (directive_name != kSandboxDirectiveName) |
| 355 continue; | 351 continue; |
| 356 | 352 |
| 357 seen_sandbox = true; | 353 seen_sandbox = true; |
| 358 | 354 |
| 359 while (tokenizer.GetNext()) { | 355 while (tokenizer.GetNext()) { |
| 360 std::string token = tokenizer.token(); | 356 std::string token = base::ToLowerASCII(tokenizer.token_piece()); |
| 361 base::StringToLowerASCII(&token); | |
| 362 | 357 |
| 363 // The same origin token negates the sandboxing. | 358 // The same origin token negates the sandboxing. |
| 364 if (token == kAllowSameOriginToken) | 359 if (token == kAllowSameOriginToken) |
| 365 return false; | 360 return false; |
| 366 | 361 |
| 367 // Platform apps don't allow navigation. | 362 // Platform apps don't allow navigation. |
| 368 if (type == Manifest::TYPE_PLATFORM_APP) { | 363 if (type == Manifest::TYPE_PLATFORM_APP) { |
| 369 if (token == kAllowTopNavigation) | 364 if (token == kAllowTopNavigation) |
| 370 return false; | 365 return false; |
| 371 } | 366 } |
| 372 } | 367 } |
| 373 } | 368 } |
| 374 | 369 |
| 375 return seen_sandbox; | 370 return seen_sandbox; |
| 376 } | 371 } |
| 377 | 372 |
| 378 } // namespace csp_validator | 373 } // namespace csp_validator |
| 379 | 374 |
| 380 } // namespace extensions | 375 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1282363003:
Convert remaining StringToLowerASCII to ToLowerASCII (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master