OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
11 * documentation and/or other materials provided with the distribution. | 11 * documentation and/or other materials provided with the distribution. |
12 * | 12 * |
13 * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY | 13 * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY |
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR | 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR |
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 */ | 24 */ |
25 | 25 |
26 #ifndef ContentSecurityPolicy_h | 26 #ifndef ContentSecurityPolicy_h |
27 #define ContentSecurityPolicy_h | 27 #define ContentSecurityPolicy_h |
28 | 28 |
29 #include "bindings/v8/ScriptState.h" | 29 #include "bindings/v8/ScriptState.h" |
| 30 #include "core/dom/Document.h" |
30 #include "platform/network/HTTPParsers.h" | 31 #include "platform/network/HTTPParsers.h" |
31 #include "platform/weborigin/ReferrerPolicy.h" | 32 #include "platform/weborigin/ReferrerPolicy.h" |
32 #include "wtf/HashSet.h" | 33 #include "wtf/HashSet.h" |
33 #include "wtf/PassOwnPtr.h" | 34 #include "wtf/PassOwnPtr.h" |
34 #include "wtf/Vector.h" | 35 #include "wtf/Vector.h" |
35 #include "wtf/text/StringHash.h" | 36 #include "wtf/text/StringHash.h" |
36 #include "wtf/text/TextPosition.h" | 37 #include "wtf/text/TextPosition.h" |
37 #include "wtf/text/WTFString.h" | 38 #include "wtf/text/WTFString.h" |
38 | 39 |
39 namespace WTF { | 40 namespace WTF { |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
155 KURL completeURL(const String&) const; | 156 KURL completeURL(const String&) const; |
156 SecurityOrigin* securityOrigin() const; | 157 SecurityOrigin* securityOrigin() const; |
157 void enforceSandboxFlags(SandboxFlags) const; | 158 void enforceSandboxFlags(SandboxFlags) const; |
158 String evalDisabledErrorMessage() const; | 159 String evalDisabledErrorMessage() const; |
159 String styleEvalDisabledErrorMessage() const; | 160 String styleEvalDisabledErrorMessage() const; |
160 | 161 |
161 bool experimentalFeaturesEnabled() const; | 162 bool experimentalFeaturesEnabled() const; |
162 | 163 |
163 static bool shouldBypassMainWorld(ExecutionContext*); | 164 static bool shouldBypassMainWorld(ExecutionContext*); |
164 | 165 |
165 ExecutionContextClient* client() { return m_client; } | 166 ExecutionContextClient* client() const { return m_client; } |
| 167 Document* document() const { return client()->isDocument() ? toDocument(clie
nt()) : 0; } |
166 | 168 |
167 private: | 169 private: |
168 explicit ContentSecurityPolicy(ExecutionContextClient*); | 170 explicit ContentSecurityPolicy(ExecutionContextClient*); |
169 | 171 |
170 void logToConsole(const String& message) const; | 172 void logToConsole(const String& message) const; |
171 void addPolicyFromHeaderValue(const String&, HeaderType, HeaderSource); | 173 void addPolicyFromHeaderValue(const String&, HeaderType, HeaderSource); |
172 | 174 |
173 bool shouldSendViolationReport(const String&) const; | 175 bool shouldSendViolationReport(const String&) const; |
174 void didSendViolationReport(const String&); | 176 void didSendViolationReport(const String&); |
175 | 177 |
176 ExecutionContextClient* m_client; | 178 ExecutionContextClient* m_client; |
177 bool m_overrideInlineStyleAllowed; | 179 bool m_overrideInlineStyleAllowed; |
178 CSPDirectiveListVector m_policies; | 180 CSPDirectiveListVector m_policies; |
179 | 181 |
180 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 182 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
181 | 183 |
182 // We put the hash functions used on the policy object so that we only need | 184 // We put the hash functions used on the policy object so that we only need |
183 // to calculate a hash once and then distribute it to all of the directives | 185 // to calculate a hash once and then distribute it to all of the directives |
184 // for validation. | 186 // for validation. |
185 uint8_t m_scriptHashAlgorithmsUsed; | 187 uint8_t m_scriptHashAlgorithmsUsed; |
186 uint8_t m_styleHashAlgorithmsUsed; | 188 uint8_t m_styleHashAlgorithmsUsed; |
187 }; | 189 }; |
188 | 190 |
189 } | 191 } |
190 | 192 |
191 #endif | 193 #endif |
OLD | NEW |