Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceList.h

Issue 1361763005: Disallow CSP source * matching of data:, blob:, and filesystem: URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master
Patch Set: Better extensions fix Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-wildcards-disallowed.html ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPSourceList_h 5 #ifndef CSPSourceList_h
6 #define CSPSourceList_h 6 #define CSPSourceList_h
7 7
8 #include "core/CoreExport.h" 8 #include "core/CoreExport.h"
9 #include "core/frame/csp/CSPSource.h" 9 #include "core/frame/csp/CSPSource.h"
10 #include "platform/Crypto.h" 10 #include "platform/Crypto.h"
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); 43 bool parseNonce(const UChar* begin, const UChar* end, String& nonce);
44 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont entSecurityPolicyHashAlgorithm&); 44 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont entSecurityPolicyHashAlgorithm&);
45 45
46 void addSourceSelf(); 46 void addSourceSelf();
47 void addSourceStar(); 47 void addSourceStar();
48 void addSourceUnsafeInline(); 48 void addSourceUnsafeInline();
49 void addSourceUnsafeEval(); 49 void addSourceUnsafeEval();
50 void addSourceNonce(const String& nonce); 50 void addSourceNonce(const String& nonce);
51 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa lue& hash); 51 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa lue& hash);
52 52
53 bool hasSourceMatchInList(const KURL&, ContentSecurityPolicy::RedirectStatus ) const;
54
53 ContentSecurityPolicy* m_policy; 55 ContentSecurityPolicy* m_policy;
54 Vector<CSPSource> m_list; 56 Vector<CSPSource> m_list;
55 String m_directiveName; 57 String m_directiveName;
56 bool m_allowSelf; 58 bool m_allowSelf;
57 bool m_allowStar; 59 bool m_allowStar;
58 bool m_allowInline; 60 bool m_allowInline;
59 bool m_allowEval; 61 bool m_allowEval;
60 HashSet<String> m_nonces; 62 HashSet<String> m_nonces;
61 HashSet<CSPHashValue> m_hashes; 63 HashSet<CSPHashValue> m_hashes;
62 uint8_t m_hashAlgorithmsUsed; 64 uint8_t m_hashAlgorithmsUsed;
63 }; 65 };
64 66
65 67
66 } // namespace blink 68 } // namespace blink
67 69
68 #endif 70 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-wildcards-disallowed.html ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698