Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(574)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/CSPSource.cpp

Issue 1362813002: CSP source *.x.y should not match host x.y (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-11.html ('k') | Source/core/frame/csp/CSPSourceListTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/csp/CSPSource.h" 6 #include "core/frame/csp/CSPSource.h"
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "platform/weborigin/KURL.h" 9 #include "platform/weborigin/KURL.h"
10 #include "platform/weborigin/KnownPorts.h" 10 #include "platform/weborigin/KnownPorts.h"
(...skipping 26 matching lines...) Expand all
37 bool CSPSource::schemeMatches(const KURL& url) const 37 bool CSPSource::schemeMatches(const KURL& url) const
38 { 38 {
39 if (m_scheme.isEmpty()) 39 if (m_scheme.isEmpty())
40 return m_policy->protocolMatchesSelf(url); 40 return m_policy->protocolMatchesSelf(url);
41 return equalIgnoringCase(url.protocol(), m_scheme); 41 return equalIgnoringCase(url.protocol(), m_scheme);
42 } 42 }
43 43
44 bool CSPSource::hostMatches(const KURL& url) const 44 bool CSPSource::hostMatches(const KURL& url) const
45 { 45 {
46 const String& host = url.host(); 46 const String& host = url.host();
47 if (equalIgnoringCase(host, m_host))
48 return true;
49 return m_hostWildcard == HasWildcard && host.endsWith("." + m_host, TextCase Insensitive);
50 47
48 if (m_hostWildcard == HasWildcard)
49 return host.endsWith("." + m_host, TextCaseInsensitive);
Mike West 2015/09/23 04:36:49 Can you add a counter here as well, tracking the n
jww 2015/09/23 05:33:10 Done.
50
51 return equalIgnoringCase(host, m_host);
51 } 52 }
52 53
53 bool CSPSource::pathMatches(const KURL& url) const 54 bool CSPSource::pathMatches(const KURL& url) const
54 { 55 {
55 if (m_path.isEmpty()) 56 if (m_path.isEmpty())
56 return true; 57 return true;
57 58
58 String path = decodeURLEscapeSequences(url.path()); 59 String path = decodeURLEscapeSequences(url.path());
59 60
60 if (m_path.endsWith("/")) 61 if (m_path.endsWith("/"))
(...skipping 20 matching lines...) Expand all
81 82
82 return false; 83 return false;
83 } 84 }
84 85
85 bool CSPSource::isSchemeOnly() const 86 bool CSPSource::isSchemeOnly() const
86 { 87 {
87 return m_host.isEmpty(); 88 return m_host.isEmpty();
88 } 89 }
89 90
90 } // namespace 91 } // namespace
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-11.html ('k') | Source/core/frame/csp/CSPSourceListTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698