OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/dom/SpaceSplitString.h" | 10 #include "core/dom/SpaceSplitString.h" |
11 #include "core/frame/LocalFrame.h" | 11 #include "core/frame/LocalFrame.h" |
12 #include "core/inspector/ConsoleMessage.h" | 12 #include "core/inspector/ConsoleMessage.h" |
13 #include "platform/Crypto.h" | 13 #include "platform/Crypto.h" |
14 #include "platform/ParsingUtilities.h" | 14 #include "platform/ParsingUtilities.h" |
15 #include "platform/RuntimeEnabledFeatures.h" | 15 #include "platform/RuntimeEnabledFeatures.h" |
16 #include "platform/network/ContentSecurityPolicyParsers.h" | 16 #include "platform/network/ContentSecurityPolicyParsers.h" |
17 #include "platform/weborigin/KURL.h" | 17 #include "platform/weborigin/KURL.h" |
18 #include "wtf/text/Base64.h" | 18 #include "wtf/text/Base64.h" |
19 #include "wtf/text/StringUTF8Adaptor.h" | 19 #include "wtf/text/StringUTF8Adaptor.h" |
20 #include "wtf/text/WTFString.h" | 20 #include "wtf/text/WTFString.h" |
21 | 21 |
22 namespace blink { | 22 namespace blink { |
23 | 23 |
24 namespace { | 24 namespace { |
25 | 25 |
26 String getSha256String(const String& content) | 26 String getSha256String(const String& content) |
27 { | 27 { |
28 DigestValue digest; | 28 DigestValue digest; |
29 StringUTF8Adaptor normalizedContent = normalizeSource(content); | 29 StringUTF8Adaptor utf8Content(content); |
jww
2015/10/29 21:22:14
Since we're supposed to use the "script block's so
jsbell
2015/10/29 22:01:46
Acknowledged.
| |
30 bool digestSuccess = computeDigest(HashAlgorithmSha256, normalizedContent.da ta(), normalizedContent.length(), digest); | 30 bool digestSuccess = computeDigest(HashAlgorithmSha256, utf8Content.data(), utf8Content.length(), digest); |
31 if (!digestSuccess) { | 31 if (!digestSuccess) { |
32 return "sha256-..."; | 32 return "sha256-..."; |
33 } | 33 } |
34 | 34 |
35 return "sha256-" + base64Encode(reinterpret_cast<char*>(digest.data()), dige st.size(), Base64DoNotInsertLFs); | 35 return "sha256-" + base64Encode(reinterpret_cast<char*>(digest.data()), dige st.size(), Base64DoNotInsertLFs); |
36 } | 36 } |
37 | 37 |
38 } | 38 } |
39 | 39 |
40 CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 40 CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
(...skipping 756 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
797 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); | 797 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
798 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase( name, ContentSecurityPolicy::Suborigin)) { | 798 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase( name, ContentSecurityPolicy::Suborigin)) { |
799 applySuboriginPolicy(name, value); | 799 applySuboriginPolicy(name, value); |
800 } else { | 800 } else { |
801 m_policy->reportUnsupportedDirective(name); | 801 m_policy->reportUnsupportedDirective(name); |
802 } | 802 } |
803 } | 803 } |
804 | 804 |
805 | 805 |
806 } // namespace blink | 806 } // namespace blink |
OLD | NEW |