OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2012 Google, Inc. All rights reserved. | 2 * Copyright (C) 2012 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
63 if (!isPolicyActiveInContext(context)) | 63 if (!isPolicyActiveInContext(context)) |
64 return true; | 64 return true; |
65 | 65 |
66 KURL parsedURL = context->completeURL(url); | 66 KURL parsedURL = context->completeURL(url); |
67 if (!parsedURL.isValid()) | 67 if (!parsedURL.isValid()) |
68 return false; // FIXME: Figure out how to throw a JavaScript error. | 68 return false; // FIXME: Figure out how to throw a JavaScript error. |
69 | 69 |
70 return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, ContentS ecurityPolicy::SuppressReport); | 70 return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, ContentS ecurityPolicy::SuppressReport); |
71 } | 71 } |
72 | 72 |
73 template<bool (ContentSecurityPolicy::*allowWithURLAndNonce)(const KURL&, const String&, ContentSecurityPolicy::ReportingStatus) const> | |
74 bool isAllowedWithURLAndNonce(ScriptExecutionContext* context, const String& url , const String& nonce) | |
75 { | |
76 if (!isPolicyActiveInContext(context)) | |
77 return true; | |
78 | |
79 KURL parsedURL = context->completeURL(url); | |
80 if (!parsedURL.isValid()) | |
81 return false; // FIXME: Figure out how to throw a JavaScript error. | |
82 | |
83 return (context->contentSecurityPolicy()->*allowWithURLAndNonce)(parsedURL, nonce, ContentSecurityPolicy::SuppressReport); | |
84 } | |
85 | |
86 template<bool (ContentSecurityPolicy::*allowWithNonce)(const String&, const Stri ng&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const> | |
87 bool isAllowedWithNonce(ScriptExecutionContext* context, const String& nonce) | |
88 { | |
89 if (!isPolicyActiveInContext(context)) | |
90 return true; | |
91 | |
92 return (context->contentSecurityPolicy()->*allowWithNonce)(nonce, String(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport); | |
93 } | |
94 | |
73 template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WT F::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const> | 95 template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WT F::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const> |
74 bool isAllowed(ScriptExecutionContext* context) | 96 bool isAllowed(ScriptExecutionContext* context) |
75 { | 97 { |
76 if (!isPolicyActiveInContext(context)) | 98 if (!isPolicyActiveInContext(context)) |
77 return true; | 99 return true; |
78 | 100 |
79 return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF:: OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport); | 101 return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF:: OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport); |
80 } | 102 } |
81 | |
abarth-chromium
2013/05/14 05:58:16
You should leave this blank line.
jww
2013/05/14 20:49:30
Done.
| |
82 } // namespace | 103 } // namespace |
83 | 104 |
84 DOMSecurityPolicy::DOMSecurityPolicy(ScriptExecutionContext* context) | 105 DOMSecurityPolicy::DOMSecurityPolicy(ScriptExecutionContext* context) |
85 : ContextDestructionObserver(context) | 106 : ContextDestructionObserver(context) |
86 { | 107 { |
87 } | 108 } |
88 | 109 |
89 DOMSecurityPolicy::~DOMSecurityPolicy() | 110 DOMSecurityPolicy::~DOMSecurityPolicy() |
90 { | 111 { |
91 } | 112 } |
92 | 113 |
93 bool DOMSecurityPolicy::isActive() const | 114 bool DOMSecurityPolicy::isActive() const |
94 { | 115 { |
95 return isPolicyActiveInContext(scriptExecutionContext()); | 116 return isPolicyActiveInContext(scriptExecutionContext()); |
96 } | 117 } |
97 | 118 |
98 PassRefPtr<DOMStringList> DOMSecurityPolicy::reportURIs() const | 119 PassRefPtr<DOMStringList> DOMSecurityPolicy::reportURIs() const |
99 { | 120 { |
100 RefPtr<DOMStringList> result = DOMStringList::create(); | 121 RefPtr<DOMStringList> result = DOMStringList::create(); |
101 | 122 |
102 if (isActive()) | 123 if (isActive()) |
103 scriptExecutionContext()->contentSecurityPolicy()->gatherReportURIs(*res ult.get()); | 124 scriptExecutionContext()->contentSecurityPolicy()->gatherReportURIs(*res ult.get()); |
104 | 125 |
105 return result.release(); | 126 return result.release(); |
106 } | 127 } |
107 | 128 |
108 bool DOMSecurityPolicy::allowsInlineScript() const | 129 bool DOMSecurityPolicy::allowsInlineScript() const |
109 { | 130 { |
110 return isAllowed<&ContentSecurityPolicy::allowInlineScript>(scriptExecutionC ontext()); | 131 return isAllowedWithNonce<&ContentSecurityPolicy::allowInlineScript>(scriptE xecutionContext(), String()); |
111 } | 132 } |
112 | 133 |
113 bool DOMSecurityPolicy::allowsInlineStyle() const | 134 bool DOMSecurityPolicy::allowsInlineStyle() const |
114 { | 135 { |
115 return isAllowed<&ContentSecurityPolicy::allowInlineStyle>(scriptExecutionCo ntext()); | 136 return isAllowed<&ContentSecurityPolicy::allowInlineStyle>(scriptExecutionCo ntext()); |
116 } | 137 } |
117 | 138 |
118 bool DOMSecurityPolicy::allowsEval() const | 139 bool DOMSecurityPolicy::allowsEval() const |
119 { | 140 { |
120 if (!isActive()) | 141 if (!isActive()) |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
159 return isAllowedWithURL<&ContentSecurityPolicy::allowObjectFromSource>(scrip tExecutionContext(), url); | 180 return isAllowedWithURL<&ContentSecurityPolicy::allowObjectFromSource>(scrip tExecutionContext(), url); |
160 } | 181 } |
161 | 182 |
162 bool DOMSecurityPolicy::allowsPluginType(const String& type) const | 183 bool DOMSecurityPolicy::allowsPluginType(const String& type) const |
163 { | 184 { |
164 return isAllowedWithType<&ContentSecurityPolicy::allowPluginType>(scriptExec utionContext(), type); | 185 return isAllowedWithType<&ContentSecurityPolicy::allowPluginType>(scriptExec utionContext(), type); |
165 } | 186 } |
166 | 187 |
167 bool DOMSecurityPolicy::allowsScriptFrom(const String& url) const | 188 bool DOMSecurityPolicy::allowsScriptFrom(const String& url) const |
168 { | 189 { |
169 return isAllowedWithURL<&ContentSecurityPolicy::allowScriptFromSource>(scrip tExecutionContext(), url); | 190 return isAllowedWithURLAndNonce<&ContentSecurityPolicy::allowScriptFromSourc e>(scriptExecutionContext(), url, String()); |
170 } | 191 } |
171 | 192 |
172 bool DOMSecurityPolicy::allowsStyleFrom(const String& url) const | 193 bool DOMSecurityPolicy::allowsStyleFrom(const String& url) const |
173 { | 194 { |
174 return isAllowedWithURL<&ContentSecurityPolicy::allowStyleFromSource>(script ExecutionContext(), url); | 195 return isAllowedWithURL<&ContentSecurityPolicy::allowStyleFromSource>(script ExecutionContext(), url); |
175 } | 196 } |
176 | 197 |
177 } // namespace WebCore | 198 } // namespace WebCore |
OLD | NEW |