Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1535)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 1641533006: CSP: Add an experimental 'unsafe-dynamic' source expression. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Experiment. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 // result of a redirect. After a redirect, source paths are usually 57 // result of a redirect. After a redirect, source paths are usually
58 // ignored to stop a page from learning the path to which the 58 // ignored to stop a page from learning the path to which the
59 // request was redirected, but this is not a concern for ancestors, 59 // request was redirected, but this is not a concern for ancestors,
60 // because a child frame can't manipulate the URL of a cross-origin 60 // because a child frame can't manipulate the URL of a cross-origin
61 // parent. 61 // parent.
62 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti ngStatus) const; 62 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti ngStatus) const;
63 bool allowScriptNonce(const String&) const; 63 bool allowScriptNonce(const String&) const;
64 bool allowStyleNonce(const String&) const; 64 bool allowStyleNonce(const String&) const;
65 bool allowScriptHash(const CSPHashValue&) const; 65 bool allowScriptHash(const CSPHashValue&) const;
66 bool allowStyleHash(const CSPHashValue&) const; 66 bool allowStyleHash(const CSPHashValue&) const;
67 bool allowDynamic() const;
67 68
68 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM essage; } 69 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM essage; }
69 ReflectedXSSDisposition reflectedXSSDisposition() const { return m_reflected XSSDisposition; } 70 ReflectedXSSDisposition reflectedXSSDisposition() const { return m_reflected XSSDisposition; }
70 ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; } 71 ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; }
71 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } 72 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; }
72 bool isReportOnly() const { return m_reportOnly; } 73 bool isReportOnly() const { return m_reportOnly; }
73 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } 74 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; }
74 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_ reportOnly; } 75 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_ reportOnly; }
75 76
76 // Used to copy plugin-types into a plugin document in a nested 77 // Used to copy plugin-types into a plugin document in a nested
(...skipping 23 matching lines...) Expand all
100 101
101 SourceListDirective* operativeDirective(SourceListDirective*) const; 102 SourceListDirective* operativeDirective(SourceListDirective*) const;
102 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const; 103 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const;
103 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const; 104 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const;
104 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const; 105 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const;
105 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const; 106 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
106 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co nst ContentSecurityPolicy::ExceptionStatus) const; 107 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co nst ContentSecurityPolicy::ExceptionStatus) const;
107 108
108 bool checkEval(SourceListDirective*) const; 109 bool checkEval(SourceListDirective*) const;
109 bool checkInline(SourceListDirective*) const; 110 bool checkInline(SourceListDirective*) const;
111 bool checkDynamic(SourceListDirective*) const;
110 bool checkNonce(SourceListDirective*, const String&) const; 112 bool checkNonce(SourceListDirective*, const String&) const;
111 bool checkHash(SourceListDirective*, const CSPHashValue&) const; 113 bool checkHash(SourceListDirective*, const CSPHashValue&) const;
112 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R edirectStatus) const; 114 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R edirectStatus) const;
113 bool checkMediaType(MediaListDirective*, const String& type, const String& t ypeAttribute) const; 115 bool checkMediaType(MediaListDirective*, const String& type, const String& t ypeAttribute) const;
114 bool checkAncestors(SourceListDirective*, LocalFrame*) const; 116 bool checkAncestors(SourceListDirective*, LocalFrame*) const;
115 117
116 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable dErrorMessage = errorMessage; } 118 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable dErrorMessage = errorMessage; }
117 119
118 bool checkEvalAndReportViolation(SourceListDirective*, const String& console Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP olicy::WillNotThrowException) const; 120 bool checkEvalAndReportViolation(SourceListDirective*, const String& console Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP olicy::WillNotThrowException) const;
119 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool isScript, const String& hashValue) const; 121 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool isScript, const String& hashValue) const;
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
160 OwnPtr<SourceListDirective> m_styleSrc; 162 OwnPtr<SourceListDirective> m_styleSrc;
161 163
162 Vector<String> m_reportEndpoints; 164 Vector<String> m_reportEndpoints;
163 165
164 String m_evalDisabledErrorMessage; 166 String m_evalDisabledErrorMessage;
165 }; 167 };
166 168
167 } // namespace blink 169 } // namespace blink
168 170
169 #endif 171 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698