OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
7 | 7 |
8 #include "core/fetch/Resource.h" | 8 #include "core/fetch/Resource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "core/frame/csp/MediaListDirective.h" | 10 #include "core/frame/csp/MediaListDirective.h" |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
57 // result of a redirect. After a redirect, source paths are usually | 57 // result of a redirect. After a redirect, source paths are usually |
58 // ignored to stop a page from learning the path to which the | 58 // ignored to stop a page from learning the path to which the |
59 // request was redirected, but this is not a concern for ancestors, | 59 // request was redirected, but this is not a concern for ancestors, |
60 // because a child frame can't manipulate the URL of a cross-origin | 60 // because a child frame can't manipulate the URL of a cross-origin |
61 // parent. | 61 // parent. |
62 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; | 62 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; |
63 bool allowScriptNonce(const String&) const; | 63 bool allowScriptNonce(const String&) const; |
64 bool allowStyleNonce(const String&) const; | 64 bool allowStyleNonce(const String&) const; |
65 bool allowScriptHash(const CSPHashValue&) const; | 65 bool allowScriptHash(const CSPHashValue&) const; |
66 bool allowStyleHash(const CSPHashValue&) const; | 66 bool allowStyleHash(const CSPHashValue&) const; |
| 67 bool allowDynamic() const; |
67 | 68 |
68 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } | 69 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } |
69 ReflectedXSSDisposition reflectedXSSDisposition() const { return m_reflected
XSSDisposition; } | 70 ReflectedXSSDisposition reflectedXSSDisposition() const { return m_reflected
XSSDisposition; } |
70 ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; } | 71 ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; } |
71 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } | 72 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } |
72 bool isReportOnly() const { return m_reportOnly; } | 73 bool isReportOnly() const { return m_reportOnly; } |
73 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } | 74 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } |
74 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } | 75 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } |
75 | 76 |
76 // Used to copy plugin-types into a plugin document in a nested | 77 // Used to copy plugin-types into a plugin document in a nested |
(...skipping 23 matching lines...) Expand all Loading... |
100 | 101 |
101 SourceListDirective* operativeDirective(SourceListDirective*) const; | 102 SourceListDirective* operativeDirective(SourceListDirective*) const; |
102 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; | 103 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; |
103 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; | 104 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; |
104 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; | 105 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; |
105 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; | 106 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; |
106 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; | 107 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; |
107 | 108 |
108 bool checkEval(SourceListDirective*) const; | 109 bool checkEval(SourceListDirective*) const; |
109 bool checkInline(SourceListDirective*) const; | 110 bool checkInline(SourceListDirective*) const; |
| 111 bool checkDynamic(SourceListDirective*) const; |
110 bool checkNonce(SourceListDirective*, const String&) const; | 112 bool checkNonce(SourceListDirective*, const String&) const; |
111 bool checkHash(SourceListDirective*, const CSPHashValue&) const; | 113 bool checkHash(SourceListDirective*, const CSPHashValue&) const; |
112 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R
edirectStatus) const; | 114 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R
edirectStatus) const; |
113 bool checkMediaType(MediaListDirective*, const String& type, const String& t
ypeAttribute) const; | 115 bool checkMediaType(MediaListDirective*, const String& type, const String& t
ypeAttribute) const; |
114 bool checkAncestors(SourceListDirective*, LocalFrame*) const; | 116 bool checkAncestors(SourceListDirective*, LocalFrame*) const; |
115 | 117 |
116 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable
dErrorMessage = errorMessage; } | 118 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable
dErrorMessage = errorMessage; } |
117 | 119 |
118 bool checkEvalAndReportViolation(SourceListDirective*, const String& console
Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP
olicy::WillNotThrowException) const; | 120 bool checkEvalAndReportViolation(SourceListDirective*, const String& console
Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP
olicy::WillNotThrowException) const; |
119 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso
leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool
isScript, const String& hashValue) const; | 121 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso
leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool
isScript, const String& hashValue) const; |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 OwnPtr<SourceListDirective> m_styleSrc; | 162 OwnPtr<SourceListDirective> m_styleSrc; |
161 | 163 |
162 Vector<String> m_reportEndpoints; | 164 Vector<String> m_reportEndpoints; |
163 | 165 |
164 String m_evalDisabledErrorMessage; | 166 String m_evalDisabledErrorMessage; |
165 }; | 167 }; |
166 | 168 |
167 } // namespace blink | 169 } // namespace blink |
168 | 170 |
169 #endif | 171 #endif |
OLD | NEW |