third_party/WebKit/Source/core/frame/csp/CSPSourceList.h - Issue 1641533006: CSP: Add an experimental 'unsafe-dynamic' source expression.

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceList.h

Issue 1641533006: CSP: Add an experimental 'unsafe-dynamic' source expression. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Experiment. Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CSPSourceList_h	5 #ifndef CSPSourceList_h

6 #define CSPSourceList_h	6 #define CSPSourceList_h

7	7

8 #include "core/CoreExport.h"	8 #include "core/CoreExport.h"

9 #include "core/frame/csp/CSPSource.h"	9 #include "core/frame/csp/CSPSource.h"

10 #include "platform/Crypto.h"	10 #include "platform/Crypto.h"

(...skipping 11 matching lines...) Expand all Loading...
22 DISALLOW_NEW();	22 DISALLOW_NEW();

23 WTF_MAKE_NONCOPYABLE(CSPSourceList);	23 WTF_MAKE_NONCOPYABLE(CSPSourceList);

24 public:	24 public:

25 CSPSourceList(ContentSecurityPolicy*, const String& directiveName);	25 CSPSourceList(ContentSecurityPolicy*, const String& directiveName);

26	26

27 void parse(const UChar* begin, const UChar* end);	27 void parse(const UChar* begin, const UChar* end);

28	28

29 bool matches(const KURL&, ContentSecurityPolicy::RedirectStatus = ContentSec urityPolicy::DidNotRedirect) const;	29 bool matches(const KURL&, ContentSecurityPolicy::RedirectStatus = ContentSec urityPolicy::DidNotRedirect) const;

30 bool allowInline() const;	30 bool allowInline() const;

31 bool allowEval() const;	31 bool allowEval() const;

	32 bool allowDynamic() const;

32 bool allowNonce(const String&) const;	33 bool allowNonce(const String&) const;

33 bool allowHash(const CSPHashValue&) const;	34 bool allowHash(const CSPHashValue&) const;

34 uint8_t hashAlgorithmsUsed() const;	35 uint8_t hashAlgorithmsUsed() const;

35	36

36 bool isHashOrNoncePresent() const;	37 bool isHashOrNoncePresent() const;

37	38

38 private:	39 private:

39 bool parseSource(const UChar* begin, const UChar* end, String& scheme, Strin g& host, int& port, String& path, CSPSource::WildcardDisposition&, CSPSource::Wi ldcardDisposition&);	40 bool parseSource(const UChar* begin, const UChar* end, String& scheme, Strin g& host, int& port, String& path, CSPSource::WildcardDisposition&, CSPSource::Wi ldcardDisposition&);

40 bool parseScheme(const UChar* begin, const UChar* end, String& scheme);	41 bool parseScheme(const UChar* begin, const UChar* end, String& scheme);

41 bool parseHost(const UChar* begin, const UChar* end, String& host, CSPSource ::WildcardDisposition&);	42 bool parseHost(const UChar* begin, const UChar* end, String& host, CSPSource ::WildcardDisposition&);

42 bool parsePort(const UChar* begin, const UChar* end, int& port, CSPSource::W ildcardDisposition&);	43 bool parsePort(const UChar* begin, const UChar* end, int& port, CSPSource::W ildcardDisposition&);

43 bool parsePath(const UChar* begin, const UChar* end, String& path);	44 bool parsePath(const UChar* begin, const UChar* end, String& path);

44 bool parseNonce(const UChar* begin, const UChar* end, String& nonce);	45 bool parseNonce(const UChar* begin, const UChar* end, String& nonce);

45 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont entSecurityPolicyHashAlgorithm&);	46 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont entSecurityPolicyHashAlgorithm&);

46	47

47 void addSourceSelf();	48 void addSourceSelf();

48 void addSourceStar();	49 void addSourceStar();

49 void addSourceUnsafeInline();	50 void addSourceUnsafeInline();

50 void addSourceUnsafeEval();	51 void addSourceUnsafeEval();

	52 void addSourceUnsafeDynamic();

51 void addSourceNonce(const String& nonce);	53 void addSourceNonce(const String& nonce);

52 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa lue& hash);	54 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa lue& hash);

53	55

54 bool hasSourceMatchInList(const KURL&, ContentSecurityPolicy::RedirectStatus ) const;	56 bool hasSourceMatchInList(const KURL&, ContentSecurityPolicy::RedirectStatus ) const;

55	57

56 // TODO(Oilpan): consider moving ContentSecurityPolicy auxilliary objects to the heap.	58 // TODO(Oilpan): consider moving ContentSecurityPolicy auxilliary objects to the heap.

57 RawPtrWillBeUntracedMember<ContentSecurityPolicy> m_policy;	59 RawPtrWillBeUntracedMember<ContentSecurityPolicy> m_policy;

58 Vector<CSPSource> m_list;	60 Vector<CSPSource> m_list;

59 String m_directiveName;	61 String m_directiveName;

60 bool m_allowSelf;	62 bool m_allowSelf;

61 bool m_allowStar;	63 bool m_allowStar;

62 bool m_allowInline;	64 bool m_allowInline;

63 bool m_allowEval;	65 bool m_allowEval;

	66 bool m_allowDynamic;

64 HashSet<String> m_nonces;	67 HashSet<String> m_nonces;

65 HashSet<CSPHashValue> m_hashes;	68 HashSet<CSPHashValue> m_hashes;

66 uint8_t m_hashAlgorithmsUsed;	69 uint8_t m_hashAlgorithmsUsed;

67 };	70 };

68	71

69	72

70 } // namespace blink	73 } // namespace blink

71	74

72 #endif	75 #endif

OLD	NEW