OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPSourceList_h | 5 #ifndef CSPSourceList_h |
6 #define CSPSourceList_h | 6 #define CSPSourceList_h |
7 | 7 |
8 #include "core/CoreExport.h" | 8 #include "core/CoreExport.h" |
9 #include "core/frame/csp/CSPSource.h" | 9 #include "core/frame/csp/CSPSource.h" |
10 #include "platform/Crypto.h" | 10 #include "platform/Crypto.h" |
(...skipping 11 matching lines...) Expand all Loading... |
22 DISALLOW_NEW(); | 22 DISALLOW_NEW(); |
23 WTF_MAKE_NONCOPYABLE(CSPSourceList); | 23 WTF_MAKE_NONCOPYABLE(CSPSourceList); |
24 public: | 24 public: |
25 CSPSourceList(ContentSecurityPolicy*, const String& directiveName); | 25 CSPSourceList(ContentSecurityPolicy*, const String& directiveName); |
26 | 26 |
27 void parse(const UChar* begin, const UChar* end); | 27 void parse(const UChar* begin, const UChar* end); |
28 | 28 |
29 bool matches(const KURL&, ContentSecurityPolicy::RedirectStatus = ContentSec
urityPolicy::DidNotRedirect) const; | 29 bool matches(const KURL&, ContentSecurityPolicy::RedirectStatus = ContentSec
urityPolicy::DidNotRedirect) const; |
30 bool allowInline() const; | 30 bool allowInline() const; |
31 bool allowEval() const; | 31 bool allowEval() const; |
| 32 bool allowDynamic() const; |
32 bool allowNonce(const String&) const; | 33 bool allowNonce(const String&) const; |
33 bool allowHash(const CSPHashValue&) const; | 34 bool allowHash(const CSPHashValue&) const; |
34 uint8_t hashAlgorithmsUsed() const; | 35 uint8_t hashAlgorithmsUsed() const; |
35 | 36 |
36 bool isHashOrNoncePresent() const; | 37 bool isHashOrNoncePresent() const; |
37 | 38 |
38 private: | 39 private: |
39 bool parseSource(const UChar* begin, const UChar* end, String& scheme, Strin
g& host, int& port, String& path, CSPSource::WildcardDisposition&, CSPSource::Wi
ldcardDisposition&); | 40 bool parseSource(const UChar* begin, const UChar* end, String& scheme, Strin
g& host, int& port, String& path, CSPSource::WildcardDisposition&, CSPSource::Wi
ldcardDisposition&); |
40 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); | 41 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); |
41 bool parseHost(const UChar* begin, const UChar* end, String& host, CSPSource
::WildcardDisposition&); | 42 bool parseHost(const UChar* begin, const UChar* end, String& host, CSPSource
::WildcardDisposition&); |
42 bool parsePort(const UChar* begin, const UChar* end, int& port, CSPSource::W
ildcardDisposition&); | 43 bool parsePort(const UChar* begin, const UChar* end, int& port, CSPSource::W
ildcardDisposition&); |
43 bool parsePath(const UChar* begin, const UChar* end, String& path); | 44 bool parsePath(const UChar* begin, const UChar* end, String& path); |
44 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); | 45 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); |
45 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont
entSecurityPolicyHashAlgorithm&); | 46 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont
entSecurityPolicyHashAlgorithm&); |
46 | 47 |
47 void addSourceSelf(); | 48 void addSourceSelf(); |
48 void addSourceStar(); | 49 void addSourceStar(); |
49 void addSourceUnsafeInline(); | 50 void addSourceUnsafeInline(); |
50 void addSourceUnsafeEval(); | 51 void addSourceUnsafeEval(); |
| 52 void addSourceUnsafeDynamic(); |
51 void addSourceNonce(const String& nonce); | 53 void addSourceNonce(const String& nonce); |
52 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa
lue& hash); | 54 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa
lue& hash); |
53 | 55 |
54 bool hasSourceMatchInList(const KURL&, ContentSecurityPolicy::RedirectStatus
) const; | 56 bool hasSourceMatchInList(const KURL&, ContentSecurityPolicy::RedirectStatus
) const; |
55 | 57 |
56 // TODO(Oilpan): consider moving ContentSecurityPolicy auxilliary objects to
the heap. | 58 // TODO(Oilpan): consider moving ContentSecurityPolicy auxilliary objects to
the heap. |
57 RawPtrWillBeUntracedMember<ContentSecurityPolicy> m_policy; | 59 RawPtrWillBeUntracedMember<ContentSecurityPolicy> m_policy; |
58 Vector<CSPSource> m_list; | 60 Vector<CSPSource> m_list; |
59 String m_directiveName; | 61 String m_directiveName; |
60 bool m_allowSelf; | 62 bool m_allowSelf; |
61 bool m_allowStar; | 63 bool m_allowStar; |
62 bool m_allowInline; | 64 bool m_allowInline; |
63 bool m_allowEval; | 65 bool m_allowEval; |
| 66 bool m_allowDynamic; |
64 HashSet<String> m_nonces; | 67 HashSet<String> m_nonces; |
65 HashSet<CSPHashValue> m_hashes; | 68 HashSet<CSPHashValue> m_hashes; |
66 uint8_t m_hashAlgorithmsUsed; | 69 uint8_t m_hashAlgorithmsUsed; |
67 }; | 70 }; |
68 | 71 |
69 | 72 |
70 } // namespace blink | 73 } // namespace blink |
71 | 74 |
72 #endif | 75 #endif |
OLD | NEW |