Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(712)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 1641533006: CSP: Add an experimental 'unsafe-dynamic' source expression. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Experiment. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after
456 if (m_overrideInlineStyleAllowed) 456 if (m_overrideInlineStyleAllowed)
457 return true; 457 return true;
458 return isAllowedByAllWithContextAndContent<&CSPDirectiveList::allowInlineSty le>(m_policies, contextURL, contextLine, reportingStatus, styleContent); 458 return isAllowedByAllWithContextAndContent<&CSPDirectiveList::allowInlineSty le>(m_policies, contextURL, contextLine, reportingStatus, styleContent);
459 } 459 }
460 460
461 bool ContentSecurityPolicy::allowEval(ScriptState* scriptState, ContentSecurityP olicy::ReportingStatus reportingStatus, ContentSecurityPolicy::ExceptionStatus e xceptionStatus) const 461 bool ContentSecurityPolicy::allowEval(ScriptState* scriptState, ContentSecurityP olicy::ReportingStatus reportingStatus, ContentSecurityPolicy::ExceptionStatus e xceptionStatus) const
462 { 462 {
463 return isAllowedByAllWithStateAndExceptionStatus<&CSPDirectiveList::allowEva l>(m_policies, scriptState, reportingStatus, exceptionStatus); 463 return isAllowedByAllWithStateAndExceptionStatus<&CSPDirectiveList::allowEva l>(m_policies, scriptState, reportingStatus, exceptionStatus);
464 } 464 }
465 465
466 bool ContentSecurityPolicy::allowDynamic() const
467 {
468 if (!experimentalFeaturesEnabled())
469 return false;
470 for (const auto& policy : m_policies) {
471 if (!policy->allowDynamic())
472 return false;
473 }
474 return true;
475 }
476
466 String ContentSecurityPolicy::evalDisabledErrorMessage() const 477 String ContentSecurityPolicy::evalDisabledErrorMessage() const
467 { 478 {
468 for (const auto& policy : m_policies) { 479 for (const auto& policy : m_policies) {
469 if (!policy->allowEval(0, SuppressReport)) 480 if (!policy->allowEval(0, SuppressReport))
470 return policy->evalDisabledErrorMessage(); 481 return policy->evalDisabledErrorMessage();
471 } 482 }
472 return String(); 483 return String();
473 } 484 }
474 485
475 bool ContentSecurityPolicy::allowPluginType(const String& type, const String& ty peAttribute, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingSt atus) const 486 bool ContentSecurityPolicy::allowPluginType(const String& type, const String& ty peAttribute, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingSt atus) const
(...skipping 551 matching lines...) Expand 10 before | Expand all | Expand 10 after
1027 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. 1038 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report.
1028 return !m_violationReportsSent.contains(report.impl()->hash()); 1039 return !m_violationReportsSent.contains(report.impl()->hash());
1029 } 1040 }
1030 1041
1031 void ContentSecurityPolicy::didSendViolationReport(const String& report) 1042 void ContentSecurityPolicy::didSendViolationReport(const String& report)
1032 { 1043 {
1033 m_violationReportsSent.add(report.impl()->hash()); 1044 m_violationReportsSent.add(report.impl()->hash());
1034 } 1045 }
1035 1046
1036 } // namespace blink 1047 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698