| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber&
contextLine, ReportingStatus = SendReport) const; | 152 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber&
contextLine, ReportingStatus = SendReport) const; |
| 153 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu
mber& contextLine, ReportingStatus = SendReport) const; | 153 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu
mber& contextLine, ReportingStatus = SendReport) const; |
| 154 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c
ontextLine, const String& scriptContent, ReportingStatus = SendReport) const; | 154 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c
ontextLine, const String& scriptContent, ReportingStatus = SendReport) const; |
| 155 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co
ntextLine, const String& styleContent, ReportingStatus = SendReport) const; | 155 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co
ntextLine, const String& styleContent, ReportingStatus = SendReport) const; |
| 156 // When the reporting status is |SendReport|, the |ExceptionStatus| | 156 // When the reporting status is |SendReport|, the |ExceptionStatus| |
| 157 // should indicate whether the caller will throw a JavaScript | 157 // should indicate whether the caller will throw a JavaScript |
| 158 // exception in the event of a violation. When the caller will throw | 158 // exception in the event of a violation. When the caller will throw |
| 159 // an exception, ContentSecurityPolicy does not log a violation | 159 // an exception, ContentSecurityPolicy does not log a violation |
| 160 // message to the console because it would be redundant. | 160 // message to the console because it would be redundant. |
| 161 bool allowEval(ScriptState* = nullptr, ReportingStatus = SendReport, Excepti
onStatus = WillNotThrowException) const; | 161 bool allowEval(ScriptState* = nullptr, ReportingStatus = SendReport, Excepti
onStatus = WillNotThrowException) const; |
| 162 bool allowDynamic() const; |
| 162 bool allowPluginType(const String& type, const String& typeAttribute, const
KURL&, ReportingStatus = SendReport) const; | 163 bool allowPluginType(const String& type, const String& typeAttribute, const
KURL&, ReportingStatus = SendReport) const; |
| 163 // Checks whether the plugin type should be allowed in the given | 164 // Checks whether the plugin type should be allowed in the given |
| 164 // document; enforces the CSP rule that PluginDocuments inherit | 165 // document; enforces the CSP rule that PluginDocuments inherit |
| 165 // plugin-types directives from the parent document. | 166 // plugin-types directives from the parent document. |
| 166 bool allowPluginTypeForDocument(const Document&, const String& type, const S
tring& typeAttribute, const KURL&, ReportingStatus = SendReport) const; | 167 bool allowPluginTypeForDocument(const Document&, const String& type, const S
tring& typeAttribute, const KURL&, ReportingStatus = SendReport) const; |
| 167 | 168 |
| 168 bool allowScriptFromSource(const KURL&, RedirectStatus = DidNotRedirect, Rep
ortingStatus = SendReport) const; | 169 bool allowScriptFromSource(const KURL&, RedirectStatus = DidNotRedirect, Rep
ortingStatus = SendReport) const; |
| 169 bool allowObjectFromSource(const KURL&, RedirectStatus = DidNotRedirect, Rep
ortingStatus = SendReport) const; | 170 bool allowObjectFromSource(const KURL&, RedirectStatus = DidNotRedirect, Rep
ortingStatus = SendReport) const; |
| 170 bool allowChildFrameFromSource(const KURL&, RedirectStatus = DidNotRedirect,
ReportingStatus = SendReport) const; | 171 bool allowChildFrameFromSource(const KURL&, RedirectStatus = DidNotRedirect,
ReportingStatus = SendReport) const; |
| 171 bool allowImageFromSource(const KURL&, RedirectStatus = DidNotRedirect, Repo
rtingStatus = SendReport) const; | 172 bool allowImageFromSource(const KURL&, RedirectStatus = DidNotRedirect, Repo
rtingStatus = SendReport) const; |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 307 String m_disableEvalErrorMessage; | 308 String m_disableEvalErrorMessage; |
| 308 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; | 309 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; |
| 309 | 310 |
| 310 OwnPtr<CSPSource> m_selfSource; | 311 OwnPtr<CSPSource> m_selfSource; |
| 311 String m_selfProtocol; | 312 String m_selfProtocol; |
| 312 }; | 313 }; |
| 313 | 314 |
| 314 } // namespace blink | 315 } // namespace blink |
| 315 | 316 |
| 316 #endif | 317 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1641533006:
CSP: Add an experimental 'unsafe-dynamic' source expression. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master