Index: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
index bf9104f2030dba5dc88bb938c9b87c8b5374bed4..8b215c7ac88d72e785acf186b205515a2191980d 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
@@ -38,6 +38,7 @@ CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& direct |
, m_allowStar(false) |
, m_allowInline(false) |
, m_allowEval(false) |
+ , m_allowDynamic(false) |
, m_hashAlgorithmsUsed(0) |
{ |
} |
@@ -73,6 +74,11 @@ bool CSPSourceList::allowEval() const |
return m_allowEval; |
} |
+bool CSPSourceList::allowDynamic() const |
+{ |
+ return m_allowDynamic; |
+} |
+ |
bool CSPSourceList::allowNonce(const String& nonce) const |
{ |
return !nonce.isNull() && m_nonces.contains(nonce); |
@@ -164,6 +170,11 @@ bool CSPSourceList::parseSource(const UChar* begin, const UChar* end, String& sc |
return true; |
} |
+ if (equalIgnoringCase("'unsafe-dynamic'", begin, end - begin)) { |
+ addSourceUnsafeDynamic(); |
+ return true; |
+ } |
+ |
String nonce; |
if (!parseNonce(begin, end, nonce)) |
return false; |
@@ -481,6 +492,11 @@ void CSPSourceList::addSourceUnsafeEval() |
m_allowEval = true; |
} |
+void CSPSourceList::addSourceUnsafeDynamic() |
+{ |
+ m_allowDynamic = true; |
+} |
+ |
void CSPSourceList::addSourceNonce(const String& nonce) |
{ |
m_nonces.add(nonce); |