OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/dom/SecurityContext.h" | 8 #include "core/dom/SecurityContext.h" |
9 #include "core/dom/SpaceSplitString.h" | 9 #include "core/dom/SpaceSplitString.h" |
10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
125 return !directive || directive->allowNonce(nonce); | 125 return !directive || directive->allowNonce(nonce); |
126 } | 126 } |
127 | 127 |
128 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const | 128 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const |
129 { | 129 { |
130 return !directive || directive->allowHash(hashValue); | 130 return !directive || directive->allowHash(hashValue); |
131 } | 131 } |
132 | 132 |
133 bool CSPDirectiveList::checkDynamic(SourceListDirective* directive) const | 133 bool CSPDirectiveList::checkDynamic(SourceListDirective* directive) const |
134 { | 134 { |
135 if (!m_policy->experimentalFeaturesEnabled()) | |
136 return false; | |
137 return !directive || directive->allowDynamic(); | 135 return !directive || directive->allowDynamic(); |
138 } | 136 } |
139 | 137 |
140 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus) const | 138 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus) const |
141 { | 139 { |
142 // If |url| is empty, fall back to the policy URL to ensure that <object>'s | 140 // If |url| is empty, fall back to the policy URL to ensure that <object>'s |
143 // without a `src` can be blocked/allowed, as they can still load plugins | 141 // without a `src` can be blocked/allowed, as they can still load plugins |
144 // even though they don't actually have a URL. | 142 // even though they don't actually have a URL. |
145 return !directive || directive->allows(url.isEmpty() ? m_policy->url() : url
, redirectStatus); | 143 return !directive || directive->allows(url.isEmpty() ? m_policy->url() : url
, redirectStatus); |
146 } | 144 } |
(...skipping 682 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
829 visitor->trace(m_imgSrc); | 827 visitor->trace(m_imgSrc); |
830 visitor->trace(m_mediaSrc); | 828 visitor->trace(m_mediaSrc); |
831 visitor->trace(m_manifestSrc); | 829 visitor->trace(m_manifestSrc); |
832 visitor->trace(m_objectSrc); | 830 visitor->trace(m_objectSrc); |
833 visitor->trace(m_scriptSrc); | 831 visitor->trace(m_scriptSrc); |
834 visitor->trace(m_styleSrc); | 832 visitor->trace(m_styleSrc); |
835 } | 833 } |
836 | 834 |
837 | 835 |
838 } // namespace blink | 836 } // namespace blink |
OLD | NEW |