| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
| 6 | 6 |
| 7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
| 8 #include "core/dom/SecurityContext.h" | 8 #include "core/dom/SecurityContext.h" |
| 9 #include "core/dom/SpaceSplitString.h" | 9 #include "core/dom/SpaceSplitString.h" |
| 10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 return !directive || directive->allowNonce(nonce); | 125 return !directive || directive->allowNonce(nonce); |
| 126 } | 126 } |
| 127 | 127 |
| 128 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const | 128 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const |
| 129 { | 129 { |
| 130 return !directive || directive->allowHash(hashValue); | 130 return !directive || directive->allowHash(hashValue); |
| 131 } | 131 } |
| 132 | 132 |
| 133 bool CSPDirectiveList::checkDynamic(SourceListDirective* directive) const | 133 bool CSPDirectiveList::checkDynamic(SourceListDirective* directive) const |
| 134 { | 134 { |
| 135 if (!m_policy->experimentalFeaturesEnabled()) | |
| 136 return false; | |
| 137 return !directive || directive->allowDynamic(); | 135 return !directive || directive->allowDynamic(); |
| 138 } | 136 } |
| 139 | 137 |
| 140 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus) const | 138 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus) const |
| 141 { | 139 { |
| 142 // If |url| is empty, fall back to the policy URL to ensure that <object>'s | 140 // If |url| is empty, fall back to the policy URL to ensure that <object>'s |
| 143 // without a `src` can be blocked/allowed, as they can still load plugins | 141 // without a `src` can be blocked/allowed, as they can still load plugins |
| 144 // even though they don't actually have a URL. | 142 // even though they don't actually have a URL. |
| 145 return !directive || directive->allows(url.isEmpty() ? m_policy->url() : url
, redirectStatus); | 143 return !directive || directive->allows(url.isEmpty() ? m_policy->url() : url
, redirectStatus); |
| 146 } | 144 } |
| (...skipping 682 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 829 visitor->trace(m_imgSrc); | 827 visitor->trace(m_imgSrc); |
| 830 visitor->trace(m_mediaSrc); | 828 visitor->trace(m_mediaSrc); |
| 831 visitor->trace(m_manifestSrc); | 829 visitor->trace(m_manifestSrc); |
| 832 visitor->trace(m_objectSrc); | 830 visitor->trace(m_objectSrc); |
| 833 visitor->trace(m_scriptSrc); | 831 visitor->trace(m_scriptSrc); |
| 834 visitor->trace(m_styleSrc); | 832 visitor->trace(m_styleSrc); |
| 835 } | 833 } |
| 836 | 834 |
| 837 | 835 |
| 838 } // namespace blink | 836 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1893293005:
Ship the 'unsafe-dynamic' CSP source expression. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master