Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(408)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 1923273002: CSP: Allow hashed inline event handlers only with 'unsafe-hashed-attributes' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/StyleElement.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
54 bool allowChildContextFromSource(const KURL&, ContentSecurityPolicy::Redirec tStatus, ContentSecurityPolicy::ReportingStatus) const; 54 bool allowChildContextFromSource(const KURL&, ContentSecurityPolicy::Redirec tStatus, ContentSecurityPolicy::ReportingStatus) const;
55 // |allowAncestors| does not need to know whether the resource was a 55 // |allowAncestors| does not need to know whether the resource was a
56 // result of a redirect. After a redirect, source paths are usually 56 // result of a redirect. After a redirect, source paths are usually
57 // ignored to stop a page from learning the path to which the 57 // ignored to stop a page from learning the path to which the
58 // request was redirected, but this is not a concern for ancestors, 58 // request was redirected, but this is not a concern for ancestors,
59 // because a child frame can't manipulate the URL of a cross-origin 59 // because a child frame can't manipulate the URL of a cross-origin
60 // parent. 60 // parent.
61 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti ngStatus) const; 61 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti ngStatus) const;
62 bool allowScriptNonce(const String&) const; 62 bool allowScriptNonce(const String&) const;
63 bool allowStyleNonce(const String&) const; 63 bool allowStyleNonce(const String&) const;
64 bool allowScriptHash(const CSPHashValue&) const; 64 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType) const;
65 bool allowStyleHash(const CSPHashValue&) const; 65 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType) const;
66 bool allowDynamic() const; 66 bool allowDynamic() const;
67 67
68 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM essage; } 68 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM essage; }
69 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec tedXSSDisposition; } 69 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec tedXSSDisposition; }
70 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } 70 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; }
71 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } 71 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; }
72 bool isReportOnly() const { return m_reportOnly; } 72 bool isReportOnly() const { return m_reportOnly; }
73 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } 73 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; }
74 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_ reportOnly; } 74 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_ reportOnly; }
75 75
(...skipping 28 matching lines...) Expand all
104 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const; 104 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const;
105 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const; 105 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const;
106 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const; 106 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
107 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co nst ContentSecurityPolicy::ExceptionStatus) const; 107 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co nst ContentSecurityPolicy::ExceptionStatus) const;
108 108
109 bool checkEval(SourceListDirective*) const; 109 bool checkEval(SourceListDirective*) const;
110 bool checkInline(SourceListDirective*) const; 110 bool checkInline(SourceListDirective*) const;
111 bool checkDynamic(SourceListDirective*) const; 111 bool checkDynamic(SourceListDirective*) const;
112 bool checkNonce(SourceListDirective*, const String&) const; 112 bool checkNonce(SourceListDirective*, const String&) const;
113 bool checkHash(SourceListDirective*, const CSPHashValue&) const; 113 bool checkHash(SourceListDirective*, const CSPHashValue&) const;
114 bool checkHashedAttributes(SourceListDirective*) const;
114 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R edirectStatus) const; 115 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R edirectStatus) const;
115 bool checkMediaType(MediaListDirective*, const String& type, const String& t ypeAttribute) const; 116 bool checkMediaType(MediaListDirective*, const String& type, const String& t ypeAttribute) const;
116 bool checkAncestors(SourceListDirective*, LocalFrame*) const; 117 bool checkAncestors(SourceListDirective*, LocalFrame*) const;
117 118
118 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable dErrorMessage = errorMessage; } 119 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable dErrorMessage = errorMessage; }
119 120
120 bool checkEvalAndReportViolation(SourceListDirective*, const String& console Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP olicy::WillNotThrowException) const; 121 bool checkEvalAndReportViolation(SourceListDirective*, const String& console Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP olicy::WillNotThrowException) const;
121 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool isScript, const String& hashValue) const; 122 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool isScript, const String& hashValue) const;
122 123
123 bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const String& effectiveDirective, ContentSecurityPolicy::RedirectStatus) const; 124 bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const String& effectiveDirective, ContentSecurityPolicy::RedirectStatus) const;
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
161 Member<SourceListDirective> m_styleSrc; 162 Member<SourceListDirective> m_styleSrc;
162 163
163 Vector<String> m_reportEndpoints; 164 Vector<String> m_reportEndpoints;
164 165
165 String m_evalDisabledErrorMessage; 166 String m_evalDisabledErrorMessage;
166 }; 167 };
167 168
168 } // namespace blink 169 } // namespace blink
169 170
170 #endif 171 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/StyleElement.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698