OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
7 | 7 |
8 #include "core/fetch/Resource.h" | 8 #include "core/fetch/Resource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "core/frame/csp/MediaListDirective.h" | 10 #include "core/frame/csp/MediaListDirective.h" |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 bool allowChildContextFromSource(const KURL&, ContentSecurityPolicy::Redirec
tStatus, ContentSecurityPolicy::ReportingStatus) const; | 54 bool allowChildContextFromSource(const KURL&, ContentSecurityPolicy::Redirec
tStatus, ContentSecurityPolicy::ReportingStatus) const; |
55 // |allowAncestors| does not need to know whether the resource was a | 55 // |allowAncestors| does not need to know whether the resource was a |
56 // result of a redirect. After a redirect, source paths are usually | 56 // result of a redirect. After a redirect, source paths are usually |
57 // ignored to stop a page from learning the path to which the | 57 // ignored to stop a page from learning the path to which the |
58 // request was redirected, but this is not a concern for ancestors, | 58 // request was redirected, but this is not a concern for ancestors, |
59 // because a child frame can't manipulate the URL of a cross-origin | 59 // because a child frame can't manipulate the URL of a cross-origin |
60 // parent. | 60 // parent. |
61 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; | 61 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; |
62 bool allowScriptNonce(const String&) const; | 62 bool allowScriptNonce(const String&) const; |
63 bool allowStyleNonce(const String&) const; | 63 bool allowStyleNonce(const String&) const; |
64 bool allowScriptHash(const CSPHashValue&) const; | 64 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; |
65 bool allowStyleHash(const CSPHashValue&) const; | 65 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; |
66 bool allowDynamic() const; | 66 bool allowDynamic() const; |
67 | 67 |
68 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } | 68 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } |
69 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec
tedXSSDisposition; } | 69 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec
tedXSSDisposition; } |
70 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } | 70 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } |
71 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } | 71 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } |
72 bool isReportOnly() const { return m_reportOnly; } | 72 bool isReportOnly() const { return m_reportOnly; } |
73 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } | 73 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } |
74 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } | 74 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } |
75 | 75 |
(...skipping 28 matching lines...) Expand all Loading... |
104 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; | 104 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; |
105 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; | 105 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; |
106 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; | 106 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; |
107 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; | 107 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; |
108 | 108 |
109 bool checkEval(SourceListDirective*) const; | 109 bool checkEval(SourceListDirective*) const; |
110 bool checkInline(SourceListDirective*) const; | 110 bool checkInline(SourceListDirective*) const; |
111 bool checkDynamic(SourceListDirective*) const; | 111 bool checkDynamic(SourceListDirective*) const; |
112 bool checkNonce(SourceListDirective*, const String&) const; | 112 bool checkNonce(SourceListDirective*, const String&) const; |
113 bool checkHash(SourceListDirective*, const CSPHashValue&) const; | 113 bool checkHash(SourceListDirective*, const CSPHashValue&) const; |
| 114 bool checkHashedAttributes(SourceListDirective*) const; |
114 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R
edirectStatus) const; | 115 bool checkSource(SourceListDirective*, const KURL&, ContentSecurityPolicy::R
edirectStatus) const; |
115 bool checkMediaType(MediaListDirective*, const String& type, const String& t
ypeAttribute) const; | 116 bool checkMediaType(MediaListDirective*, const String& type, const String& t
ypeAttribute) const; |
116 bool checkAncestors(SourceListDirective*, LocalFrame*) const; | 117 bool checkAncestors(SourceListDirective*, LocalFrame*) const; |
117 | 118 |
118 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable
dErrorMessage = errorMessage; } | 119 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable
dErrorMessage = errorMessage; } |
119 | 120 |
120 bool checkEvalAndReportViolation(SourceListDirective*, const String& console
Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP
olicy::WillNotThrowException) const; | 121 bool checkEvalAndReportViolation(SourceListDirective*, const String& console
Message, ScriptState*, ContentSecurityPolicy::ExceptionStatus = ContentSecurityP
olicy::WillNotThrowException) const; |
121 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso
leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool
isScript, const String& hashValue) const; | 122 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso
leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool
isScript, const String& hashValue) const; |
122 | 123 |
123 bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const
String& effectiveDirective, ContentSecurityPolicy::RedirectStatus) const; | 124 bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const
String& effectiveDirective, ContentSecurityPolicy::RedirectStatus) const; |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
161 Member<SourceListDirective> m_styleSrc; | 162 Member<SourceListDirective> m_styleSrc; |
162 | 163 |
163 Vector<String> m_reportEndpoints; | 164 Vector<String> m_reportEndpoints; |
164 | 165 |
165 String m_evalDisabledErrorMessage; | 166 String m_evalDisabledErrorMessage; |
166 }; | 167 }; |
167 | 168 |
168 } // namespace blink | 169 } // namespace blink |
169 | 170 |
170 #endif | 171 #endif |
OLD | NEW |