Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(58)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceList.h

Issue 1923273002: CSP: Allow hashed inline event handlers only with 'unsafe-hashed-attributes' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPSourceList_h 5 #ifndef CSPSourceList_h
6 #define CSPSourceList_h 6 #define CSPSourceList_h
7 7
8 #include "core/CoreExport.h" 8 #include "core/CoreExport.h"
9 #include "core/frame/csp/CSPSource.h" 9 #include "core/frame/csp/CSPSource.h"
10 #include "platform/Crypto.h" 10 #include "platform/Crypto.h"
(...skipping 15 matching lines...) Expand all
26 DECLARE_TRACE(); 26 DECLARE_TRACE();
27 27
28 void parse(const UChar* begin, const UChar* end); 28 void parse(const UChar* begin, const UChar* end);
29 29
30 bool matches(const KURL&, ContentSecurityPolicy::RedirectStatus = ContentSec urityPolicy::DidNotRedirect) const; 30 bool matches(const KURL&, ContentSecurityPolicy::RedirectStatus = ContentSec urityPolicy::DidNotRedirect) const;
31 bool allowInline() const; 31 bool allowInline() const;
32 bool allowEval() const; 32 bool allowEval() const;
33 bool allowDynamic() const; 33 bool allowDynamic() const;
34 bool allowNonce(const String&) const; 34 bool allowNonce(const String&) const;
35 bool allowHash(const CSPHashValue&) const; 35 bool allowHash(const CSPHashValue&) const;
36 bool allowHashedAttributes() const;
36 uint8_t hashAlgorithmsUsed() const; 37 uint8_t hashAlgorithmsUsed() const;
37 38
38 bool isHashOrNoncePresent() const; 39 bool isHashOrNoncePresent() const;
39 40
40 private: 41 private:
41 bool parseSource(const UChar* begin, const UChar* end, String& scheme, Strin g& host, int& port, String& path, CSPSource::WildcardDisposition&, CSPSource::Wi ldcardDisposition&); 42 bool parseSource(const UChar* begin, const UChar* end, String& scheme, Strin g& host, int& port, String& path, CSPSource::WildcardDisposition&, CSPSource::Wi ldcardDisposition&);
42 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); 43 bool parseScheme(const UChar* begin, const UChar* end, String& scheme);
43 bool parseHost(const UChar* begin, const UChar* end, String& host, CSPSource ::WildcardDisposition&); 44 bool parseHost(const UChar* begin, const UChar* end, String& host, CSPSource ::WildcardDisposition&);
44 bool parsePort(const UChar* begin, const UChar* end, int& port, CSPSource::W ildcardDisposition&); 45 bool parsePort(const UChar* begin, const UChar* end, int& port, CSPSource::W ildcardDisposition&);
45 bool parsePath(const UChar* begin, const UChar* end, String& path); 46 bool parsePath(const UChar* begin, const UChar* end, String& path);
46 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); 47 bool parseNonce(const UChar* begin, const UChar* end, String& nonce);
47 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont entSecurityPolicyHashAlgorithm&); 48 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, Cont entSecurityPolicyHashAlgorithm&);
48 49
49 void addSourceSelf(); 50 void addSourceSelf();
50 void addSourceStar(); 51 void addSourceStar();
51 void addSourceUnsafeInline(); 52 void addSourceUnsafeInline();
52 void addSourceUnsafeEval(); 53 void addSourceUnsafeEval();
53 void addSourceUnsafeDynamic(); 54 void addSourceUnsafeDynamic();
55 void addSourceUnsafeHashedAttributes();
54 void addSourceNonce(const String& nonce); 56 void addSourceNonce(const String& nonce);
55 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa lue& hash); 57 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestVa lue& hash);
56 58
57 bool hasSourceMatchInList(const KURL&, ContentSecurityPolicy::RedirectStatus ) const; 59 bool hasSourceMatchInList(const KURL&, ContentSecurityPolicy::RedirectStatus ) const;
58 60
59 Member<ContentSecurityPolicy> m_policy; 61 Member<ContentSecurityPolicy> m_policy;
60 HeapVector<Member<CSPSource>> m_list; 62 HeapVector<Member<CSPSource>> m_list;
61 String m_directiveName; 63 String m_directiveName;
62 bool m_allowSelf; 64 bool m_allowSelf;
63 bool m_allowStar; 65 bool m_allowStar;
64 bool m_allowInline; 66 bool m_allowInline;
65 bool m_allowEval; 67 bool m_allowEval;
66 bool m_allowDynamic; 68 bool m_allowDynamic;
69 bool m_allowHashedAttributes;
67 HashSet<String> m_nonces; 70 HashSet<String> m_nonces;
68 HashSet<CSPHashValue> m_hashes; 71 HashSet<CSPHashValue> m_hashes;
69 uint8_t m_hashAlgorithmsUsed; 72 uint8_t m_hashAlgorithmsUsed;
70 }; 73 };
71 74
72 75
73 } // namespace blink 76 } // namespace blink
74 77
75 #endif 78 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698