| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 #include "core/dom/Document.h" | 34 #include "core/dom/Document.h" |
| 35 #include "core/dom/SecurityPolicyViolationEvent.h" | 35 #include "core/dom/SecurityPolicyViolationEvent.h" |
| 36 #include "core/inspector/InspectorInstrumentation.h" | 36 #include "core/inspector/InspectorInstrumentation.h" |
| 37 #include "core/inspector/ScriptCallStack.h" | 37 #include "core/inspector/ScriptCallStack.h" |
| 38 #include "core/loader/DocumentLoader.h" | 38 #include "core/loader/DocumentLoader.h" |
| 39 #include "core/loader/PingLoader.h" | 39 #include "core/loader/PingLoader.h" |
| 40 #include "core/page/Frame.h" | 40 #include "core/page/Frame.h" |
| 41 #include "core/page/UseCounter.h" | 41 #include "core/page/UseCounter.h" |
| 42 #include "core/platform/JSONValues.h" | 42 #include "core/platform/JSONValues.h" |
| 43 #include "core/platform/network/FormData.h" | 43 #include "core/platform/network/FormData.h" |
| 44 #include "core/platform/network/ResourceResponse.h" |
| 44 #include "weborigin/KURL.h" | 45 #include "weborigin/KURL.h" |
| 45 #include "weborigin/KnownPorts.h" | 46 #include "weborigin/KnownPorts.h" |
| 46 #include "weborigin/SchemeRegistry.h" | 47 #include "weborigin/SchemeRegistry.h" |
| 47 #include "weborigin/SecurityOrigin.h" | 48 #include "weborigin/SecurityOrigin.h" |
| 48 #include "wtf/HashSet.h" | 49 #include "wtf/HashSet.h" |
| 49 #include "wtf/text/TextPosition.h" | 50 #include "wtf/text/TextPosition.h" |
| 50 #include "wtf/text/WTFString.h" | 51 #include "wtf/text/WTFString.h" |
| 51 | 52 |
| 52 namespace WebCore { | 53 namespace WebCore { |
| 53 | 54 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 156 return UseCounter::PrefixedContentSecurityPolicyReportOnly; | 157 return UseCounter::PrefixedContentSecurityPolicyReportOnly; |
| 157 case ContentSecurityPolicy::Report: | 158 case ContentSecurityPolicy::Report: |
| 158 return UseCounter::ContentSecurityPolicyReportOnly; | 159 return UseCounter::ContentSecurityPolicyReportOnly; |
| 159 } | 160 } |
| 160 ASSERT_NOT_REACHED(); | 161 ASSERT_NOT_REACHED(); |
| 161 return UseCounter::NumberOfFeatures; | 162 return UseCounter::NumberOfFeatures; |
| 162 } | 163 } |
| 163 | 164 |
| 164 } // namespace | 165 } // namespace |
| 165 | 166 |
| 167 ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders(const
ResourceResponse& response) |
| 168 : m_contentSecuitryPolicy(response.httpHeaderField("Content-Security-Policy"
)) |
| 169 , m_contentSecurityPolicyReportOnly(response.httpHeaderField("Content-Securi
ty-Policy-Report-Only")) |
| 170 , m_xWebKitCSP(response.httpHeaderField("X-WebKit-CSP")) |
| 171 , m_xWebKitCSPReportOnly(response.httpHeaderField("X-WebKit-CSP-Report-Only"
)) |
| 172 { |
| 173 } |
| 174 |
| 166 static bool skipExactly(const UChar*& position, const UChar* end, UChar delimite
r) | 175 static bool skipExactly(const UChar*& position, const UChar* end, UChar delimite
r) |
| 167 { | 176 { |
| 168 if (position < end && *position == delimiter) { | 177 if (position < end && *position == delimiter) { |
| 169 ++position; | 178 ++position; |
| 170 return true; | 179 return true; |
| 171 } | 180 } |
| 172 return false; | 181 return false; |
| 173 } | 182 } |
| 174 | 183 |
| 175 template<bool characterPredicate(UChar)> | 184 template<bool characterPredicate(UChar)> |
| (...skipping 1233 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1409 } | 1418 } |
| 1410 | 1419 |
| 1411 ContentSecurityPolicy::~ContentSecurityPolicy() | 1420 ContentSecurityPolicy::~ContentSecurityPolicy() |
| 1412 { | 1421 { |
| 1413 } | 1422 } |
| 1414 | 1423 |
| 1415 void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other) | 1424 void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other) |
| 1416 { | 1425 { |
| 1417 ASSERT(m_policies.isEmpty()); | 1426 ASSERT(m_policies.isEmpty()); |
| 1418 for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin()
; iter != other->m_policies.end(); ++iter) | 1427 for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin()
; iter != other->m_policies.end(); ++iter) |
| 1419 didReceiveHeader((*iter)->header(), (*iter)->headerType()); | 1428 addPolicyFromHeaderValue((*iter)->header(), (*iter)->headerType()); |
| 1429 } |
| 1430 |
| 1431 void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyRespons
eHeaders& headers) |
| 1432 { |
| 1433 if (!headers.contentSecurityPolicy().isEmpty()) |
| 1434 didReceiveHeader(headers.contentSecurityPolicy(), ContentSecurityPolicy:
:Enforce); |
| 1435 if (!headers.contentSecurityPolicyReportOnly().isEmpty()) |
| 1436 didReceiveHeader(headers.contentSecurityPolicyReportOnly(), ContentSecur
ityPolicy::Report); |
| 1437 if (!headers.xWebKitCSP().isEmpty()) |
| 1438 didReceiveHeader(headers.xWebKitCSP(), ContentSecurityPolicy::PrefixedEn
force); |
| 1439 if (!headers.xWebKitCSPReportOnly().isEmpty()) |
| 1440 didReceiveHeader(headers.xWebKitCSPReportOnly(), ContentSecurityPolicy::
PrefixedReport); |
| 1420 } | 1441 } |
| 1421 | 1442 |
| 1422 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType ty
pe) | 1443 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType ty
pe) |
| 1423 { | 1444 { |
| 1445 addPolicyFromHeaderValue(header, type); |
| 1446 } |
| 1447 |
| 1448 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Heade
rType type) |
| 1449 { |
| 1424 if (m_scriptExecutionContext->isDocument()) { | 1450 if (m_scriptExecutionContext->isDocument()) { |
| 1425 Document* document = toDocument(m_scriptExecutionContext); | 1451 Document* document = toDocument(m_scriptExecutionContext); |
| 1426 if (type == PrefixedReport || type == PrefixedEnforce) | 1452 if (type == PrefixedReport || type == PrefixedEnforce) |
| 1427 UseCounter::countDeprecation(document, getUseCounterType(type)); | 1453 UseCounter::countDeprecation(document, getUseCounterType(type)); |
| 1428 else | 1454 else |
| 1429 UseCounter::count(document, getUseCounterType(type)); | 1455 UseCounter::count(document, getUseCounterType(type)); |
| 1430 } | 1456 } |
| 1431 | 1457 |
| 1432 Vector<UChar> characters; | 1458 Vector<UChar> characters; |
| 1433 header.appendTo(characters); | 1459 header.appendTo(characters); |
| (...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1867 { | 1893 { |
| 1868 if (context && context->isDocument()) { | 1894 if (context && context->isDocument()) { |
| 1869 Document* document = toDocument(context); | 1895 Document* document = toDocument(context); |
| 1870 if (document->frame()) | 1896 if (document->frame()) |
| 1871 return document->frame()->script()->shouldBypassMainWorldContentSecu
rityPolicy(); | 1897 return document->frame()->script()->shouldBypassMainWorldContentSecu
rityPolicy(); |
| 1872 } | 1898 } |
| 1873 return false; | 1899 return false; |
| 1874 } | 1900 } |
| 1875 | 1901 |
| 1876 } | 1902 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19940002:
[HTML Import] Respect Content Security Policy Model (Closed)
Base URL: svn://svn.chromium.org/blink/trunk