Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(296)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/page/ContentSecurityPolicy.h

Issue 19940002: [HTML Import] Respect Content Security Policy Model (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Fix Mac build failure Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/loader/cache/ResourceFetcher.cpp ('k') | Source/core/page/ContentSecurityPolicy.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 23 matching lines...) Expand all
34 34
35 namespace WTF { 35 namespace WTF {
36 class OrdinalNumber; 36 class OrdinalNumber;
37 } 37 }
38 38
39 namespace WebCore { 39 namespace WebCore {
40 40
41 class CSPDirectiveList; 41 class CSPDirectiveList;
42 class DOMStringList; 42 class DOMStringList;
43 class KURL; 43 class KURL;
44 class ResourceResponse;
44 class ScriptExecutionContext; 45 class ScriptExecutionContext;
45 class SecurityOrigin; 46 class SecurityOrigin;
46 47
47 typedef int SandboxFlags; 48 typedef int SandboxFlags;
48 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; 49 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
49 50
51 class ContentSecurityPolicyResponseHeaders {
52 public:
53 ContentSecurityPolicyResponseHeaders() { }
54 explicit ContentSecurityPolicyResponseHeaders(const ResourceResponse&);
55
56 const String& contentSecurityPolicy() const { return m_contentSecuitryPolicy ; }
57 const String& contentSecurityPolicyReportOnly() const { return m_contentSecu rityPolicyReportOnly; }
58 const String& xWebKitCSP() const { return m_xWebKitCSP; }
59 const String& xWebKitCSPReportOnly() const { return m_xWebKitCSPReportOnly; }
60
61 private:
62 String m_contentSecuitryPolicy;
63 String m_contentSecurityPolicyReportOnly;
64 String m_xWebKitCSP;
65 String m_xWebKitCSPReportOnly;
66 };
67
50 class ContentSecurityPolicy { 68 class ContentSecurityPolicy {
51 WTF_MAKE_FAST_ALLOCATED; 69 WTF_MAKE_FAST_ALLOCATED;
52 public: 70 public:
53 static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scri ptExecutionContext) 71 static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scri ptExecutionContext)
54 { 72 {
55 return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext)); 73 return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext));
56 } 74 }
57 ~ContentSecurityPolicy(); 75 ~ContentSecurityPolicy();
58 76
59 void copyStateFrom(const ContentSecurityPolicy*); 77 void copyStateFrom(const ContentSecurityPolicy*);
(...skipping 12 matching lines...) Expand all
72 90
73 // Be sure to update the behavior of XSSAuditor::combineXSSProtectionHeaderA ndCSP whenever you change this enum's content or ordering. 91 // Be sure to update the behavior of XSSAuditor::combineXSSProtectionHeaderA ndCSP whenever you change this enum's content or ordering.
74 enum ReflectedXSSDisposition { 92 enum ReflectedXSSDisposition {
75 ReflectedXSSUnset = 0, 93 ReflectedXSSUnset = 0,
76 AllowReflectedXSS, 94 AllowReflectedXSS,
77 ReflectedXSSInvalid, 95 ReflectedXSSInvalid,
78 FilterReflectedXSS, 96 FilterReflectedXSS,
79 BlockReflectedXSS 97 BlockReflectedXSS
80 }; 98 };
81 99
100 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
82 void didReceiveHeader(const String&, HeaderType); 101 void didReceiveHeader(const String&, HeaderType);
83 102
84 // These functions are wrong because they assume that there is only one head er. 103 // These functions are wrong because they assume that there is only one head er.
85 // FIXME: Replace them with functions that return vectors. 104 // FIXME: Replace them with functions that return vectors.
86 const String& deprecatedHeader() const; 105 const String& deprecatedHeader() const;
87 HeaderType deprecatedHeaderType() const; 106 HeaderType deprecatedHeaderType() const;
88 107
89 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 108 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
90 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const; 109 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const;
91 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const; 110 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const;
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
134 String evalDisabledErrorMessage() const; 153 String evalDisabledErrorMessage() const;
135 154
136 bool experimentalFeaturesEnabled() const; 155 bool experimentalFeaturesEnabled() const;
137 156
138 static bool shouldBypassMainWorld(ScriptExecutionContext*); 157 static bool shouldBypassMainWorld(ScriptExecutionContext*);
139 158
140 private: 159 private:
141 explicit ContentSecurityPolicy(ScriptExecutionContext*); 160 explicit ContentSecurityPolicy(ScriptExecutionContext*);
142 161
143 void logToConsole(const String& message, const String& contextURL = String() , const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), Scr iptState* = 0) const; 162 void logToConsole(const String& message, const String& contextURL = String() , const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), Scr iptState* = 0) const;
163 void addPolicyFromHeaderValue(const String&, HeaderType);
144 164
145 ScriptExecutionContext* m_scriptExecutionContext; 165 ScriptExecutionContext* m_scriptExecutionContext;
146 bool m_overrideInlineStyleAllowed; 166 bool m_overrideInlineStyleAllowed;
147 CSPDirectiveListVector m_policies; 167 CSPDirectiveListVector m_policies;
148 }; 168 };
149 169
150 } 170 }
151 171
152 #endif 172 #endif
OLDNEW
« no previous file with comments | « Source/core/loader/cache/ResourceFetcher.cpp ('k') | Source/core/page/ContentSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698