Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ui/webui/ntp/new_tab_ui.cc

Issue 2003963004: Enable CSP on more WebUI pages (Closed) Base URL: https://chromium.googlesource.com/a/chromium/src.git@master
Patch Set: revert devtools, fix comments, split methods Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/ui/webui/interstitials/interstitial_ui.cc ('K') | « chrome/browser/ui/webui/ntp/new_tab_ui.h ('k') | chrome/browser/ui/webui/system_info_ui.cc » ('j') | chrome/browser/ui/webui/system_info_ui.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ui/webui/ntp/new_tab_ui.h" 5 #include "chrome/browser/ui/webui/ntp/new_tab_ui.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/i18n/rtl.h" 9 #include "base/i18n/rtl.h"
10 #include "base/memory/ref_counted_memory.h" 10 #include "base/memory/ref_counted_memory.h"
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after
221 resource_map_.find(resource); 221 resource_map_.find(resource);
222 if (it != resource_map_.end()) 222 if (it != resource_map_.end())
223 return it->second.first; 223 return it->second.first;
224 return "text/html"; 224 return "text/html";
225 } 225 }
226 226
227 bool NewTabUI::NewTabHTMLSource::ShouldReplaceExistingSource() const { 227 bool NewTabUI::NewTabHTMLSource::ShouldReplaceExistingSource() const {
228 return false; 228 return false;
229 } 229 }
230 230
231 bool NewTabUI::NewTabHTMLSource::ShouldAddContentSecurityPolicy() const { 231 std::string NewTabUI::NewTabHTMLSource::GetContentSecurityPolicyScriptSrc()
232 return false; 232 const {
233 // Add 'unsafe-inline' and google resources to script-src.
234 return "script-src chrome://resources 'self' 'unsafe-eval' 'unsafe-inline' "
235 "*.google.com *.gstatic.com;";
236 }
237
238 std::string NewTabUI::NewTabHTMLSource::GetContentSecurityPolicyObjectSrc()
239 const {
240 // Add style-src, child-src, and img-src.
241 return "object-src 'none';"
242 "style-src 'self' chrome://resources 'unsafe-inline' chrome://theme;"
Tom Sepez 2016/05/25 23:07:03 same here.
wychen 2016/05/26 17:54:23 For consistency, I changed back to frame-src. In C
243 "child-src chrome-search://most-visited;"
244 "img-src chrome-search://thumb chrome-search://thumb2 data:;";
233 } 245 }
234 246
235 void NewTabUI::NewTabHTMLSource::AddResource(const char* resource, 247 void NewTabUI::NewTabHTMLSource::AddResource(const char* resource,
236 const char* mime_type, 248 const char* mime_type,
237 int resource_id) { 249 int resource_id) {
238 DCHECK(resource); 250 DCHECK(resource);
239 DCHECK(mime_type); 251 DCHECK(mime_type);
240 resource_map_[std::string(resource)] = 252 resource_map_[std::string(resource)] =
241 std::make_pair(std::string(mime_type), resource_id); 253 std::make_pair(std::string(mime_type), resource_id);
242 } 254 }
243 255
244 NewTabUI::NewTabHTMLSource::~NewTabHTMLSource() {} 256 NewTabUI::NewTabHTMLSource::~NewTabHTMLSource() {}
OLDNEW
« chrome/browser/ui/webui/interstitials/interstitial_ui.cc ('K') | « chrome/browser/ui/webui/ntp/new_tab_ui.h ('k') | chrome/browser/ui/webui/system_info_ui.cc » ('j') | chrome/browser/ui/webui/system_info_ui.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698