OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "bindings/core/v8/SourceLocation.h" | 7 #include "bindings/core/v8/SourceLocation.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/dom/SpaceSplitString.h" | 10 #include "core/dom/SpaceSplitString.h" |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
280 prefix = "Refused to load manifest from '"; | 280 prefix = "Refused to load manifest from '"; |
281 else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective) | 281 else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective) |
282 prefix = "Refused to load plugin data from '"; | 282 prefix = "Refused to load plugin data from '"; |
283 else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective) | 283 else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective) |
284 prefix = "Refused to load the script '"; | 284 prefix = "Refused to load the script '"; |
285 else if (ContentSecurityPolicy::StyleSrc == effectiveDirective) | 285 else if (ContentSecurityPolicy::StyleSrc == effectiveDirective) |
286 prefix = "Refused to load the stylesheet '"; | 286 prefix = "Refused to load the stylesheet '"; |
287 | 287 |
288 String suffix = String(); | 288 String suffix = String(); |
289 if (checkDynamic(directive)) | 289 if (checkDynamic(directive)) |
290 suffix = " 'unsafe-dynamic' is present, so host-based whitelisting is di
sabled."; | 290 suffix = " 'strict-dynamic' is present, so host-based whitelisting is di
sabled."; |
291 if (directive == m_defaultSrc) | 291 if (directive == m_defaultSrc) |
292 suffix = suffix + " Note that '" + effectiveDirective + "' was not expli
citly set, so 'default-src' is used as a fallback."; | 292 suffix = suffix + " Note that '" + effectiveDirective + "' was not expli
citly set, so 'default-src' is used as a fallback."; |
293 | 293 |
294 reportViolation(directive->text(), effectiveDirective, prefix + url.elidedSt
ring() + "' because it violates the following Content Security Policy directive:
\"" + directive->text() + "\"." + suffix + "\n", url, redirectStatus); | 294 reportViolation(directive->text(), effectiveDirective, prefix + url.elidedSt
ring() + "' because it violates the following Content Security Policy directive:
\"" + directive->text() + "\"." + suffix + "\n", url, redirectStatus); |
295 return denyIfEnforcingPolicy(); | 295 return denyIfEnforcingPolicy(); |
296 } | 296 } |
297 | 297 |
298 bool CSPDirectiveList::checkAncestorsAndReportViolation(SourceListDirective* dir
ective, LocalFrame* frame, const KURL& url) const | 298 bool CSPDirectiveList::checkAncestorsAndReportViolation(SourceListDirective* dir
ective, LocalFrame* frame, const KURL& url) const |
299 { | 299 { |
300 if (checkAncestors(directive, frame)) | 300 if (checkAncestors(directive, frame)) |
(...skipping 543 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
844 visitor->trace(m_imgSrc); | 844 visitor->trace(m_imgSrc); |
845 visitor->trace(m_mediaSrc); | 845 visitor->trace(m_mediaSrc); |
846 visitor->trace(m_manifestSrc); | 846 visitor->trace(m_manifestSrc); |
847 visitor->trace(m_objectSrc); | 847 visitor->trace(m_objectSrc); |
848 visitor->trace(m_scriptSrc); | 848 visitor->trace(m_scriptSrc); |
849 visitor->trace(m_styleSrc); | 849 visitor->trace(m_styleSrc); |
850 } | 850 } |
851 | 851 |
852 | 852 |
853 } // namespace blink | 853 } // namespace blink |
OLD | NEW |