OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/dom/SecurityContext.h" | 8 #include "core/dom/SecurityContext.h" |
9 #include "core/dom/SpaceSplitString.h" | 9 #include "core/dom/SpaceSplitString.h" |
10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
271 prefix = "Refused to load manifest from '"; | 271 prefix = "Refused to load manifest from '"; |
272 else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective) | 272 else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective) |
273 prefix = "Refused to load plugin data from '"; | 273 prefix = "Refused to load plugin data from '"; |
274 else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective) | 274 else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective) |
275 prefix = "Refused to load the script '"; | 275 prefix = "Refused to load the script '"; |
276 else if (ContentSecurityPolicy::StyleSrc == effectiveDirective) | 276 else if (ContentSecurityPolicy::StyleSrc == effectiveDirective) |
277 prefix = "Refused to load the stylesheet '"; | 277 prefix = "Refused to load the stylesheet '"; |
278 | 278 |
279 String suffix = String(); | 279 String suffix = String(); |
280 if (checkDynamic(directive)) | 280 if (checkDynamic(directive)) |
281 suffix = " 'unsafe-dynamic' is present, so host-based whitelisting is di
sabled."; | 281 suffix = " 'strict-dynamic' is present, so host-based whitelisting is di
sabled."; |
282 if (directive == m_defaultSrc) | 282 if (directive == m_defaultSrc) |
283 suffix = suffix + " Note that '" + effectiveDirective + "' was not expli
citly set, so 'default-src' is used as a fallback."; | 283 suffix = suffix + " Note that '" + effectiveDirective + "' was not expli
citly set, so 'default-src' is used as a fallback."; |
284 | 284 |
285 reportViolation(directive->text(), effectiveDirective, prefix + url.elidedSt
ring() + "' because it violates the following Content Security Policy directive:
\"" + directive->text() + "\"." + suffix + "\n", url); | 285 reportViolation(directive->text(), effectiveDirective, prefix + url.elidedSt
ring() + "' because it violates the following Content Security Policy directive:
\"" + directive->text() + "\"." + suffix + "\n", url); |
286 return denyIfEnforcingPolicy(); | 286 return denyIfEnforcingPolicy(); |
287 } | 287 } |
288 | 288 |
289 bool CSPDirectiveList::checkAncestorsAndReportViolation(SourceListDirective* dir
ective, LocalFrame* frame, const KURL& url) const | 289 bool CSPDirectiveList::checkAncestorsAndReportViolation(SourceListDirective* dir
ective, LocalFrame* frame, const KURL& url) const |
290 { | 290 { |
291 if (checkAncestors(directive, frame)) | 291 if (checkAncestors(directive, frame)) |
(...skipping 548 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
840 visitor->trace(m_imgSrc); | 840 visitor->trace(m_imgSrc); |
841 visitor->trace(m_mediaSrc); | 841 visitor->trace(m_mediaSrc); |
842 visitor->trace(m_manifestSrc); | 842 visitor->trace(m_manifestSrc); |
843 visitor->trace(m_objectSrc); | 843 visitor->trace(m_objectSrc); |
844 visitor->trace(m_scriptSrc); | 844 visitor->trace(m_scriptSrc); |
845 visitor->trace(m_styleSrc); | 845 visitor->trace(m_styleSrc); |
846 } | 846 } |
847 | 847 |
848 | 848 |
849 } // namespace blink | 849 } // namespace blink |
OLD | NEW |