third_party/WebKit/Source/core/loader/HttpEquiv.cpp - Issue 2308513002: CSP: Measure whether we can treat '<meta http-refresh>' as inline script.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/Source/core/loader/HttpEquiv.cpp

Issue 2308513002: CSP: Measure whether we can treat '<meta http-refresh>' as inline script. (Closed)

Patch Set: Rebase+Histogram Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/Source/core/frame/UseCounter.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/loader/HttpEquiv.h"	5 #include "core/loader/HttpEquiv.h"

6	6

7 #include "core/dom/Document.h"	7 #include "core/dom/Document.h"

8 #include "core/dom/ScriptableDocumentParser.h"	8 #include "core/dom/ScriptableDocumentParser.h"

9 #include "core/dom/StyleEngine.h"	9 #include "core/dom/StyleEngine.h"

10 #include "core/fetch/ClientHintsPreferences.h"	10 #include "core/fetch/ClientHintsPreferences.h"

(...skipping 60 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
71 document.clientHintsPreferences().updateFromAcceptClientHintsHeader(content, document.fetcher());	71 document.clientHintsPreferences().updateFromAcceptClientHintsHeader(content, document.fetcher());

72 }	72 }

73	73

74 void HttpEquiv::processHttpEquivDefaultStyle(Document& document, const AtomicStr ing& content)	74 void HttpEquiv::processHttpEquivDefaultStyle(Document& document, const AtomicStr ing& content)

75 {	75 {

76 document.styleEngine().setHttpDefaultStyle(content);	76 document.styleEngine().setHttpDefaultStyle(content);

77 }	77 }

78	78

79 void HttpEquiv::processHttpEquivRefresh(Document& document, const AtomicString& content)	79 void HttpEquiv::processHttpEquivRefresh(Document& document, const AtomicString& content)

80 {	80 {

	81 UseCounter::count(document, UseCounter::MetaRefresh);

	82 if (!document.contentSecurityPolicy()->allowInlineScript(KURL(), "", Ordinal Number(), "", ContentSecurityPolicy::SuppressReport))

	83 UseCounter::count(document, UseCounter::MetaRefreshWhenCSPBlocksInlineSc ript);

	84

81 document.maybeHandleHttpRefresh(content, Document::HttpRefreshFromMetaTag);	85 document.maybeHandleHttpRefresh(content, Document::HttpRefreshFromMetaTag);

82 }	86 }

83	87

84 void HttpEquiv::processHttpEquivSetCookie(Document& document, const AtomicString & content)	88 void HttpEquiv::processHttpEquivSetCookie(Document& document, const AtomicString & content)

85 {	89 {

86 // FIXME: make setCookie work on XML documents too; e.g. in case of <html:me ta .....>	90 // FIXME: make setCookie work on XML documents too; e.g. in case of <html:me ta .....>

87 if (!document.isHTMLDocument())	91 if (!document.isHTMLDocument())

88 return;	92 return;

89	93

	94 UseCounter::count(document, UseCounter::MetaSetCookie);

	95 if (!document.contentSecurityPolicy()->allowInlineScript(KURL(), "", Ordinal Number(), "", ContentSecurityPolicy::SuppressReport))

	96 UseCounter::count(document, UseCounter::MetaSetCookieWhenCSPBlocksInline Script);

	97

90 // Exception (for sandboxed documents) ignored.	98 // Exception (for sandboxed documents) ignored.

91 document.setCookie(content, IGNORE_EXCEPTION);	99 document.setCookie(content, IGNORE_EXCEPTION);

92 }	100 }

93	101

94 } // namespace blink	102 } // namespace blink

OLD	NEW