Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(227)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 235893003: Remove use of WebCrypto digestSynchronous in Blink. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Changed ASSERT_WITH_SECURITY_IMPLICATIONS to RELEASE_ASSERT Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | Source/modules/websockets/WebSocketHandshake.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after
320 if (hashAlgorithmsUsed == ContentSecurityPolicyHashAlgorithmNone) 320 if (hashAlgorithmsUsed == ContentSecurityPolicyHashAlgorithmNone)
321 return false; 321 return false;
322 322
323 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables); 323 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables);
324 324
325 // See comment in CSPSourceList::parseHash about why we are using this sizeo f 325 // See comment in CSPSourceList::parseHash about why we are using this sizeo f
326 // calculation instead of WTF_ARRAY_LENGTH. 326 // calculation instead of WTF_ARRAY_LENGTH.
327 for (size_t i = 0; i < (sizeof(kAlgorithmMap) / sizeof(kAlgorithmMap[0])); i ++) { 327 for (size_t i = 0; i < (sizeof(kAlgorithmMap) / sizeof(kAlgorithmMap[0])); i ++) {
328 DigestValue digest; 328 DigestValue digest;
329 if (kAlgorithmMap[i].cspHashAlgorithm & hashAlgorithmsUsed) { 329 if (kAlgorithmMap[i].cspHashAlgorithm & hashAlgorithmsUsed) {
330 computeDigest(kAlgorithmMap[i].algorithm, normalizedSource.data(), n ormalizedSource.length(), digest); 330 bool digestSuccess = computeDigest(kAlgorithmMap[i].algorithm, norma lizedSource.data(), normalizedSource.length(), digest);
331 if (isAllowedByAllWithHash<allowed>(policies, CSPHashValue(kAlgorith mMap[i].cspHashAlgorithm, digest))) 331 if (digestSuccess && isAllowedByAllWithHash<allowed>(policies, CSPHa shValue(kAlgorithmMap[i].cspHashAlgorithm, digest)))
332 return true; 332 return true;
333 } 333 }
334 } 334 }
335 335
336 return false; 336 return false;
337 } 337 }
338 338
339 bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportin gStatus) const 339 bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportin gStatus) const
340 { 340 {
341 return isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_p olicies, contextURL, contextLine, reportingStatus); 341 return isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_p olicies, contextURL, contextLine, reportingStatus);
(...skipping 435 matching lines...) Expand 10 before | Expand all | Expand 10 after
777 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. 777 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report.
778 return !m_violationReportsSent.contains(report.impl()->hash()); 778 return !m_violationReportsSent.contains(report.impl()->hash());
779 } 779 }
780 780
781 void ContentSecurityPolicy::didSendViolationReport(const String& report) 781 void ContentSecurityPolicy::didSendViolationReport(const String& report)
782 { 782 {
783 m_violationReportsSent.add(report.impl()->hash()); 783 m_violationReportsSent.add(report.impl()->hash());
784 } 784 }
785 785
786 } // namespace WebCore 786 } // namespace WebCore
OLDNEW
« no previous file with comments | « no previous file | Source/modules/websockets/WebSocketHandshake.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698