Chromium Code Reviews Chromium Code Reviews
Issue 2372563002:
Adding Embedding-CSP HTTP header (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2000 Simon Hausmann (hausmann@kde.org) | 4 * (C) 2000 Simon Hausmann (hausmann@kde.org) |
| 5 * (C) 2001 Dirk Mueller (mueller@kde.org) | 5 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. | 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. |
| 7 * Copyright (C) 2009 Ericsson AB. All rights reserved. | 7 * Copyright (C) 2009 Ericsson AB. All rights reserved. |
| 8 * | 8 * |
| 9 * This library is free software; you can redistribute it and/or | 9 * This library is free software; you can redistribute it and/or |
| 10 * modify it under the terms of the GNU Library General Public | 10 * modify it under the terms of the GNU Library General Public |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 114 SecurityPolicy::referrerPolicyFromStringWithLegacyKeywords(value, &m _referrerPolicy); | 114 SecurityPolicy::referrerPolicyFromStringWithLegacyKeywords(value, &m _referrerPolicy); |
| 115 } else if (name == allowfullscreenAttr) { | 115 } else if (name == allowfullscreenAttr) { |
| 116 bool oldAllowFullscreen = m_allowFullscreen; | 116 bool oldAllowFullscreen = m_allowFullscreen; |
| 117 m_allowFullscreen = !value.isNull(); | 117 m_allowFullscreen = !value.isNull(); |
| 118 if (m_allowFullscreen != oldAllowFullscreen) | 118 if (m_allowFullscreen != oldAllowFullscreen) |
| 119 frameOwnerPropertiesChanged(); | 119 frameOwnerPropertiesChanged(); |
| 120 } else if (name == permissionsAttr) { | 120 } else if (name == permissionsAttr) { |
| 121 if (initializePermissionsAttribute()) | 121 if (initializePermissionsAttribute()) |
| 122 m_permissions->setValue(value); | 122 m_permissions->setValue(value); |
| 123 } else if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && name = = cspAttr) { | 123 } else if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && name = = cspAttr) { |
| 124 if (!value.getString().containsOnlyASCII()) { | |
| 125 m_csp = nullAtom; | |
| 126 document().addConsoleMessage(ConsoleMessage::create(OtherMessageSour ce, ErrorMessageLevel, "'csp' attribute contains non-ASCII characters: " + value )); | |
| 127 return; | |
| 128 } | |
|
Mike West
2016/10/06 08:00:50
Can you add a TODO here to make the validation a b
| |
| 124 AtomicString oldCSP = m_csp; | 129 AtomicString oldCSP = m_csp; |
| 125 m_csp = value; | 130 m_csp = value; |
| 126 if (m_csp != oldCSP) | 131 if (m_csp != oldCSP) |
| 127 frameOwnerPropertiesChanged(); | 132 frameOwnerPropertiesChanged(); |
| 128 } else { | 133 } else { |
| 129 if (name == srcAttr) | 134 if (name == srcAttr) |
| 130 logUpdateAttributeIfIsolatedWorldAndInDocument("iframe", srcAttr, ol dValue, value); | 135 logUpdateAttributeIfIsolatedWorldAndInDocument("iframe", srcAttr, ol dValue, value); |
| 131 HTMLFrameElementBase::parseAttribute(name, oldValue, value); | 136 HTMLFrameElementBase::parseAttribute(name, oldValue, value); |
| 132 } | 137 } |
| 133 } | 138 } |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 194 { | 199 { |
| 195 if (!RuntimeEnabledFeatures::permissionDelegationEnabled()) | 200 if (!RuntimeEnabledFeatures::permissionDelegationEnabled()) |
| 196 return false; | 201 return false; |
| 197 | 202 |
| 198 if (!m_permissions) | 203 if (!m_permissions) |
| 199 m_permissions = HTMLIFrameElementPermissions::create(this); | 204 m_permissions = HTMLIFrameElementPermissions::create(this); |
| 200 return true; | 205 return true; |
| 201 } | 206 } |
| 202 | 207 |
| 203 } // namespace blink | 208 } // namespace blink |
| OLD | NEW |
