Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/ScriptController.h

Issue 2421473004: CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)
Patch Set: Test. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-strict-dynamic-whitelist.html ('k') | third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 29 matching lines...) Expand all
40 #include "platform/heap/Handle.h" 40 #include "platform/heap/Handle.h"
41 #include "wtf/HashMap.h" 41 #include "wtf/HashMap.h"
42 #include "wtf/Noncopyable.h" 42 #include "wtf/Noncopyable.h"
43 #include "wtf/Vector.h" 43 #include "wtf/Vector.h"
44 #include "wtf/text/TextPosition.h" 44 #include "wtf/text/TextPosition.h"
45 #include <v8.h> 45 #include <v8.h>
46 46
47 namespace blink { 47 namespace blink {
48 48
49 class DOMWrapperWorld; 49 class DOMWrapperWorld;
50 class Element;
50 class ExecutionContext; 51 class ExecutionContext;
51 class HTMLDocument; 52 class HTMLDocument;
52 class HTMLPlugInElement; 53 class HTMLPlugInElement;
53 class KURL; 54 class KURL;
54 class ScriptState; 55 class ScriptState;
55 class ScriptSourceCode; 56 class ScriptSourceCode;
56 class SecurityOrigin; 57 class SecurityOrigin;
57 class WindowProxy; 58 class WindowProxy;
58 class Widget; 59 class Widget;
59 60
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
106 // Otherwise, a new world is created. 107 // Otherwise, a new world is created.
107 // 108 //
108 // FIXME: Get rid of extensionGroup here. 109 // FIXME: Get rid of extensionGroup here.
109 // FIXME: We don't want to support multiple scripts. 110 // FIXME: We don't want to support multiple scripts.
110 void executeScriptInIsolatedWorld(int worldID, 111 void executeScriptInIsolatedWorld(int worldID,
111 const HeapVector<ScriptSourceCode>& sources, 112 const HeapVector<ScriptSourceCode>& sources,
112 int extensionGroup, 113 int extensionGroup,
113 Vector<v8::Local<v8::Value>>* results); 114 Vector<v8::Local<v8::Value>>* results);
114 115
115 // Returns true if argument is a JavaScript URL. 116 // Returns true if argument is a JavaScript URL.
116 bool executeScriptIfJavaScriptURL(const KURL&); 117 bool executeScriptIfJavaScriptURL(const KURL&, Element*);
117 118
118 // Returns true if the current world is isolated, and has its own Content 119 // Returns true if the current world is isolated, and has its own Content
119 // Security Policy. In this case, the policy of the main world should be 120 // Security Policy. In this case, the policy of the main world should be
120 // ignored when evaluating resources injected into the DOM. 121 // ignored when evaluating resources injected into the DOM.
121 bool shouldBypassMainWorldCSP(); 122 bool shouldBypassMainWorldCSP();
122 123
123 PassRefPtr<SharedPersistent<v8::Object>> createPluginWrapper(Widget*); 124 PassRefPtr<SharedPersistent<v8::Object>> createPluginWrapper(Widget*);
124 125
125 void enableEval(); 126 void enableEval();
126 void disableEval(const String& errorMessage); 127 void disableEval(const String& errorMessage);
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
166 v8::Local<v8::Value> evaluateScriptInMainWorld(const ScriptSourceCode&, 167 v8::Local<v8::Value> evaluateScriptInMainWorld(const ScriptSourceCode&,
167 AccessControlStatus, 168 AccessControlStatus,
168 ExecuteScriptPolicy); 169 ExecuteScriptPolicy);
169 170
170 Member<WindowProxyManager> m_windowProxyManager; 171 Member<WindowProxyManager> m_windowProxyManager;
171 }; 172 };
172 173
173 } // namespace blink 174 } // namespace blink
174 175
175 #endif // ScriptController_h 176 #endif // ScriptController_h
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic/script-src-strict-dynamic-whitelist.html ('k') | third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698