| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 85 static const char Sandbox[]; | 85 static const char Sandbox[]; |
| 86 static const char ScriptSrc[]; | 86 static const char ScriptSrc[]; |
| 87 static const char StyleSrc[]; | 87 static const char StyleSrc[]; |
| 88 | 88 |
| 89 // CSP Level 2 Directives | 89 // CSP Level 2 Directives |
| 90 static const char BaseURI[]; | 90 static const char BaseURI[]; |
| 91 static const char ChildSrc[]; | 91 static const char ChildSrc[]; |
| 92 static const char FormAction[]; | 92 static const char FormAction[]; |
| 93 static const char FrameAncestors[]; | 93 static const char FrameAncestors[]; |
| 94 static const char PluginTypes[]; | 94 static const char PluginTypes[]; |
| 95 static const char ReflectedXSS[]; | |
| 96 static const char Referrer[]; | 95 static const char Referrer[]; |
| 97 | 96 |
| 98 // Manifest Directives (to be merged into CSP Level 2) | 97 // Manifest Directives (to be merged into CSP Level 2) |
| 99 // https://w3c.github.io/manifest/#content-security-policy | 98 // https://w3c.github.io/manifest/#content-security-policy |
| 100 static const char ManifestSrc[]; | 99 static const char ManifestSrc[]; |
| 101 | 100 |
| 102 // Mixed Content Directive | 101 // Mixed Content Directive |
| 103 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode | 102 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode |
| 104 static const char BlockAllMixedContent[]; | 103 static const char BlockAllMixedContent[]; |
| 105 | 104 |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 270 const KURL&, | 269 const KURL&, |
| 271 const String& nonce, | 270 const String& nonce, |
| 272 const IntegrityMetadataSet&, | 271 const IntegrityMetadataSet&, |
| 273 ParserDisposition, | 272 ParserDisposition, |
| 274 RedirectStatus = RedirectStatus::NoRedirect, | 273 RedirectStatus = RedirectStatus::NoRedirect, |
| 275 ReportingStatus = SendReport) const; | 274 ReportingStatus = SendReport) const; |
| 276 | 275 |
| 277 void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); | 276 void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); |
| 278 void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); | 277 void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); |
| 279 | 278 |
| 280 ReflectedXSSDisposition getReflectedXSSDisposition() const; | |
| 281 | |
| 282 bool didSetReferrerPolicy() const; | 279 bool didSetReferrerPolicy() const; |
| 283 | 280 |
| 284 void setOverrideAllowInlineStyle(bool); | 281 void setOverrideAllowInlineStyle(bool); |
| 285 void setOverrideURLForSelf(const KURL&); | 282 void setOverrideURLForSelf(const KURL&); |
| 286 | 283 |
| 287 bool isActive() const; | 284 bool isActive() const; |
| 288 | 285 |
| 289 // If a frame is passed in, the message will be logged to its active | 286 // If a frame is passed in, the message will be logged to its active |
| 290 // document's console. Otherwise, the message will be logged to this object's | 287 // document's console. Otherwise, the message will be logged to this object's |
| 291 // |m_executionContext|. | 288 // |m_executionContext|. |
| 292 void logToConsole(ConsoleMessage*, LocalFrame* = nullptr); | 289 void logToConsole(ConsoleMessage*, LocalFrame* = nullptr); |
| 293 | 290 |
| 294 void reportDirectiveAsSourceExpression(const String& directiveName, | 291 void reportDirectiveAsSourceExpression(const String& directiveName, |
| 295 const String& sourceExpression); | 292 const String& sourceExpression); |
| 296 void reportDuplicateDirective(const String&); | 293 void reportDuplicateDirective(const String&); |
| 297 void reportInvalidDirectiveValueCharacter(const String& directiveName, | 294 void reportInvalidDirectiveValueCharacter(const String& directiveName, |
| 298 const String& value); | 295 const String& value); |
| 299 void reportInvalidPathCharacter(const String& directiveName, | 296 void reportInvalidPathCharacter(const String& directiveName, |
| 300 const String& value, | 297 const String& value, |
| 301 const char); | 298 const char); |
| 302 void reportInvalidPluginTypes(const String&); | 299 void reportInvalidPluginTypes(const String&); |
| 303 void reportInvalidRequireSRIForTokens(const String&); | 300 void reportInvalidRequireSRIForTokens(const String&); |
| 304 void reportInvalidSandboxFlags(const String&); | 301 void reportInvalidSandboxFlags(const String&); |
| 305 void reportInvalidSourceExpression(const String& directiveName, | 302 void reportInvalidSourceExpression(const String& directiveName, |
| 306 const String& source); | 303 const String& source); |
| 307 void reportInvalidReflectedXSS(const String&); | |
| 308 void reportMissingReportURI(const String&); | 304 void reportMissingReportURI(const String&); |
| 309 void reportUnsupportedDirective(const String&); | 305 void reportUnsupportedDirective(const String&); |
| 310 void reportInvalidInReportOnly(const String&); | 306 void reportInvalidInReportOnly(const String&); |
| 311 void reportInvalidDirectiveInMeta(const String& directiveName); | 307 void reportInvalidDirectiveInMeta(const String& directiveName); |
| 312 void reportInvalidReferrer(const String&); | 308 void reportInvalidReferrer(const String&); |
| 313 void reportReportOnlyInMeta(const String&); | 309 void reportReportOnlyInMeta(const String&); |
| 314 void reportMetaOutsideHead(const String&); | 310 void reportMetaOutsideHead(const String&); |
| 315 void reportValueForEmptyDirective(const String& directiveName, | 311 void reportValueForEmptyDirective(const String& directiveName, |
| 316 const String& value); | 312 const String& value); |
| 317 | 313 |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 String m_disableEvalErrorMessage; | 414 String m_disableEvalErrorMessage; |
| 419 WebInsecureRequestPolicy m_insecureRequestPolicy; | 415 WebInsecureRequestPolicy m_insecureRequestPolicy; |
| 420 | 416 |
| 421 Member<CSPSource> m_selfSource; | 417 Member<CSPSource> m_selfSource; |
| 422 String m_selfProtocol; | 418 String m_selfProtocol; |
| 423 }; | 419 }; |
| 424 | 420 |
| 425 } // namespace blink | 421 } // namespace blink |
| 426 | 422 |
| 427 #endif | 423 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2428473004:
Remove the 'reflected-xss' directive from CSP. (Closed)
