OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
85 static const char Sandbox[]; | 85 static const char Sandbox[]; |
86 static const char ScriptSrc[]; | 86 static const char ScriptSrc[]; |
87 static const char StyleSrc[]; | 87 static const char StyleSrc[]; |
88 | 88 |
89 // CSP Level 2 Directives | 89 // CSP Level 2 Directives |
90 static const char BaseURI[]; | 90 static const char BaseURI[]; |
91 static const char ChildSrc[]; | 91 static const char ChildSrc[]; |
92 static const char FormAction[]; | 92 static const char FormAction[]; |
93 static const char FrameAncestors[]; | 93 static const char FrameAncestors[]; |
94 static const char PluginTypes[]; | 94 static const char PluginTypes[]; |
95 static const char ReflectedXSS[]; | |
96 static const char Referrer[]; | 95 static const char Referrer[]; |
97 | 96 |
98 // Manifest Directives (to be merged into CSP Level 2) | 97 // Manifest Directives (to be merged into CSP Level 2) |
99 // https://w3c.github.io/manifest/#content-security-policy | 98 // https://w3c.github.io/manifest/#content-security-policy |
100 static const char ManifestSrc[]; | 99 static const char ManifestSrc[]; |
101 | 100 |
102 // Mixed Content Directive | 101 // Mixed Content Directive |
103 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode | 102 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode |
104 static const char BlockAllMixedContent[]; | 103 static const char BlockAllMixedContent[]; |
105 | 104 |
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
270 const KURL&, | 269 const KURL&, |
271 const String& nonce, | 270 const String& nonce, |
272 const IntegrityMetadataSet&, | 271 const IntegrityMetadataSet&, |
273 ParserDisposition, | 272 ParserDisposition, |
274 RedirectStatus = RedirectStatus::NoRedirect, | 273 RedirectStatus = RedirectStatus::NoRedirect, |
275 ReportingStatus = SendReport) const; | 274 ReportingStatus = SendReport) const; |
276 | 275 |
277 void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); | 276 void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); |
278 void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); | 277 void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); |
279 | 278 |
280 ReflectedXSSDisposition getReflectedXSSDisposition() const; | |
281 | |
282 bool didSetReferrerPolicy() const; | 279 bool didSetReferrerPolicy() const; |
283 | 280 |
284 void setOverrideAllowInlineStyle(bool); | 281 void setOverrideAllowInlineStyle(bool); |
285 void setOverrideURLForSelf(const KURL&); | 282 void setOverrideURLForSelf(const KURL&); |
286 | 283 |
287 bool isActive() const; | 284 bool isActive() const; |
288 | 285 |
289 // If a frame is passed in, the message will be logged to its active | 286 // If a frame is passed in, the message will be logged to its active |
290 // document's console. Otherwise, the message will be logged to this object's | 287 // document's console. Otherwise, the message will be logged to this object's |
291 // |m_executionContext|. | 288 // |m_executionContext|. |
292 void logToConsole(ConsoleMessage*, LocalFrame* = nullptr); | 289 void logToConsole(ConsoleMessage*, LocalFrame* = nullptr); |
293 | 290 |
294 void reportDirectiveAsSourceExpression(const String& directiveName, | 291 void reportDirectiveAsSourceExpression(const String& directiveName, |
295 const String& sourceExpression); | 292 const String& sourceExpression); |
296 void reportDuplicateDirective(const String&); | 293 void reportDuplicateDirective(const String&); |
297 void reportInvalidDirectiveValueCharacter(const String& directiveName, | 294 void reportInvalidDirectiveValueCharacter(const String& directiveName, |
298 const String& value); | 295 const String& value); |
299 void reportInvalidPathCharacter(const String& directiveName, | 296 void reportInvalidPathCharacter(const String& directiveName, |
300 const String& value, | 297 const String& value, |
301 const char); | 298 const char); |
302 void reportInvalidPluginTypes(const String&); | 299 void reportInvalidPluginTypes(const String&); |
303 void reportInvalidRequireSRIForTokens(const String&); | 300 void reportInvalidRequireSRIForTokens(const String&); |
304 void reportInvalidSandboxFlags(const String&); | 301 void reportInvalidSandboxFlags(const String&); |
305 void reportInvalidSourceExpression(const String& directiveName, | 302 void reportInvalidSourceExpression(const String& directiveName, |
306 const String& source); | 303 const String& source); |
307 void reportInvalidReflectedXSS(const String&); | |
308 void reportMissingReportURI(const String&); | 304 void reportMissingReportURI(const String&); |
309 void reportUnsupportedDirective(const String&); | 305 void reportUnsupportedDirective(const String&); |
310 void reportInvalidInReportOnly(const String&); | 306 void reportInvalidInReportOnly(const String&); |
311 void reportInvalidDirectiveInMeta(const String& directiveName); | 307 void reportInvalidDirectiveInMeta(const String& directiveName); |
312 void reportInvalidReferrer(const String&); | 308 void reportInvalidReferrer(const String&); |
313 void reportReportOnlyInMeta(const String&); | 309 void reportReportOnlyInMeta(const String&); |
314 void reportMetaOutsideHead(const String&); | 310 void reportMetaOutsideHead(const String&); |
315 void reportValueForEmptyDirective(const String& directiveName, | 311 void reportValueForEmptyDirective(const String& directiveName, |
316 const String& value); | 312 const String& value); |
317 | 313 |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
418 String m_disableEvalErrorMessage; | 414 String m_disableEvalErrorMessage; |
419 WebInsecureRequestPolicy m_insecureRequestPolicy; | 415 WebInsecureRequestPolicy m_insecureRequestPolicy; |
420 | 416 |
421 Member<CSPSource> m_selfSource; | 417 Member<CSPSource> m_selfSource; |
422 String m_selfProtocol; | 418 String m_selfProtocol; |
423 }; | 419 }; |
424 | 420 |
425 } // namespace blink | 421 } // namespace blink |
426 | 422 |
427 #endif | 423 #endif |
OLD | NEW |