third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp - Issue 2428473004: Remove the 'reflected-xss' directive from CSP.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2428473004: Remove the 'reflected-xss' directive from CSP. (Closed)

Patch Set: Test. Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | third_party/WebKit/Source/core/html/parser/XSSAuditor.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

index 2bef27e76e580e7c90839ac791d3a713817daad5..10c3665d7f81fa19c4a74df0672861de564d469d 100644

--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

@@ -92,7 +92,6 @@ const char ContentSecurityPolicy::ChildSrc[] = "child-src";

const char ContentSecurityPolicy::FormAction[] = "form-action";

const char ContentSecurityPolicy::FrameAncestors[] = "frame-ancestors";

const char ContentSecurityPolicy::PluginTypes[] = "plugin-types";

-const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss";

const char ContentSecurityPolicy::Referrer[] = "referrer";

// CSP Editor's Draft:

@@ -127,7 +126,6 @@ bool ContentSecurityPolicy::isDirectiveName(const String& name) {

equalIgnoringCase(name, FormAction) ||

equalIgnoringCase(name, FrameAncestors) ||

equalIgnoringCase(name, PluginTypes) ||

- equalIgnoringCase(name, ReflectedXSS) ||

equalIgnoringCase(name, Referrer) ||

equalIgnoringCase(name, ManifestSrc) ||

equalIgnoringCase(name, BlockAllMixedContent) ||

@@ -1010,16 +1008,6 @@ bool ContentSecurityPolicy::isActive() const {

return !m_policies.isEmpty();

}

-ReflectedXSSDisposition ContentSecurityPolicy::getReflectedXSSDisposition()

- const {

- ReflectedXSSDisposition disposition = ReflectedXSSUnset;

- for (const auto& policy : m_policies) {

- if (policy->getReflectedXSSDisposition() > disposition)

- disposition = std::max(disposition, policy->getReflectedXSSDisposition());

- }

- return disposition;

bool ContentSecurityPolicy::didSetReferrerPolicy() const {

for (const auto& policy : m_policies) {

if (policy->didSetReferrerPolicy())

@@ -1406,15 +1394,6 @@ void ContentSecurityPolicy::reportInvalidSandboxFlags(

invalidFlags);

}

-void ContentSecurityPolicy::reportInvalidReflectedXSS(

- const String& invalidValue) {

- logToConsole(

- "The 'reflected-xss' Content Security Policy directive has the invalid "

- "value \"" +

- invalidValue +

- "\". Valid values are \"allow\", \"filter\", and \"block\".");

void ContentSecurityPolicy::reportInvalidRequireSRIForTokens(

const String& invalidTokens) {

logToConsole(