OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
7 | 7 |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "core/frame/csp/MediaListDirective.h" | 9 #include "core/frame/csp/MediaListDirective.h" |
10 #include "core/frame/csp/SourceListDirective.h" | 10 #include "core/frame/csp/SourceListDirective.h" |
(...skipping 27 matching lines...) Expand all Loading... |
38 | 38 |
39 void parse(const UChar* begin, const UChar* end); | 39 void parse(const UChar* begin, const UChar* end); |
40 | 40 |
41 const String& header() const { return m_header; } | 41 const String& header() const { return m_header; } |
42 ContentSecurityPolicyHeaderType headerType() const { return m_headerType; } | 42 ContentSecurityPolicyHeaderType headerType() const { return m_headerType; } |
43 ContentSecurityPolicyHeaderSource headerSource() const { | 43 ContentSecurityPolicyHeaderSource headerSource() const { |
44 return m_headerSource; | 44 return m_headerSource; |
45 } | 45 } |
46 | 46 |
47 bool allowJavaScriptURLs(Element*, | 47 bool allowJavaScriptURLs(Element*, |
| 48 const String& source, |
48 const String& contextURL, | 49 const String& contextURL, |
49 const WTF::OrdinalNumber& contextLine, | 50 const WTF::OrdinalNumber& contextLine, |
50 ContentSecurityPolicy::ReportingStatus) const; | 51 ContentSecurityPolicy::ReportingStatus) const; |
51 bool allowInlineEventHandlers(Element*, | 52 bool allowInlineEventHandlers(Element*, |
| 53 const String& source, |
52 const String& contextURL, | 54 const String& contextURL, |
53 const WTF::OrdinalNumber& contextLine, | 55 const WTF::OrdinalNumber& contextLine, |
54 ContentSecurityPolicy::ReportingStatus) const; | 56 ContentSecurityPolicy::ReportingStatus) const; |
55 bool allowInlineScript(Element*, | 57 bool allowInlineScript(Element*, |
56 const String& contextURL, | 58 const String& contextURL, |
57 const String& nonce, | 59 const String& nonce, |
58 const WTF::OrdinalNumber& contextLine, | 60 const WTF::OrdinalNumber& contextLine, |
59 ContentSecurityPolicy::ReportingStatus, | 61 ContentSecurityPolicy::ReportingStatus, |
60 const String& scriptContent) const; | 62 const String& scriptContent) const; |
61 bool allowInlineStyle(Element*, | 63 bool allowInlineStyle(Element*, |
(...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
219 const ContentSecurityPolicy::DirectiveType&, | 221 const ContentSecurityPolicy::DirectiveType&, |
220 const String& consoleMessage, | 222 const String& consoleMessage, |
221 const KURL& blockedURL, | 223 const KURL& blockedURL, |
222 LocalFrame*) const; | 224 LocalFrame*) const; |
223 void reportViolationWithLocation(const String& directiveText, | 225 void reportViolationWithLocation(const String& directiveText, |
224 const ContentSecurityPolicy::DirectiveType&, | 226 const ContentSecurityPolicy::DirectiveType&, |
225 const String& consoleMessage, | 227 const String& consoleMessage, |
226 const KURL& blockedURL, | 228 const KURL& blockedURL, |
227 const String& contextURL, | 229 const String& contextURL, |
228 const WTF::OrdinalNumber& contextLine, | 230 const WTF::OrdinalNumber& contextLine, |
229 Element*) const; | 231 Element*, |
| 232 const String& source) const; |
230 void reportViolationWithState( | 233 void reportViolationWithState( |
231 const String& directiveText, | 234 const String& directiveText, |
232 const ContentSecurityPolicy::DirectiveType&, | 235 const ContentSecurityPolicy::DirectiveType&, |
233 const String& message, | 236 const String& message, |
234 const KURL& blockedURL, | 237 const KURL& blockedURL, |
235 ScriptState*, | 238 ScriptState*, |
236 const ContentSecurityPolicy::ExceptionStatus) const; | 239 const ContentSecurityPolicy::ExceptionStatus) const; |
237 | 240 |
238 bool checkEval(SourceListDirective*) const; | 241 bool checkEval(SourceListDirective*) const; |
239 bool checkDynamic(SourceListDirective*) const; | 242 bool checkDynamic(SourceListDirective*) const; |
(...skipping 15 matching lines...) Expand all Loading... |
255 | 258 |
256 bool checkEvalAndReportViolation( | 259 bool checkEvalAndReportViolation( |
257 SourceListDirective*, | 260 SourceListDirective*, |
258 const String& consoleMessage, | 261 const String& consoleMessage, |
259 ScriptState*, | 262 ScriptState*, |
260 ContentSecurityPolicy::ExceptionStatus = | 263 ContentSecurityPolicy::ExceptionStatus = |
261 ContentSecurityPolicy::WillNotThrowException) const; | 264 ContentSecurityPolicy::WillNotThrowException) const; |
262 bool checkInlineAndReportViolation(SourceListDirective*, | 265 bool checkInlineAndReportViolation(SourceListDirective*, |
263 const String& consoleMessage, | 266 const String& consoleMessage, |
264 Element*, | 267 Element*, |
| 268 const String& source, |
265 const String& contextURL, | 269 const String& contextURL, |
266 const WTF::OrdinalNumber& contextLine, | 270 const WTF::OrdinalNumber& contextLine, |
267 bool isScript, | 271 bool isScript, |
268 const String& hashValue) const; | 272 const String& hashValue) const; |
269 | 273 |
270 bool checkSourceAndReportViolation( | 274 bool checkSourceAndReportViolation( |
271 SourceListDirective*, | 275 SourceListDirective*, |
272 const KURL&, | 276 const KURL&, |
273 const ContentSecurityPolicy::DirectiveType&, | 277 const ContentSecurityPolicy::DirectiveType&, |
274 ResourceRequest::RedirectStatus) const; | 278 ResourceRequest::RedirectStatus) const; |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
330 uint8_t m_requireSRIFor; | 334 uint8_t m_requireSRIFor; |
331 | 335 |
332 Vector<String> m_reportEndpoints; | 336 Vector<String> m_reportEndpoints; |
333 | 337 |
334 String m_evalDisabledErrorMessage; | 338 String m_evalDisabledErrorMessage; |
335 }; | 339 }; |
336 | 340 |
337 } // namespace blink | 341 } // namespace blink |
338 | 342 |
339 #endif | 343 #endif |
OLD | NEW |