Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(83)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2436003002: CSP: Add 'script-sample' to violation reports. (Closed)
Patch Set: Rebase. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/script-sample.html ('K') | « third_party/WebKit/Source/core/events/SecurityPolicyViolationEventInit.idl ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "core/frame/csp/MediaListDirective.h" 9 #include "core/frame/csp/MediaListDirective.h"
10 #include "core/frame/csp/SourceListDirective.h" 10 #include "core/frame/csp/SourceListDirective.h"
(...skipping 27 matching lines...) Expand all
38 38
39 void parse(const UChar* begin, const UChar* end); 39 void parse(const UChar* begin, const UChar* end);
40 40
41 const String& header() const { return m_header; } 41 const String& header() const { return m_header; }
42 ContentSecurityPolicyHeaderType headerType() const { return m_headerType; } 42 ContentSecurityPolicyHeaderType headerType() const { return m_headerType; }
43 ContentSecurityPolicyHeaderSource headerSource() const { 43 ContentSecurityPolicyHeaderSource headerSource() const {
44 return m_headerSource; 44 return m_headerSource;
45 } 45 }
46 46
47 bool allowJavaScriptURLs(Element*, 47 bool allowJavaScriptURLs(Element*,
48 const String& source,
48 const String& contextURL, 49 const String& contextURL,
49 const WTF::OrdinalNumber& contextLine, 50 const WTF::OrdinalNumber& contextLine,
50 ContentSecurityPolicy::ReportingStatus) const; 51 ContentSecurityPolicy::ReportingStatus) const;
51 bool allowInlineEventHandlers(Element*, 52 bool allowInlineEventHandlers(Element*,
53 const String& source,
52 const String& contextURL, 54 const String& contextURL,
53 const WTF::OrdinalNumber& contextLine, 55 const WTF::OrdinalNumber& contextLine,
54 ContentSecurityPolicy::ReportingStatus) const; 56 ContentSecurityPolicy::ReportingStatus) const;
55 bool allowInlineScript(Element*, 57 bool allowInlineScript(Element*,
56 const String& contextURL, 58 const String& contextURL,
57 const String& nonce, 59 const String& nonce,
58 const WTF::OrdinalNumber& contextLine, 60 const WTF::OrdinalNumber& contextLine,
59 ContentSecurityPolicy::ReportingStatus, 61 ContentSecurityPolicy::ReportingStatus,
60 const String& scriptContent) const; 62 const String& scriptContent) const;
61 bool allowInlineStyle(Element*, 63 bool allowInlineStyle(Element*,
(...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after
219 const ContentSecurityPolicy::DirectiveType&, 221 const ContentSecurityPolicy::DirectiveType&,
220 const String& consoleMessage, 222 const String& consoleMessage,
221 const KURL& blockedURL, 223 const KURL& blockedURL,
222 LocalFrame*) const; 224 LocalFrame*) const;
223 void reportViolationWithLocation(const String& directiveText, 225 void reportViolationWithLocation(const String& directiveText,
224 const ContentSecurityPolicy::DirectiveType&, 226 const ContentSecurityPolicy::DirectiveType&,
225 const String& consoleMessage, 227 const String& consoleMessage,
226 const KURL& blockedURL, 228 const KURL& blockedURL,
227 const String& contextURL, 229 const String& contextURL,
228 const WTF::OrdinalNumber& contextLine, 230 const WTF::OrdinalNumber& contextLine,
229 Element*) const; 231 Element*,
232 const String& source) const;
230 void reportViolationWithState( 233 void reportViolationWithState(
231 const String& directiveText, 234 const String& directiveText,
232 const ContentSecurityPolicy::DirectiveType&, 235 const ContentSecurityPolicy::DirectiveType&,
233 const String& message, 236 const String& message,
234 const KURL& blockedURL, 237 const KURL& blockedURL,
235 ScriptState*, 238 ScriptState*,
236 const ContentSecurityPolicy::ExceptionStatus) const; 239 const ContentSecurityPolicy::ExceptionStatus) const;
237 240
238 bool checkEval(SourceListDirective*) const; 241 bool checkEval(SourceListDirective*) const;
239 bool checkDynamic(SourceListDirective*) const; 242 bool checkDynamic(SourceListDirective*) const;
(...skipping 15 matching lines...) Expand all
255 258
256 bool checkEvalAndReportViolation( 259 bool checkEvalAndReportViolation(
257 SourceListDirective*, 260 SourceListDirective*,
258 const String& consoleMessage, 261 const String& consoleMessage,
259 ScriptState*, 262 ScriptState*,
260 ContentSecurityPolicy::ExceptionStatus = 263 ContentSecurityPolicy::ExceptionStatus =
261 ContentSecurityPolicy::WillNotThrowException) const; 264 ContentSecurityPolicy::WillNotThrowException) const;
262 bool checkInlineAndReportViolation(SourceListDirective*, 265 bool checkInlineAndReportViolation(SourceListDirective*,
263 const String& consoleMessage, 266 const String& consoleMessage,
264 Element*, 267 Element*,
268 const String& source,
265 const String& contextURL, 269 const String& contextURL,
266 const WTF::OrdinalNumber& contextLine, 270 const WTF::OrdinalNumber& contextLine,
267 bool isScript, 271 bool isScript,
268 const String& hashValue) const; 272 const String& hashValue) const;
269 273
270 bool checkSourceAndReportViolation( 274 bool checkSourceAndReportViolation(
271 SourceListDirective*, 275 SourceListDirective*,
272 const KURL&, 276 const KURL&,
273 const ContentSecurityPolicy::DirectiveType&, 277 const ContentSecurityPolicy::DirectiveType&,
274 ResourceRequest::RedirectStatus) const; 278 ResourceRequest::RedirectStatus) const;
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
330 uint8_t m_requireSRIFor; 334 uint8_t m_requireSRIFor;
331 335
332 Vector<String> m_reportEndpoints; 336 Vector<String> m_reportEndpoints;
333 337
334 String m_evalDisabledErrorMessage; 338 String m_evalDisabledErrorMessage;
335 }; 339 };
336 340
337 } // namespace blink 341 } // namespace blink
338 342
339 #endif 343 #endif
OLDNEW
« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/script-sample.html ('K') | « third_party/WebKit/Source/core/events/SecurityPolicyViolationEventInit.idl ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698