| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CSPSourceList_h | |
| 6 #define CSPSourceList_h | |
| 7 | |
| 8 #include "core/CoreExport.h" | |
| 9 #include "core/frame/csp/CSPSource.h" | |
| 10 #include "platform/Crypto.h" | |
| 11 #include "platform/heap/Handle.h" | |
| 12 #include "platform/network/ContentSecurityPolicyParsers.h" | |
| 13 #include "platform/network/ResourceRequest.h" | |
| 14 #include "wtf/HashSet.h" | |
| 15 #include "wtf/text/WTFString.h" | |
| 16 | |
| 17 namespace blink { | |
| 18 | |
| 19 class ContentSecurityPolicy; | |
| 20 class KURL; | |
| 21 | |
| 22 class CORE_EXPORT CSPSourceList { | |
| 23 DISALLOW_NEW(); | |
| 24 WTF_MAKE_NONCOPYABLE(CSPSourceList); | |
| 25 | |
| 26 public: | |
| 27 CSPSourceList(ContentSecurityPolicy*, const String& directiveName); | |
| 28 DECLARE_TRACE(); | |
| 29 | |
| 30 void parse(const UChar* begin, const UChar* end); | |
| 31 | |
| 32 bool matches(const KURL&, | |
| 33 ResourceRequest::RedirectStatus = | |
| 34 ResourceRequest::RedirectStatus::NoRedirect) const; | |
| 35 bool allowInline() const; | |
| 36 bool allowEval() const; | |
| 37 bool allowDynamic() const; | |
| 38 bool allowNonce(const String&) const; | |
| 39 bool allowHash(const CSPHashValue&) const; | |
| 40 bool allowHashedAttributes() const; | |
| 41 uint8_t hashAlgorithmsUsed() const; | |
| 42 | |
| 43 bool isHashOrNoncePresent() const; | |
| 44 | |
| 45 private: | |
| 46 bool parseSource(const UChar* begin, | |
| 47 const UChar* end, | |
| 48 String& scheme, | |
| 49 String& host, | |
| 50 int& port, | |
| 51 String& path, | |
| 52 CSPSource::WildcardDisposition&, | |
| 53 CSPSource::WildcardDisposition&); | |
| 54 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); | |
| 55 bool parseHost(const UChar* begin, | |
| 56 const UChar* end, | |
| 57 String& host, | |
| 58 CSPSource::WildcardDisposition&); | |
| 59 bool parsePort(const UChar* begin, | |
| 60 const UChar* end, | |
| 61 int& port, | |
| 62 CSPSource::WildcardDisposition&); | |
| 63 bool parsePath(const UChar* begin, const UChar* end, String& path); | |
| 64 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); | |
| 65 bool parseHash(const UChar* begin, | |
| 66 const UChar* end, | |
| 67 DigestValue& hash, | |
| 68 ContentSecurityPolicyHashAlgorithm&); | |
| 69 | |
| 70 void addSourceSelf(); | |
| 71 void addSourceStar(); | |
| 72 void addSourceUnsafeInline(); | |
| 73 void addSourceUnsafeEval(); | |
| 74 void addSourceStrictDynamic(); | |
| 75 void addSourceUnsafeHashedAttributes(); | |
| 76 void addSourceNonce(const String& nonce); | |
| 77 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, | |
| 78 const DigestValue& hash); | |
| 79 | |
| 80 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; | |
| 81 | |
| 82 Member<ContentSecurityPolicy> m_policy; | |
| 83 HeapVector<Member<CSPSource>> m_list; | |
| 84 String m_directiveName; | |
| 85 bool m_allowSelf; | |
| 86 bool m_allowStar; | |
| 87 bool m_allowInline; | |
| 88 bool m_allowEval; | |
| 89 bool m_allowDynamic; | |
| 90 bool m_allowHashedAttributes; | |
| 91 HashSet<String> m_nonces; | |
| 92 HashSet<CSPHashValue> m_hashes; | |
| 93 uint8_t m_hashAlgorithmsUsed; | |
| 94 }; | |
| 95 | |
| 96 } // namespace blink | |
| 97 | |
| 98 #endif | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2449873004:
Removing CSPSourceList level up to SourceListDirective. (Closed)
