OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SourceListDirective_h | 5 #ifndef SourceListDirective_h |
6 #define SourceListDirective_h | 6 #define SourceListDirective_h |
7 | 7 |
8 #include "core/CoreExport.h" | |
8 #include "core/frame/csp/CSPDirective.h" | 9 #include "core/frame/csp/CSPDirective.h" |
9 #include "core/frame/csp/CSPSourceList.h" | 10 #include "core/frame/csp/CSPSource.h" |
amalika
2016/10/26 12:04:53
CSPSourceList also included
#include "platform/Cr
| |
10 #include "platform/network/ContentSecurityPolicyParsers.h" | 11 #include "platform/network/ContentSecurityPolicyParsers.h" |
11 #include "platform/network/ResourceRequest.h" | 12 #include "platform/network/ResourceRequest.h" |
12 #include "wtf/HashSet.h" | 13 #include "wtf/HashSet.h" |
13 #include "wtf/text/WTFString.h" | 14 #include "wtf/text/WTFString.h" |
14 | 15 |
15 namespace blink { | 16 namespace blink { |
16 | 17 |
17 class ContentSecurityPolicy; | 18 class ContentSecurityPolicy; |
18 class KURL; | 19 class KURL; |
19 | 20 |
20 class SourceListDirective final : public CSPDirective { | 21 class CORE_EXPORT SourceListDirective final : public CSPDirective { |
21 WTF_MAKE_NONCOPYABLE(SourceListDirective); | 22 WTF_MAKE_NONCOPYABLE(SourceListDirective); |
22 | 23 |
23 public: | 24 public: |
24 SourceListDirective(const String& name, | 25 SourceListDirective(const String& name, |
25 const String& value, | 26 const String& value, |
26 ContentSecurityPolicy*); | 27 ContentSecurityPolicy*); |
27 DECLARE_TRACE(); | 28 DECLARE_TRACE(); |
28 | 29 |
29 bool allows(const KURL&, ResourceRequest::RedirectStatus) const; | 30 void parse(const UChar* begin, const UChar* end); |
31 | |
32 bool matches(const KURL&, | |
33 ResourceRequest::RedirectStatus = | |
34 ResourceRequest::RedirectStatus::NoRedirect) const; | |
35 | |
36 bool allows(const KURL&, | |
37 ResourceRequest::RedirectStatus = | |
38 ResourceRequest::RedirectStatus::NoRedirect) const; | |
30 bool allowInline() const; | 39 bool allowInline() const; |
31 bool allowEval() const; | 40 bool allowEval() const; |
32 bool allowDynamic() const; | 41 bool allowDynamic() const; |
33 bool allowNonce(const String& nonce) const; | 42 bool allowNonce(String nonce) const; |
Mike West
2016/10/26 13:07:05
Why change this to a copy?
| |
34 bool allowHash(const CSPHashValue&) const; | 43 bool allowHash(const CSPHashValue&) const; |
35 bool allowHashedAttributes() const; | 44 bool allowHashedAttributes() const; |
36 bool isHashOrNoncePresent() const; | 45 bool isHashOrNoncePresent() const; |
37 uint8_t hashAlgorithmsUsed() const; | 46 uint8_t hashAlgorithmsUsed() const; |
38 | 47 |
39 private: | 48 private: |
40 CSPSourceList m_sourceList; | 49 bool parseSource(const UChar* begin, |
50 const UChar* end, | |
51 String& scheme, | |
52 String& host, | |
53 int& port, | |
54 String& path, | |
55 CSPSource::WildcardDisposition&, | |
56 CSPSource::WildcardDisposition&); | |
57 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); | |
58 bool parseHost(const UChar* begin, | |
59 const UChar* end, | |
60 String& host, | |
61 CSPSource::WildcardDisposition&); | |
62 bool parsePort(const UChar* begin, | |
63 const UChar* end, | |
64 int& port, | |
65 CSPSource::WildcardDisposition&); | |
66 bool parsePath(const UChar* begin, const UChar* end, String& path); | |
67 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); | |
68 bool parseHash(const UChar* begin, | |
69 const UChar* end, | |
70 DigestValue& hash, | |
71 ContentSecurityPolicyHashAlgorithm&); | |
72 | |
73 void addSourceSelf(); | |
74 void addSourceStar(); | |
75 void addSourceUnsafeInline(); | |
76 void addSourceUnsafeEval(); | |
77 void addSourceStrictDynamic(); | |
78 void addSourceUnsafeHashedAttributes(); | |
79 void addSourceNonce(const String& nonce); | |
80 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, | |
81 const DigestValue& hash); | |
82 | |
83 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; | |
84 | |
85 Member<ContentSecurityPolicy> m_policy; | |
86 HeapVector<Member<CSPSource>> m_list; | |
87 String m_directiveName; | |
88 bool m_allowSelf; | |
89 bool m_allowStar; | |
90 bool m_allowInline; | |
91 bool m_allowEval; | |
92 bool m_allowDynamic; | |
93 bool m_allowHashedAttributes; | |
94 HashSet<String> m_nonces; | |
95 HashSet<CSPHashValue> m_hashes; | |
96 uint8_t m_hashAlgorithmsUsed; | |
41 }; | 97 }; |
42 | 98 |
43 } // namespace blink | 99 } // namespace blink |
44 | 100 |
45 #endif | 101 #endif |
OLD | NEW |