| Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
|
| index a432b5983f79678477b0590270dc188f71c4a5f1..38752daecb9163b5dc885ed101e7156d0cc3930e 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
|
| +++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
|
| @@ -5,8 +5,10 @@
|
| #ifndef SourceListDirective_h
|
| #define SourceListDirective_h
|
|
|
| +#include "core/CoreExport.h"
|
| #include "core/frame/csp/CSPDirective.h"
|
| -#include "core/frame/csp/CSPSourceList.h"
|
| +#include "core/frame/csp/CSPSource.h"
|
| +#include "platform/Crypto.h"
|
| #include "platform/network/ContentSecurityPolicyParsers.h"
|
| #include "platform/network/ResourceRequest.h"
|
| #include "wtf/HashSet.h"
|
| @@ -17,7 +19,7 @@ namespace blink {
|
| class ContentSecurityPolicy;
|
| class KURL;
|
|
|
| -class SourceListDirective final : public CSPDirective {
|
| +class CORE_EXPORT SourceListDirective final : public CSPDirective {
|
| WTF_MAKE_NONCOPYABLE(SourceListDirective);
|
|
|
| public:
|
| @@ -26,7 +28,15 @@ class SourceListDirective final : public CSPDirective {
|
| ContentSecurityPolicy*);
|
| DECLARE_TRACE();
|
|
|
| - bool allows(const KURL&, ResourceRequest::RedirectStatus) const;
|
| + void parse(const UChar* begin, const UChar* end);
|
| +
|
| + bool matches(const KURL&,
|
| + ResourceRequest::RedirectStatus =
|
| + ResourceRequest::RedirectStatus::NoRedirect) const;
|
| +
|
| + bool allows(const KURL&,
|
| + ResourceRequest::RedirectStatus =
|
| + ResourceRequest::RedirectStatus::NoRedirect) const;
|
| bool allowInline() const;
|
| bool allowEval() const;
|
| bool allowDynamic() const;
|
| @@ -37,7 +47,54 @@ class SourceListDirective final : public CSPDirective {
|
| uint8_t hashAlgorithmsUsed() const;
|
|
|
| private:
|
| - CSPSourceList m_sourceList;
|
| + bool parseSource(const UChar* begin,
|
| + const UChar* end,
|
| + String& scheme,
|
| + String& host,
|
| + int& port,
|
| + String& path,
|
| + CSPSource::WildcardDisposition&,
|
| + CSPSource::WildcardDisposition&);
|
| + bool parseScheme(const UChar* begin, const UChar* end, String& scheme);
|
| + bool parseHost(const UChar* begin,
|
| + const UChar* end,
|
| + String& host,
|
| + CSPSource::WildcardDisposition&);
|
| + bool parsePort(const UChar* begin,
|
| + const UChar* end,
|
| + int& port,
|
| + CSPSource::WildcardDisposition&);
|
| + bool parsePath(const UChar* begin, const UChar* end, String& path);
|
| + bool parseNonce(const UChar* begin, const UChar* end, String& nonce);
|
| + bool parseHash(const UChar* begin,
|
| + const UChar* end,
|
| + DigestValue& hash,
|
| + ContentSecurityPolicyHashAlgorithm&);
|
| +
|
| + void addSourceSelf();
|
| + void addSourceStar();
|
| + void addSourceUnsafeInline();
|
| + void addSourceUnsafeEval();
|
| + void addSourceStrictDynamic();
|
| + void addSourceUnsafeHashedAttributes();
|
| + void addSourceNonce(const String& nonce);
|
| + void addSourceHash(const ContentSecurityPolicyHashAlgorithm&,
|
| + const DigestValue& hash);
|
| +
|
| + bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const;
|
| +
|
| + Member<ContentSecurityPolicy> m_policy;
|
| + HeapVector<Member<CSPSource>> m_list;
|
| + String m_directiveName;
|
| + bool m_allowSelf;
|
| + bool m_allowStar;
|
| + bool m_allowInline;
|
| + bool m_allowEval;
|
| + bool m_allowDynamic;
|
| + bool m_allowHashedAttributes;
|
| + HashSet<String> m_nonces;
|
| + HashSet<CSPHashValue> m_hashes;
|
| + uint8_t m_hashAlgorithmsUsed;
|
| };
|
|
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2449873004:
Removing CSPSourceList level up to SourceListDirective. (Closed)
