Chromium Code Reviews Chromium Code Reviews
Issue 2449873004:
Removing CSPSourceList level up to SourceListDirective. (Closed)
| Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
| diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
| index a432b5983f79678477b0590270dc188f71c4a5f1..cdd2d2475a022ce598a3272560aaff01caeac54a 100644 |
| --- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
| +++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
| @@ -5,8 +5,9 @@ |
| #ifndef SourceListDirective_h |
| #define SourceListDirective_h |
| +#include "core/CoreExport.h" |
| #include "core/frame/csp/CSPDirective.h" |
| -#include "core/frame/csp/CSPSourceList.h" |
| +#include "core/frame/csp/CSPSource.h" |
|
amalika
2016/10/26 12:04:53
CSPSourceList also included
#include "platform/Cr
|
| #include "platform/network/ContentSecurityPolicyParsers.h" |
| #include "platform/network/ResourceRequest.h" |
| #include "wtf/HashSet.h" |
| @@ -17,7 +18,7 @@ namespace blink { |
| class ContentSecurityPolicy; |
| class KURL; |
| -class SourceListDirective final : public CSPDirective { |
| +class CORE_EXPORT SourceListDirective final : public CSPDirective { |
| WTF_MAKE_NONCOPYABLE(SourceListDirective); |
| public: |
| @@ -26,18 +27,73 @@ class SourceListDirective final : public CSPDirective { |
| ContentSecurityPolicy*); |
| DECLARE_TRACE(); |
| - bool allows(const KURL&, ResourceRequest::RedirectStatus) const; |
| + void parse(const UChar* begin, const UChar* end); |
| + |
| + bool matches(const KURL&, |
| + ResourceRequest::RedirectStatus = |
| + ResourceRequest::RedirectStatus::NoRedirect) const; |
| + |
| + bool allows(const KURL&, |
| + ResourceRequest::RedirectStatus = |
| + ResourceRequest::RedirectStatus::NoRedirect) const; |
| bool allowInline() const; |
| bool allowEval() const; |
| bool allowDynamic() const; |
| - bool allowNonce(const String& nonce) const; |
| + bool allowNonce(String nonce) const; |
|
Mike West
2016/10/26 13:07:05
Why change this to a copy?
|
| bool allowHash(const CSPHashValue&) const; |
| bool allowHashedAttributes() const; |
| bool isHashOrNoncePresent() const; |
| uint8_t hashAlgorithmsUsed() const; |
| private: |
| - CSPSourceList m_sourceList; |
| + bool parseSource(const UChar* begin, |
| + const UChar* end, |
| + String& scheme, |
| + String& host, |
| + int& port, |
| + String& path, |
| + CSPSource::WildcardDisposition&, |
| + CSPSource::WildcardDisposition&); |
| + bool parseScheme(const UChar* begin, const UChar* end, String& scheme); |
| + bool parseHost(const UChar* begin, |
| + const UChar* end, |
| + String& host, |
| + CSPSource::WildcardDisposition&); |
| + bool parsePort(const UChar* begin, |
| + const UChar* end, |
| + int& port, |
| + CSPSource::WildcardDisposition&); |
| + bool parsePath(const UChar* begin, const UChar* end, String& path); |
| + bool parseNonce(const UChar* begin, const UChar* end, String& nonce); |
| + bool parseHash(const UChar* begin, |
| + const UChar* end, |
| + DigestValue& hash, |
| + ContentSecurityPolicyHashAlgorithm&); |
| + |
| + void addSourceSelf(); |
| + void addSourceStar(); |
| + void addSourceUnsafeInline(); |
| + void addSourceUnsafeEval(); |
| + void addSourceStrictDynamic(); |
| + void addSourceUnsafeHashedAttributes(); |
| + void addSourceNonce(const String& nonce); |
| + void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, |
| + const DigestValue& hash); |
| + |
| + bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; |
| + |
| + Member<ContentSecurityPolicy> m_policy; |
| + HeapVector<Member<CSPSource>> m_list; |
| + String m_directiveName; |
| + bool m_allowSelf; |
| + bool m_allowStar; |
| + bool m_allowInline; |
| + bool m_allowEval; |
| + bool m_allowDynamic; |
| + bool m_allowHashedAttributes; |
| + HashSet<String> m_nonces; |
| + HashSet<CSPHashValue> m_hashes; |
| + uint8_t m_hashAlgorithmsUsed; |
| }; |
| } // namespace blink |
