Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
index a432b5983f79678477b0590270dc188f71c4a5f1..cdd2d2475a022ce598a3272560aaff01caeac54a 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
@@ -5,8 +5,9 @@ |
#ifndef SourceListDirective_h |
#define SourceListDirective_h |
+#include "core/CoreExport.h" |
#include "core/frame/csp/CSPDirective.h" |
-#include "core/frame/csp/CSPSourceList.h" |
+#include "core/frame/csp/CSPSource.h" |
amalika
2016/10/26 12:04:53
CSPSourceList also included
#include "platform/Cr
|
#include "platform/network/ContentSecurityPolicyParsers.h" |
#include "platform/network/ResourceRequest.h" |
#include "wtf/HashSet.h" |
@@ -17,7 +18,7 @@ namespace blink { |
class ContentSecurityPolicy; |
class KURL; |
-class SourceListDirective final : public CSPDirective { |
+class CORE_EXPORT SourceListDirective final : public CSPDirective { |
WTF_MAKE_NONCOPYABLE(SourceListDirective); |
public: |
@@ -26,18 +27,73 @@ class SourceListDirective final : public CSPDirective { |
ContentSecurityPolicy*); |
DECLARE_TRACE(); |
- bool allows(const KURL&, ResourceRequest::RedirectStatus) const; |
+ void parse(const UChar* begin, const UChar* end); |
+ |
+ bool matches(const KURL&, |
+ ResourceRequest::RedirectStatus = |
+ ResourceRequest::RedirectStatus::NoRedirect) const; |
+ |
+ bool allows(const KURL&, |
+ ResourceRequest::RedirectStatus = |
+ ResourceRequest::RedirectStatus::NoRedirect) const; |
bool allowInline() const; |
bool allowEval() const; |
bool allowDynamic() const; |
- bool allowNonce(const String& nonce) const; |
+ bool allowNonce(String nonce) const; |
Mike West
2016/10/26 13:07:05
Why change this to a copy?
|
bool allowHash(const CSPHashValue&) const; |
bool allowHashedAttributes() const; |
bool isHashOrNoncePresent() const; |
uint8_t hashAlgorithmsUsed() const; |
private: |
- CSPSourceList m_sourceList; |
+ bool parseSource(const UChar* begin, |
+ const UChar* end, |
+ String& scheme, |
+ String& host, |
+ int& port, |
+ String& path, |
+ CSPSource::WildcardDisposition&, |
+ CSPSource::WildcardDisposition&); |
+ bool parseScheme(const UChar* begin, const UChar* end, String& scheme); |
+ bool parseHost(const UChar* begin, |
+ const UChar* end, |
+ String& host, |
+ CSPSource::WildcardDisposition&); |
+ bool parsePort(const UChar* begin, |
+ const UChar* end, |
+ int& port, |
+ CSPSource::WildcardDisposition&); |
+ bool parsePath(const UChar* begin, const UChar* end, String& path); |
+ bool parseNonce(const UChar* begin, const UChar* end, String& nonce); |
+ bool parseHash(const UChar* begin, |
+ const UChar* end, |
+ DigestValue& hash, |
+ ContentSecurityPolicyHashAlgorithm&); |
+ |
+ void addSourceSelf(); |
+ void addSourceStar(); |
+ void addSourceUnsafeInline(); |
+ void addSourceUnsafeEval(); |
+ void addSourceStrictDynamic(); |
+ void addSourceUnsafeHashedAttributes(); |
+ void addSourceNonce(const String& nonce); |
+ void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, |
+ const DigestValue& hash); |
+ |
+ bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; |
+ |
+ Member<ContentSecurityPolicy> m_policy; |
+ HeapVector<Member<CSPSource>> m_list; |
+ String m_directiveName; |
+ bool m_allowSelf; |
+ bool m_allowStar; |
+ bool m_allowInline; |
+ bool m_allowEval; |
+ bool m_allowDynamic; |
+ bool m_allowHashedAttributes; |
+ HashSet<String> m_nonces; |
+ HashSet<CSPHashValue> m_hashes; |
+ uint8_t m_hashAlgorithmsUsed; |
}; |
} // namespace blink |