Chromium Code Reviews Chromium Code Reviews
Issue 2487983003:
Part 2.3: Is policy list subsumed under subsuming policy? (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 557 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 568 | 568 |
| 569 return false; | 569 return false; |
| 570 } | 570 } |
| 571 | 571 |
| 572 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( | 572 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( |
| 573 HeapVector<Member<CSPSource>> otherVector) { | 573 HeapVector<Member<CSPSource>> otherVector) { |
| 574 HeapVector<Member<CSPSource>> normalized; | 574 HeapVector<Member<CSPSource>> normalized; |
| 575 for (const auto& aCspSource : m_list) { | 575 for (const auto& aCspSource : m_list) { |
| 576 Member<CSPSource> matchedCspSource(nullptr); | 576 Member<CSPSource> matchedCspSource(nullptr); |
| 577 for (const auto& bCspSource : otherVector) { | 577 for (const auto& bCspSource : otherVector) { |
| 578 if ((matchedCspSource = bCspSource->intersect(aCspSource))) | 578 if (aCspSource->isSchemeOnly() && bCspSource->isSchemeOnly()) { |
|
Mike West
2016/11/17 10:58:31
Nit: I guess I reviewed this earlier, but looking
| |
| 579 if (Member<CSPSource> intersection = | |
| 580 bCspSource->intersect(aCspSource)) { | |
| 581 matchedCspSource = intersection; | |
| 582 break; | |
| 583 } | |
| 584 } | |
| 585 if (bCspSource->subsumes(aCspSource)) { | |
|
amalika
2016/11/09 17:53:46
We always want to preserve the CSPSource we are cu
| |
| 586 matchedCspSource = aCspSource; | |
| 579 break; | 587 break; |
| 588 } | |
| 589 if (Member<CSPSource> intersection = bCspSource->intersect(aCspSource)) | |
| 590 matchedCspSource = intersection; | |
| 580 } | 591 } |
| 581 if (matchedCspSource) | 592 if (matchedCspSource) |
| 582 normalized.append(matchedCspSource); | 593 normalized.append(matchedCspSource); |
| 583 } | 594 } |
| 584 return normalized; | 595 return normalized; |
| 585 } | 596 } |
| 586 | 597 |
| 587 DEFINE_TRACE(SourceListDirective) { | 598 DEFINE_TRACE(SourceListDirective) { |
| 588 visitor->trace(m_policy); | 599 visitor->trace(m_policy); |
| 589 visitor->trace(m_list); | 600 visitor->trace(m_list); |
| 590 CSPDirective::trace(visitor); | 601 CSPDirective::trace(visitor); |
| 591 } | 602 } |
| 592 | 603 |
| 593 } // namespace blink | 604 } // namespace blink |
| OLD | NEW |
