Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(385)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2497543003: ContentSecurityPolicy: avoid defining static String singletons. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 3450842fac3544204dfeca9de285b948907f0f3b..3743a013e4cc5b1c7cdc6fbe62b638cbcd155d78 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -145,8 +145,8 @@ bool ContentSecurityPolicy::isNonceableElement(const Element* element) {
//
// See http://blog.innerht.ml/csp-2015/#danglingmarkupinjection for an example
// of the kind of attack this is aimed at mitigating.
- DEFINE_STATIC_LOCAL(AtomicString, scriptString, ("<script"));
- DEFINE_STATIC_LOCAL(AtomicString, styleString, ("<style"));
+ static const char scriptString[] = "<script";
+ static const char styleString[] = "<style";
for (const Attribute& attr : element->attributes()) {
AtomicString name = attr.localName().lowerASCII();
AtomicString value = attr.value().lowerASCII();
@@ -1306,23 +1306,21 @@ void ContentSecurityPolicy::reportInvalidDirectiveInMeta(
}
void ContentSecurityPolicy::reportUnsupportedDirective(const String& name) {
- DEFINE_STATIC_LOCAL(String, allow, ("allow"));
- DEFINE_STATIC_LOCAL(String, options, ("options"));
- DEFINE_STATIC_LOCAL(String, policyURI, ("policy-uri"));
- DEFINE_STATIC_LOCAL(
- String, allowMessage,
- ("The 'allow' directive has been replaced with 'default-src'. Please use "
- "that directive instead, as 'allow' has no effect."));
- DEFINE_STATIC_LOCAL(
- String, optionsMessage,
- ("The 'options' directive has been replaced with 'unsafe-inline' and "
- "'unsafe-eval' source expressions for the 'script-src' and 'style-src' "
- "directives. Please use those directives instead, as 'options' has no "
- "effect."));
- DEFINE_STATIC_LOCAL(String, policyURIMessage,
- ("The 'policy-uri' directive has been removed from the "
- "specification. Please specify a complete policy via "
- "the Content-Security-Policy header."));
+ static const char allow[] = "allow";
+ static const char options[] = "options";
+ static const char policyURI[] = "policy-uri";
+ static const char allowMessage[] =
+ "The 'allow' directive has been replaced with 'default-src'. Please use "
+ "that directive instead, as 'allow' has no effect.";
+ static const char optionsMessage[] =
+ "The 'options' directive has been replaced with 'unsafe-inline' and "
+ "'unsafe-eval' source expressions for the 'script-src' and 'style-src' "
+ "directives. Please use those directives instead, as 'options' has no "
+ "effect.";
+ static const char policyURIMessage[] =
+ "The 'policy-uri' directive has been removed from the "
+ "specification. Please specify a complete policy via "
+ "the Content-Security-Policy header.";
String message =
"Unrecognized Content-Security-Policy directive '" + name + "'.\n";
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698