| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "platform/feature_policy/FeaturePolicy.h" | 5 #include "platform/feature_policy/FeaturePolicy.h" |
| 6 | 6 |
| 7 #include "platform/json/JSONValues.h" | 7 #include "platform/json/JSONValues.h" |
| 8 #include "platform/network/HTTPParsers.h" | 8 #include "platform/network/HTTPParsers.h" |
| 9 #include "platform/weborigin/KURL.h" | 9 #include "platform/weborigin/KURL.h" |
| 10 #include "platform/weborigin/SecurityOrigin.h" | 10 #include "platform/weborigin/SecurityOrigin.h" |
| (...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 191 std::unique_ptr<FeaturePolicy> FeaturePolicy::createFromParentPolicy( | 191 std::unique_ptr<FeaturePolicy> FeaturePolicy::createFromParentPolicy( |
| 192 const FeaturePolicy* parent, | 192 const FeaturePolicy* parent, |
| 193 RefPtr<SecurityOrigin> currentOrigin) { | 193 RefPtr<SecurityOrigin> currentOrigin) { |
| 194 return createFromParentPolicy(parent, std::move(currentOrigin), | 194 return createFromParentPolicy(parent, std::move(currentOrigin), |
| 195 getDefaultFeatureList()); | 195 getDefaultFeatureList()); |
| 196 } | 196 } |
| 197 | 197 |
| 198 void FeaturePolicy::setHeaderPolicy(const String& policy, | 198 void FeaturePolicy::setHeaderPolicy(const String& policy, |
| 199 Vector<String>* messages) { | 199 Vector<String>* messages) { |
| 200 DCHECK(m_headerWhitelists.isEmpty()); | 200 DCHECK(m_headerWhitelists.isEmpty()); |
| 201 std::unique_ptr<JSONArray> policyJSON = parseJSONHeader(policy); | 201 // Use a reasonable parse depth limit; the actual maximum depth is only going |
| 202 // to be 4 for a valid policy, but we'll give the featurePolicyParser a chance |
| 203 // to report more specific errors, unless the string is really invalid. |
| 204 std::unique_ptr<JSONArray> policyJSON = parseJSONHeader(policy, 50); |
| 202 if (!policyJSON) { | 205 if (!policyJSON) { |
| 203 if (messages) | 206 if (messages) |
| 204 messages->append("Unable to parse header"); | 207 messages->append("Unable to parse header"); |
| 205 return; | 208 return; |
| 206 } | 209 } |
| 207 m_headerWhitelists = parseFeaturePolicyFromJson( | 210 m_headerWhitelists = parseFeaturePolicyFromJson( |
| 208 std::move(policyJSON), m_origin, m_features, messages); | 211 std::move(policyJSON), m_origin, m_features, messages); |
| 209 } | 212 } |
| 210 | 213 |
| 211 bool FeaturePolicy::isFeatureEnabledForOrigin( | 214 bool FeaturePolicy::isFeatureEnabledForOrigin( |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 255 sb.append(" "); | 258 sb.append(" "); |
| 256 sb.append(whitelist.key->featureName); | 259 sb.append(whitelist.key->featureName); |
| 257 sb.append(": "); | 260 sb.append(": "); |
| 258 sb.append(whitelist.value->toString()); | 261 sb.append(whitelist.value->toString()); |
| 259 sb.append("\n"); | 262 sb.append("\n"); |
| 260 } | 263 } |
| 261 return sb.toString(); | 264 return sb.toString(); |
| 262 } | 265 } |
| 263 | 266 |
| 264 } // namespace blink | 267 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2520403002:
Add a configurable parse-depth limit when parsing JFV headers, and use it for Feature-Policy Header (Closed)
