Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Nit. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SourceListDirective_h 5 #ifndef SourceListDirective_h
6 #define SourceListDirective_h 6 #define SourceListDirective_h
7 7
8 #include "core/CoreExport.h" 8 #include "core/CoreExport.h"
9 #include "core/frame/csp/CSPDirective.h" 9 #include "core/frame/csp/CSPDirective.h"
10 #include "core/frame/csp/CSPSource.h" 10 #include "core/frame/csp/CSPSource.h"
11 #include "platform/Crypto.h" 11 #include "platform/Crypto.h"
12 #include "platform/network/ContentSecurityPolicyParsers.h" 12 #include "platform/network/ContentSecurityPolicyParsers.h"
13 #include "platform/network/ResourceRequest.h" 13 #include "platform/network/ResourceRequest.h"
14 #include "public/platform/WebContentSecurityPolicy.h"
14 #include "wtf/HashSet.h" 15 #include "wtf/HashSet.h"
15 #include "wtf/text/WTFString.h" 16 #include "wtf/text/WTFString.h"
16 17
17 namespace blink { 18 namespace blink {
18 19
19 class ContentSecurityPolicy; 20 class ContentSecurityPolicy;
20 class KURL; 21 class KURL;
21 22
22 class CORE_EXPORT SourceListDirective final : public CSPDirective { 23 class CORE_EXPORT SourceListDirective final : public CSPDirective {
23 WTF_MAKE_NONCOPYABLE(SourceListDirective); 24 WTF_MAKE_NONCOPYABLE(SourceListDirective);
(...skipping 21 matching lines...) Expand all
45 bool allowHashedAttributes() const; 46 bool allowHashedAttributes() const;
46 bool isNone() const; 47 bool isNone() const;
47 bool isHashOrNoncePresent() const; 48 bool isHashOrNoncePresent() const;
48 uint8_t hashAlgorithmsUsed() const; 49 uint8_t hashAlgorithmsUsed() const;
49 bool allowAllInline() const; 50 bool allowAllInline() const;
50 51
51 // The algorothm is described more extensively here: 52 // The algorothm is described more extensively here:
52 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list 53 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list
53 bool subsumes(const HeapVector<Member<SourceListDirective>>&) const; 54 bool subsumes(const HeapVector<Member<SourceListDirective>>&) const;
54 55
56 // Export a subset of the source list that can be checked outside of blink.
Mike West 2017/02/15 16:18:18 Again, I'd suggest making the link to navigational
57 // It contains every source-expressions, '*', 'none' and 'self'.
58 // It doesn't contain 'unsafe-inline' or 'unsafe-eval' for instance.
59 WebContentSecurityPolicySourceList expose() const;
Mike West 2017/02/15 16:18:18 Maybe we should rename these to something like `ex
arthursonzogni 2017/02/16 13:30:25 I agree. Done.
60 String directiveName() const { return m_directiveName; }
61
55 private: 62 private:
56 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); 63 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources);
57 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, 64 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest,
58 GetIntersectCSPSourcesSchemes); 65 GetIntersectCSPSourcesSchemes);
59 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectNonces); 66 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectNonces);
60 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectHashes); 67 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectHashes);
61 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetSources); 68 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetSources);
62 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, ParseHost); 69 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, ParseHost);
63 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); 70 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
64 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType); 71 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 bool m_allowDynamic; 129 bool m_allowDynamic;
123 bool m_allowHashedAttributes; 130 bool m_allowHashedAttributes;
124 HashSet<String> m_nonces; 131 HashSet<String> m_nonces;
125 HashSet<CSPHashValue> m_hashes; 132 HashSet<CSPHashValue> m_hashes;
126 uint8_t m_hashAlgorithmsUsed; 133 uint8_t m_hashAlgorithmsUsed;
127 }; 134 };
128 135
129 } // namespace blink 136 } // namespace blink
130 137
131 #endif 138 #endif
OLDNEW
« third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698