Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
index 425680c9acde18c6058bbd4ef227ece2f08a5c86..97d2e698c1c68bbdc536a11ae11a5f44ae4b667a 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
@@ -11,6 +11,7 @@ |
#include "platform/Crypto.h" |
#include "platform/network/ContentSecurityPolicyParsers.h" |
#include "platform/network/ResourceRequest.h" |
+#include "public/platform/WebContentSecurityPolicy.h" |
#include "wtf/HashSet.h" |
#include "wtf/text/WTFString.h" |
@@ -52,6 +53,12 @@ class CORE_EXPORT SourceListDirective final : public CSPDirective { |
// https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list |
bool subsumes(const HeapVector<Member<SourceListDirective>>&) const; |
+ // Export a subset of the source list that can be checked outside of blink. |
Mike West
2017/02/15 16:18:18
Again, I'd suggest making the link to navigational
|
+ // It contains every source-expressions, '*', 'none' and 'self'. |
+ // It doesn't contain 'unsafe-inline' or 'unsafe-eval' for instance. |
+ WebContentSecurityPolicySourceList expose() const; |
Mike West
2017/02/15 16:18:18
Maybe we should rename these to something like `ex
arthursonzogni
2017/02/16 13:30:25
I agree. Done.
|
+ String directiveName() const { return m_directiveName; } |
+ |
private: |
FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); |
FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, |