Index: Source/core/frame/ContentSecurityPolicy.h |
diff --git a/Source/core/frame/ContentSecurityPolicy.h b/Source/core/frame/ContentSecurityPolicy.h |
index 927d8532c99f13ba35368860272d0a835995e651..568f035a6d73613817dfc1fa586fc6dd89753419 100644 |
--- a/Source/core/frame/ContentSecurityPolicy.h |
+++ b/Source/core/frame/ContentSecurityPolicy.h |
@@ -75,6 +75,12 @@ public: |
SuppressReport |
}; |
+ enum HashFunctions { |
+ HashFunctionsNone = 0x0, |
+ HashFunctionsSha1 = 0x1, |
+ HashFunctionsSha256 = 0x2 |
+ }; |
+ |
void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); |
void didReceiveHeader(const String&, HeaderType); |
@@ -102,6 +108,9 @@ public: |
bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const; |
bool allowScriptNonce(const String& nonce) const; |
bool allowStyleNonce(const String& nonce) const; |
+ bool allowScriptHash(const String& source) const; |
+ |
+ void usesScriptHashFunction(HashFunctions); |
Mike West
2013/10/21 07:11:55
This can probably be private.
jww
2013/10/21 19:18:04
See responses below.
|
ReflectedXSSDisposition reflectedXSSDisposition() const; |
@@ -114,7 +123,6 @@ public: |
void reportDuplicateDirective(const String&) const; |
void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const; |
void reportInvalidPathCharacter(const String& directiveName, const String& value, const char) const; |
- void reportInvalidNonce(const String&) const; |
void reportInvalidPluginTypes(const String&) const; |
void reportInvalidSandboxFlags(const String&) const; |
void reportInvalidSourceExpression(const String& directiveName, const String& source) const; |
@@ -151,6 +159,8 @@ private: |
CSPDirectiveListVector m_policies; |
HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
+ |
+ uint8_t m_sourceHashFunctionsUsed; |
Mike West
2013/10/21 07:11:55
It surprises me that this is on the policy object,
jww
2013/10/21 19:18:04
I believe you answered this in your later comments
|
}; |
} |