OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2010 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2010 Apple Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 333 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
344 | 344 |
345 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy( | 345 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy( |
346 const String& scheme, | 346 const String& scheme, |
347 PolicyAreas policyAreas) { | 347 PolicyAreas policyAreas) { |
348 ASSERT(policyAreas != PolicyAreaNone); | 348 ASSERT(policyAreas != PolicyAreaNone); |
349 if (scheme.isEmpty() || policyAreas == PolicyAreaNone) | 349 if (scheme.isEmpty() || policyAreas == PolicyAreaNone) |
350 return false; | 350 return false; |
351 | 351 |
352 // get() returns 0 (PolicyAreaNone) if there is no entry in the map. | 352 // get() returns 0 (PolicyAreaNone) if there is no entry in the map. |
353 // Thus by default, schemes do not bypass CSP. | 353 // Thus by default, schemes do not bypass CSP. |
354 return (getURLSchemesRegistry().contentSecurityPolicyBypassingSchemes.get( | 354 const auto& schemes = |
355 scheme) & | 355 getURLSchemesRegistry().contentSecurityPolicyBypassingSchemes; |
356 policyAreas) == policyAreas; | 356 auto it = schemes.find(scheme); |
| 357 PolicyAreas allowedPolicyAreas = |
| 358 (it == schemes.end() ? PolicyAreaNone : it->value); |
| 359 return !(policyAreas & ~allowedPolicyAreas); |
357 } | 360 } |
358 | 361 |
359 void SchemeRegistry::registerURLSchemeBypassingSecureContextCheck( | 362 void SchemeRegistry::registerURLSchemeBypassingSecureContextCheck( |
360 const String& scheme) { | 363 const String& scheme) { |
361 DCHECK_EQ(scheme, scheme.lower()); | 364 DCHECK_EQ(scheme, scheme.lower()); |
362 getMutableURLSchemesRegistry().secureContextBypassingSchemes.insert(scheme); | 365 getMutableURLSchemesRegistry().secureContextBypassingSchemes.insert(scheme); |
363 } | 366 } |
364 | 367 |
365 bool SchemeRegistry::schemeShouldBypassSecureContextCheck( | 368 bool SchemeRegistry::schemeShouldBypassSecureContextCheck( |
366 const String& scheme) { | 369 const String& scheme) { |
367 if (scheme.isEmpty()) | 370 if (scheme.isEmpty()) |
368 return false; | 371 return false; |
369 DCHECK_EQ(scheme, scheme.lower()); | 372 DCHECK_EQ(scheme, scheme.lower()); |
370 return getURLSchemesRegistry().secureContextBypassingSchemes.contains(scheme); | 373 return getURLSchemesRegistry().secureContextBypassingSchemes.contains(scheme); |
371 } | 374 } |
372 | 375 |
373 } // namespace blink | 376 } // namespace blink |
OLD | NEW |