| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/loader/HttpEquiv.h" | 5 #include "core/loader/HttpEquiv.h" |
| 6 | 6 |
| 7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
| 8 #include "core/dom/ScriptableDocumentParser.h" | 8 #include "core/dom/ScriptableDocumentParser.h" |
| 9 #include "core/dom/StyleEngine.h" | 9 #include "core/dom/StyleEngine.h" |
| 10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 namespace blink { | 23 namespace blink { |
| 24 | 24 |
| 25 void HttpEquiv::process(Document& document, | 25 void HttpEquiv::process(Document& document, |
| 26 const AtomicString& equiv, | 26 const AtomicString& equiv, |
| 27 const AtomicString& content, | 27 const AtomicString& content, |
| 28 bool inDocumentHeadElement, | 28 bool inDocumentHeadElement, |
| 29 Element* element) { | 29 Element* element) { |
| 30 DCHECK(!equiv.isNull()); | 30 DCHECK(!equiv.isNull()); |
| 31 DCHECK(!content.isNull()); | 31 DCHECK(!content.isNull()); |
| 32 | 32 |
| 33 if (equalIgnoringCase(equiv, "default-style")) { | 33 if (equalIgnoringASCIICase(equiv, "default-style")) { |
| 34 processHttpEquivDefaultStyle(document, content); | 34 processHttpEquivDefaultStyle(document, content); |
| 35 } else if (equalIgnoringCase(equiv, "refresh")) { | 35 } else if (equalIgnoringASCIICase(equiv, "refresh")) { |
| 36 processHttpEquivRefresh(document, content, element); | 36 processHttpEquivRefresh(document, content, element); |
| 37 } else if (equalIgnoringCase(equiv, "set-cookie")) { | 37 } else if (equalIgnoringASCIICase(equiv, "set-cookie")) { |
| 38 processHttpEquivSetCookie(document, content, element); | 38 processHttpEquivSetCookie(document, content, element); |
| 39 } else if (equalIgnoringCase(equiv, "content-language")) { | 39 } else if (equalIgnoringASCIICase(equiv, "content-language")) { |
| 40 document.setContentLanguage(content); | 40 document.setContentLanguage(content); |
| 41 } else if (equalIgnoringCase(equiv, "x-dns-prefetch-control")) { | 41 } else if (equalIgnoringASCIICase(equiv, "x-dns-prefetch-control")) { |
| 42 document.parseDNSPrefetchControlHeader(content); | 42 document.parseDNSPrefetchControlHeader(content); |
| 43 } else if (equalIgnoringCase(equiv, "x-frame-options")) { | 43 } else if (equalIgnoringASCIICase(equiv, "x-frame-options")) { |
| 44 document.addConsoleMessage(ConsoleMessage::create( | 44 document.addConsoleMessage(ConsoleMessage::create( |
| 45 SecurityMessageSource, ErrorMessageLevel, | 45 SecurityMessageSource, ErrorMessageLevel, |
| 46 "X-Frame-Options may only be set via an HTTP header sent along with a " | 46 "X-Frame-Options may only be set via an HTTP header sent along with a " |
| 47 "document. It may not be set inside <meta>.")); | 47 "document. It may not be set inside <meta>.")); |
| 48 } else if (equalIgnoringCase(equiv, "accept-ch")) { | 48 } else if (equalIgnoringASCIICase(equiv, "accept-ch")) { |
| 49 processHttpEquivAcceptCH(document, content); | 49 processHttpEquivAcceptCH(document, content); |
| 50 } else if (equalIgnoringCase(equiv, "content-security-policy") || | 50 } else if (equalIgnoringASCIICase(equiv, "content-security-policy") || |
| 51 equalIgnoringCase(equiv, "content-security-policy-report-only")) { | 51 equalIgnoringASCIICase(equiv, "content-security-policy-report-only"
)) { |
| 52 if (inDocumentHeadElement) | 52 if (inDocumentHeadElement) |
| 53 processHttpEquivContentSecurityPolicy(document, equiv, content); | 53 processHttpEquivContentSecurityPolicy(document, equiv, content); |
| 54 else | 54 else |
| 55 document.contentSecurityPolicy()->reportMetaOutsideHead(content); | 55 document.contentSecurityPolicy()->reportMetaOutsideHead(content); |
| 56 } else if (equalIgnoringCase(equiv, "suborigin")) { | 56 } else if (equalIgnoringASCIICase(equiv, "suborigin")) { |
| 57 document.addConsoleMessage(ConsoleMessage::create( | 57 document.addConsoleMessage(ConsoleMessage::create( |
| 58 SecurityMessageSource, ErrorMessageLevel, | 58 SecurityMessageSource, ErrorMessageLevel, |
| 59 "Error with Suborigin header: Suborigin header with value '" + content + | 59 "Error with Suborigin header: Suborigin header with value '" + content + |
| 60 "' was delivered via a <meta> element and not an HTTP header, " | 60 "' was delivered via a <meta> element and not an HTTP header, " |
| 61 "which is disallowed. The Suborigin has been ignored.")); | 61 "which is disallowed. The Suborigin has been ignored.")); |
| 62 } else if (equalIgnoringCase(equiv, HTTPNames::Origin_Trial)) { | 62 } else if (equalIgnoringASCIICase(equiv, HTTPNames::Origin_Trial)) { |
| 63 if (inDocumentHeadElement) | 63 if (inDocumentHeadElement) |
| 64 OriginTrialContext::from(&document)->addToken(content); | 64 OriginTrialContext::from(&document)->addToken(content); |
| 65 } | 65 } |
| 66 } | 66 } |
| 67 | 67 |
| 68 void HttpEquiv::processHttpEquivContentSecurityPolicy( | 68 void HttpEquiv::processHttpEquivContentSecurityPolicy( |
| 69 Document& document, | 69 Document& document, |
| 70 const AtomicString& equiv, | 70 const AtomicString& equiv, |
| 71 const AtomicString& content) { | 71 const AtomicString& content) { |
| 72 if (document.importLoader()) | 72 if (document.importLoader()) |
| 73 return; | 73 return; |
| 74 if (equalIgnoringCase(equiv, "content-security-policy")) { | 74 if (equalIgnoringASCIICase(equiv, "content-security-policy")) { |
| 75 document.contentSecurityPolicy()->didReceiveHeader( | 75 document.contentSecurityPolicy()->didReceiveHeader( |
| 76 content, ContentSecurityPolicyHeaderTypeEnforce, | 76 content, ContentSecurityPolicyHeaderTypeEnforce, |
| 77 ContentSecurityPolicyHeaderSourceMeta); | 77 ContentSecurityPolicyHeaderSourceMeta); |
| 78 } else if (equalIgnoringCase(equiv, "content-security-policy-report-only")) { | 78 } else if (equalIgnoringASCIICase(equiv, "content-security-policy-report-only"
)) { |
| 79 document.contentSecurityPolicy()->didReceiveHeader( | 79 document.contentSecurityPolicy()->didReceiveHeader( |
| 80 content, ContentSecurityPolicyHeaderTypeReport, | 80 content, ContentSecurityPolicyHeaderTypeReport, |
| 81 ContentSecurityPolicyHeaderSourceMeta); | 81 ContentSecurityPolicyHeaderSourceMeta); |
| 82 } else { | 82 } else { |
| 83 NOTREACHED(); | 83 NOTREACHED(); |
| 84 } | 84 } |
| 85 } | 85 } |
| 86 | 86 |
| 87 void HttpEquiv::processHttpEquivAcceptCH(Document& document, | 87 void HttpEquiv::processHttpEquivAcceptCH(Document& document, |
| 88 const AtomicString& content) { | 88 const AtomicString& content) { |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 SecurityViolationReportingPolicy::SuppressReporting)) { | 128 SecurityViolationReportingPolicy::SuppressReporting)) { |
| 129 UseCounter::count(document, | 129 UseCounter::count(document, |
| 130 UseCounter::MetaSetCookieWhenCSPBlocksInlineScript); | 130 UseCounter::MetaSetCookieWhenCSPBlocksInlineScript); |
| 131 } | 131 } |
| 132 | 132 |
| 133 // Exception (for sandboxed documents) ignored. | 133 // Exception (for sandboxed documents) ignored. |
| 134 document.setCookie(content, IGNORE_EXCEPTION_FOR_TESTING); | 134 document.setCookie(content, IGNORE_EXCEPTION_FOR_TESTING); |
| 135 } | 135 } |
| 136 | 136 |
| 137 } // namespace blink | 137 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2690703002:
Use equalIgnoringASCIICase in HttpEquiv. (Closed)
