Chromium Code Reviews Chromium Code Reviews
Issue 27073003:
CSP Suborigins
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All Rights Reserved. | 2 * Copyright (C) 2011 Google Inc. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 48 SandboxTopNavigation = 1 << 5, | 48 SandboxTopNavigation = 1 << 5, |
| 49 SandboxPopups = 1 << 6, // See https://www.w3.org/Bugs/Public/show_bug.cgi?i d=12393 | 49 SandboxPopups = 1 << 6, // See https://www.w3.org/Bugs/Public/show_bug.cgi?i d=12393 |
| 50 SandboxAutomaticFeatures = 1 << 7, | 50 SandboxAutomaticFeatures = 1 << 7, |
| 51 SandboxSeamlessIframes = 1 << 8, | 51 SandboxSeamlessIframes = 1 << 8, |
| 52 SandboxPointerLock = 1 << 9, | 52 SandboxPointerLock = 1 << 9, |
| 53 SandboxAll = -1 // Mask with all bits set to 1. | 53 SandboxAll = -1 // Mask with all bits set to 1. |
| 54 }; | 54 }; |
| 55 | 55 |
| 56 typedef int SandboxFlags; | 56 typedef int SandboxFlags; |
| 57 | 57 |
| 58 typedef String SuboriginFlags; | |
|
abarth-chromium
2013/10/13 05:14:50
We don't usually create typedefs for Strings. If
| |
| 59 | |
| 58 class SecurityContext { | 60 class SecurityContext { |
| 59 public: | 61 public: |
| 60 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } | 62 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } |
| 61 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } | 63 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } |
| 62 ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPol icy.get(); } | 64 ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPol icy.get(); } |
| 63 | 65 |
| 64 bool isSecureTransitionTo(const KURL&) const; | 66 bool isSecureTransitionTo(const KURL&) const; |
| 65 | 67 |
| 66 void enforceSandboxFlags(SandboxFlags mask); | 68 void enforceSandboxFlags(SandboxFlags mask); |
| 69 void enforceSuboriginFlags(const SuboriginFlags& mask); | |
| 67 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } | 70 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } |
| 68 | 71 |
| 69 // Explicitly override the security origin for this security context. | 72 // Explicitly override the security origin for this security context. |
| 70 // Note: It is dangerous to change the security origin of a script context | 73 // Note: It is dangerous to change the security origin of a script context |
| 71 // that already contains content. | 74 // that already contains content. |
| 72 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); | 75 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); |
| 73 | 76 |
| 74 static SandboxFlags parseSandboxPolicy(const String& policy, String& invalid TokensErrorMessage); | 77 static SandboxFlags parseSandboxPolicy(const String& policy, String& invalid TokensErrorMessage); |
| 75 | 78 |
| 79 static SuboriginFlags parseSuboriginPolicy(const String& policy, String& inv alidTokensErrorMessage); | |
| 80 | |
| 76 protected: | 81 protected: |
| 77 SecurityContext(); | 82 SecurityContext(); |
| 78 virtual ~SecurityContext(); | 83 virtual ~SecurityContext(); |
| 79 | 84 |
| 80 virtual void didUpdateSecurityOrigin(); | 85 virtual void didUpdateSecurityOrigin(); |
| 81 | 86 |
| 82 void setContentSecurityPolicy(PassOwnPtr<ContentSecurityPolicy>); | 87 void setContentSecurityPolicy(PassOwnPtr<ContentSecurityPolicy>); |
| 83 | 88 |
| 84 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } | 89 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } |
| 85 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; } | 90 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; } |
| 86 | 91 |
| 87 // Set in Document::initSecurityContext() at Document creation, per: | 92 // Set in Document::initSecurityContext() at Document creation, per: |
| 88 // http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-seamless | 93 // http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-seamless |
| 89 bool m_mayDisplaySeamlesslyWithParent; | 94 bool m_mayDisplaySeamlesslyWithParent; |
| 90 | 95 |
| 91 private: | 96 private: |
| 92 bool m_haveInitializedSecurityOrigin; | 97 bool m_haveInitializedSecurityOrigin; |
| 93 SandboxFlags m_sandboxFlags; | 98 SandboxFlags m_sandboxFlags; |
| 94 RefPtr<SecurityOrigin> m_securityOrigin; | 99 RefPtr<SecurityOrigin> m_securityOrigin; |
| 95 OwnPtr<ContentSecurityPolicy> m_contentSecurityPolicy; | 100 OwnPtr<ContentSecurityPolicy> m_contentSecurityPolicy; |
| 96 }; | 101 }; |
| 97 | 102 |
| 98 } // namespace WebCore | 103 } // namespace WebCore |
| 99 | 104 |
| 100 #endif // SecurityContext_h | 105 #endif // SecurityContext_h |
| OLD | NEW |
