| OLD | NEW |
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 43 | 43 |
| 44 class ContentSecurityPolicyResponseHeaders; | 44 class ContentSecurityPolicyResponseHeaders; |
| 45 class CSPDirectiveList; | 45 class CSPDirectiveList; |
| 46 class DOMStringList; | 46 class DOMStringList; |
| 47 class JSONObject; | 47 class JSONObject; |
| 48 class KURL; | 48 class KURL; |
| 49 class ScriptExecutionContext; | 49 class ScriptExecutionContext; |
| 50 class SecurityOrigin; | 50 class SecurityOrigin; |
| 51 | 51 |
| 52 typedef int SandboxFlags; | 52 typedef int SandboxFlags; |
| 53 typedef String SuboriginFlags; |
| 53 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; | 54 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; |
| 54 | 55 |
| 55 class ContentSecurityPolicy { | 56 class ContentSecurityPolicy { |
| 56 WTF_MAKE_FAST_ALLOCATED; | 57 WTF_MAKE_FAST_ALLOCATED; |
| 57 public: | 58 public: |
| 58 static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scri
ptExecutionContext) | 59 static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scri
ptExecutionContext) |
| 59 { | 60 { |
| 60 return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext)); | 61 return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext)); |
| 61 } | 62 } |
| 62 ~ContentSecurityPolicy(); | 63 ~ContentSecurityPolicy(); |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 110 bool isActive() const; | 111 bool isActive() const; |
| 111 void gatherReportURIs(DOMStringList&) const; | 112 void gatherReportURIs(DOMStringList&) const; |
| 112 | 113 |
| 113 void reportDirectiveAsSourceExpression(const String& directiveName, const St
ring& sourceExpression) const; | 114 void reportDirectiveAsSourceExpression(const String& directiveName, const St
ring& sourceExpression) const; |
| 114 void reportDuplicateDirective(const String&) const; | 115 void reportDuplicateDirective(const String&) const; |
| 115 void reportInvalidDirectiveValueCharacter(const String& directiveName, const
String& value) const; | 116 void reportInvalidDirectiveValueCharacter(const String& directiveName, const
String& value) const; |
| 116 void reportInvalidPathCharacter(const String& directiveName, const String& v
alue, const char) const; | 117 void reportInvalidPathCharacter(const String& directiveName, const String& v
alue, const char) const; |
| 117 void reportInvalidNonce(const String&) const; | 118 void reportInvalidNonce(const String&) const; |
| 118 void reportInvalidPluginTypes(const String&) const; | 119 void reportInvalidPluginTypes(const String&) const; |
| 119 void reportInvalidSandboxFlags(const String&) const; | 120 void reportInvalidSandboxFlags(const String&) const; |
| 121 void reportInvalidSuboriginFlags(const String&) const; |
| 120 void reportInvalidSourceExpression(const String& directiveName, const String
& source) const; | 122 void reportInvalidSourceExpression(const String& directiveName, const String
& source) const; |
| 121 void reportInvalidReflectedXSS(const String&) const; | 123 void reportInvalidReflectedXSS(const String&) const; |
| 122 void reportMissingReportURI(const String&) const; | 124 void reportMissingReportURI(const String&) const; |
| 123 void reportUnsupportedDirective(const String&) const; | 125 void reportUnsupportedDirective(const String&) const; |
| 124 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>
& reportURIs, const String& header); | 126 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>
& reportURIs, const String& header); |
| 125 | 127 |
| 126 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; | 128 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; |
| 127 | 129 |
| 128 const KURL& url() const; | 130 const KURL& url() const; |
| 129 KURL completeURL(const String&) const; | 131 KURL completeURL(const String&) const; |
| 130 SecurityOrigin* securityOrigin() const; | 132 SecurityOrigin* securityOrigin() const; |
| 131 void enforceSandboxFlags(SandboxFlags) const; | 133 void enforceSandboxFlags(SandboxFlags) const; |
| 134 void enforceSuboriginFlags(SuboriginFlags) const; |
| 132 String evalDisabledErrorMessage() const; | 135 String evalDisabledErrorMessage() const; |
| 133 | 136 |
| 134 bool experimentalFeaturesEnabled() const; | 137 bool experimentalFeaturesEnabled() const; |
| 135 | 138 |
| 136 static bool shouldBypassMainWorld(ScriptExecutionContext*); | 139 static bool shouldBypassMainWorld(ScriptExecutionContext*); |
| 137 | 140 |
| 138 ScriptExecutionContext* scriptExecutionContext() { return m_scriptExecutionC
ontext; } | 141 ScriptExecutionContext* scriptExecutionContext() { return m_scriptExecutionC
ontext; } |
| 139 | 142 |
| 140 private: | 143 private: |
| 141 explicit ContentSecurityPolicy(ScriptExecutionContext*); | 144 explicit ContentSecurityPolicy(ScriptExecutionContext*); |
| 142 | 145 |
| 143 void logToConsole(const String& message) const; | 146 void logToConsole(const String& message) const; |
| 144 void addPolicyFromHeaderValue(const String&, HeaderType); | 147 void addPolicyFromHeaderValue(const String&, HeaderType); |
| 145 | 148 |
| 146 bool shouldSendViolationReport(const String&) const; | 149 bool shouldSendViolationReport(const String&) const; |
| 147 void didSendViolationReport(const String&); | 150 void didSendViolationReport(const String&); |
| 148 | 151 |
| 149 ScriptExecutionContext* m_scriptExecutionContext; | 152 ScriptExecutionContext* m_scriptExecutionContext; |
| 150 bool m_overrideInlineStyleAllowed; | 153 bool m_overrideInlineStyleAllowed; |
| 151 CSPDirectiveListVector m_policies; | 154 CSPDirectiveListVector m_policies; |
| 152 | 155 |
| 153 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 156 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
| 154 }; | 157 }; |
| 155 | 158 |
| 156 } | 159 } |
| 157 | 160 |
| 158 #endif | 161 #endif |
| OLD | NEW |