Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(643)

Side by Side Diff: Source/core/page/ContentSecurityPolicy.h

Issue 27073003: CSP Suborigins Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 43
44 class ContentSecurityPolicyResponseHeaders; 44 class ContentSecurityPolicyResponseHeaders;
45 class CSPDirectiveList; 45 class CSPDirectiveList;
46 class DOMStringList; 46 class DOMStringList;
47 class JSONObject; 47 class JSONObject;
48 class KURL; 48 class KURL;
49 class ScriptExecutionContext; 49 class ScriptExecutionContext;
50 class SecurityOrigin; 50 class SecurityOrigin;
51 51
52 typedef int SandboxFlags; 52 typedef int SandboxFlags;
53 typedef String SuboriginFlags;
53 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; 54 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
54 55
55 class ContentSecurityPolicy { 56 class ContentSecurityPolicy {
56 WTF_MAKE_FAST_ALLOCATED; 57 WTF_MAKE_FAST_ALLOCATED;
57 public: 58 public:
58 static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scri ptExecutionContext) 59 static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scri ptExecutionContext)
59 { 60 {
60 return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext)); 61 return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext));
61 } 62 }
62 ~ContentSecurityPolicy(); 63 ~ContentSecurityPolicy();
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
110 bool isActive() const; 111 bool isActive() const;
111 void gatherReportURIs(DOMStringList&) const; 112 void gatherReportURIs(DOMStringList&) const;
112 113
113 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression) const; 114 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression) const;
114 void reportDuplicateDirective(const String&) const; 115 void reportDuplicateDirective(const String&) const;
115 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const; 116 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const;
116 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char) const; 117 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char) const;
117 void reportInvalidNonce(const String&) const; 118 void reportInvalidNonce(const String&) const;
118 void reportInvalidPluginTypes(const String&) const; 119 void reportInvalidPluginTypes(const String&) const;
119 void reportInvalidSandboxFlags(const String&) const; 120 void reportInvalidSandboxFlags(const String&) const;
121 void reportInvalidSuboriginFlags(const String&) const;
120 void reportInvalidSourceExpression(const String& directiveName, const String & source) const; 122 void reportInvalidSourceExpression(const String& directiveName, const String & source) const;
121 void reportInvalidReflectedXSS(const String&) const; 123 void reportInvalidReflectedXSS(const String&) const;
122 void reportMissingReportURI(const String&) const; 124 void reportMissingReportURI(const String&) const;
123 void reportUnsupportedDirective(const String&) const; 125 void reportUnsupportedDirective(const String&) const;
124 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header); 126 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header);
125 127
126 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; 128 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst;
127 129
128 const KURL& url() const; 130 const KURL& url() const;
129 KURL completeURL(const String&) const; 131 KURL completeURL(const String&) const;
130 SecurityOrigin* securityOrigin() const; 132 SecurityOrigin* securityOrigin() const;
131 void enforceSandboxFlags(SandboxFlags) const; 133 void enforceSandboxFlags(SandboxFlags) const;
134 void enforceSuboriginFlags(SuboriginFlags) const;
132 String evalDisabledErrorMessage() const; 135 String evalDisabledErrorMessage() const;
133 136
134 bool experimentalFeaturesEnabled() const; 137 bool experimentalFeaturesEnabled() const;
135 138
136 static bool shouldBypassMainWorld(ScriptExecutionContext*); 139 static bool shouldBypassMainWorld(ScriptExecutionContext*);
137 140
138 ScriptExecutionContext* scriptExecutionContext() { return m_scriptExecutionC ontext; } 141 ScriptExecutionContext* scriptExecutionContext() { return m_scriptExecutionC ontext; }
139 142
140 private: 143 private:
141 explicit ContentSecurityPolicy(ScriptExecutionContext*); 144 explicit ContentSecurityPolicy(ScriptExecutionContext*);
142 145
143 void logToConsole(const String& message) const; 146 void logToConsole(const String& message) const;
144 void addPolicyFromHeaderValue(const String&, HeaderType); 147 void addPolicyFromHeaderValue(const String&, HeaderType);
145 148
146 bool shouldSendViolationReport(const String&) const; 149 bool shouldSendViolationReport(const String&) const;
147 void didSendViolationReport(const String&); 150 void didSendViolationReport(const String&);
148 151
149 ScriptExecutionContext* m_scriptExecutionContext; 152 ScriptExecutionContext* m_scriptExecutionContext;
150 bool m_overrideInlineStyleAllowed; 153 bool m_overrideInlineStyleAllowed;
151 CSPDirectiveListVector m_policies; 154 CSPDirectiveListVector m_policies;
152 155
153 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; 156 HashSet<unsigned, AlreadyHashed> m_violationReportsSent;
154 }; 157 };
155 158
156 } 159 }
157 160
158 #endif 161 #endif
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698