third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp - Issue 2739203002: Initial Implementation of Iframe Attribute for Feature Policy (Part 3)

Side by Side Diff: third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp

Issue 2739203002: Initial Implementation of Iframe Attribute for Feature Policy (Part 3) (Closed)

Patch Set: Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h ('k') | third_party/WebKit/Source/platform/feature_policy/FeaturePolicyTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "platform/feature_policy/FeaturePolicy.h"	5 #include "platform/feature_policy/FeaturePolicy.h"

6	6

7 #include "platform/RuntimeEnabledFeatures.h"	7 #include "platform/RuntimeEnabledFeatures.h"

8 #include "platform/json/JSONValues.h"	8 #include "platform/json/JSONValues.h"

9 #include "platform/network/HTTPParsers.h"	9 #include "platform/network/HTTPParsers.h"

10 #include "platform/weborigin/SecurityOrigin.h"	10 #include "platform/weborigin/SecurityOrigin.h"

(...skipping 28 matching lines...) Expand all Loading...
39 if (feature == "sync-script")	39 if (feature == "sync-script")

40 return WebFeaturePolicyFeature::SyncScript;	40 return WebFeaturePolicyFeature::SyncScript;

41 if (feature == "sync-xhr")	41 if (feature == "sync-xhr")

42 return WebFeaturePolicyFeature::SyncXHR;	42 return WebFeaturePolicyFeature::SyncXHR;

43 if (feature == "webrtc")	43 if (feature == "webrtc")

44 return WebFeaturePolicyFeature::WebRTC;	44 return WebFeaturePolicyFeature::WebRTC;

45 }	45 }

46 return WebFeaturePolicyFeature::NotFound;	46 return WebFeaturePolicyFeature::NotFound;

47 }	47 }

48	48

49 WebParsedFeaturePolicyHeader parseFeaturePolicy(const String& policy,	49 WebParsedFeaturePolicy parseFeaturePolicy(const String& policy,

50 RefPtr<SecurityOrigin> origin,	50 RefPtr<SecurityOrigin> origin,

51 Vector<String>* messages) {	51 Vector<String>* messages) {

52 Vector<WebParsedFeaturePolicyDeclaration> whitelists;	52 Vector<WebParsedFeaturePolicyDeclaration> whitelists;

53	53

54 // Use a reasonable parse depth limit; the actual maximum depth is only going	54 // Use a reasonable parse depth limit; the actual maximum depth is only going

55 // to be 4 for a valid policy, but we'll give the featurePolicyParser a chance	55 // to be 4 for a valid policy, but we'll give the featurePolicyParser a chance

56 // to report more specific errors, unless the string is really invalid.	56 // to report more specific errors, unless the string is really invalid.

57 std::unique_ptr<JSONArray> policyItems = parseJSONHeader(policy, 50);	57 std::unique_ptr<JSONArray> policyItems = parseJSONHeader(policy, 50);

58 if (!policyItems) {	58 if (!policyItems) {

59 if (messages)	59 if (messages)

60 messages->push_back("Unable to parse header");	60 messages->push_back("Unable to parse header.");

61 return whitelists;	61 return whitelists;

62 }	62 }

63	63

64 for (size_t i = 0; i < policyItems->size(); ++i) {	64 for (size_t i = 0; i < policyItems->size(); ++i) {

65 JSONObject* item = JSONObject::cast(policyItems->at(i));	65 JSONObject* item = JSONObject::cast(policyItems->at(i));

66 if (!item) {	66 if (!item) {

67 if (messages)	67 if (messages)

68 messages->push_back("Policy is not an object");	68 messages->push_back("Policy is not an object.");

69 continue; // Array element is not an object; skip	69 continue; // Array element is not an object; skip

70 }	70 }

71	71

72 for (size_t j = 0; j < item->size(); ++j) {	72 for (size_t j = 0; j < item->size(); ++j) {

73 JSONObject::Entry entry = item->at(j);	73 JSONObject::Entry entry = item->at(j);

74 String featureName = entry.first;	74 WebFeaturePolicyFeature feature = getWebFeaturePolicyFeature(entry.first);

	75 if (feature == WebFeaturePolicyFeature::NotFound) {

	76 if (messages)

	77 messages->push_back("Feature name is unrecognized.");

	78 continue; // Unrecognized feature; skip

	79 }

75 JSONArray* targets = JSONArray::cast(entry.second);	80 JSONArray* targets = JSONArray::cast(entry.second);

76 if (!targets) {	81 if (!targets) {

77 if (messages)	82 if (messages)

78 messages->push_back("Whitelist is not an array of strings.");	83 messages->push_back("Whitelist is not an array of strings.");

79 continue;	84 continue;

80 }	85 }

81	86

82 WebParsedFeaturePolicyDeclaration whitelist;	87 WebParsedFeaturePolicyDeclaration whitelist;

83 whitelist.featureName = featureName;	88 whitelist.feature = feature;

84 Vector<WebSecurityOrigin> origins;	89 Vector<WebSecurityOrigin> origins;

85 String targetString;	90 String targetString;

86 for (size_t j = 0; j < targets->size(); ++j) {	91 for (size_t j = 0; j < targets->size(); ++j) {

87 if (targets->at(j)->asString(&targetString)) {	92 if (targets->at(j)->asString(&targetString)) {

88 if (equalIgnoringCase(targetString, "self")) {	93 if (equalIgnoringCase(targetString, "self")) {

89 if (!origin->isUnique())	94 if (!origin->isUnique())

90 origins.push_back(origin);	95 origins.push_back(origin);

91 } else if (targetString == "*") {	96 } else if (targetString == "*") {

92 whitelist.matchesAllOrigins = true;	97 whitelist.matchesAllOrigins = true;

93 } else {	98 } else {

94 WebSecurityOrigin targetOrigin =	99 WebSecurityOrigin targetOrigin =

95 WebSecurityOrigin::createFromString(targetString);	100 WebSecurityOrigin::createFromString(targetString);

96 if (!targetOrigin.isNull() && !targetOrigin.isUnique())	101 if (!targetOrigin.isNull() && !targetOrigin.isUnique())

97 origins.push_back(targetOrigin);	102 origins.push_back(targetOrigin);

98 }	103 }

99 } else {	104 } else {

100 if (messages)	105 if (messages)

101 messages->push_back("Whitelist is not an array of strings.");	106 messages->push_back("Whitelist is not an array of strings.");

102 }	107 }

103 }	108 }

104 whitelist.origins = origins;	109 whitelist.origins = origins;

105 whitelists.push_back(whitelist);	110 whitelists.push_back(whitelist);

106 }	111 }

107 }	112 }

108 return whitelists;	113 return whitelists;

109 }	114 }

110	115

	116 WebParsedFeaturePolicy getContainerPolicyFromAllowedFeatures(

	117 const WebVector<WebFeaturePolicyFeature>& features,
	iclelland 2017/03/15 15:47:18 In part 4, I think this method should also take a In part 4, I think this method should also take a couple of bools -- in order to handle the "allowfullscreen" and "allowpayment" attributes, which need to be treated differently than 'allow="..."', maybe we should pass them in here. If that's the case, can you add a TODO here, so that it's clear that that's what's going to happen?
	118 RefPtr<SecurityOrigin> origin) {

	119 Vector<WebParsedFeaturePolicyDeclaration> whitelists;

	120 for (const WebFeaturePolicyFeature feature : features) {

	121 WebParsedFeaturePolicyDeclaration whitelist;

	122 whitelist.feature = feature;

	123 whitelist.origins =

	124 Vector<WebSecurityOrigin>(static_cast<size_t>(1), {origin});

	125 whitelists.push_back(whitelist);

	126 }

	127 return whitelists;

	128 }

	129

111 } // namespace blink	130 } // namespace blink

OLD	NEW