Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2784753003: CSP: Enable whitelisting of external JavaScript via hashes (Closed)
Patch Set: remove duplicate test Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-sri_hash.sub.html.sub.headers ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "core/frame/csp/MediaListDirective.h" 9 #include "core/frame/csp/MediaListDirective.h"
10 #include "core/frame/csp/SourceListDirective.h" 10 #include "core/frame/csp/SourceListDirective.h"
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
71 SecurityViolationReportingPolicy, 71 SecurityViolationReportingPolicy,
72 ContentSecurityPolicy::ExceptionStatus = 72 ContentSecurityPolicy::ExceptionStatus =
73 ContentSecurityPolicy::WillNotThrowException) const; 73 ContentSecurityPolicy::WillNotThrowException) const;
74 bool allowPluginType(const String& type, 74 bool allowPluginType(const String& type,
75 const String& typeAttribute, 75 const String& typeAttribute,
76 const KURL&, 76 const KURL&,
77 SecurityViolationReportingPolicy) const; 77 SecurityViolationReportingPolicy) const;
78 78
79 bool allowScriptFromSource(const KURL&, 79 bool allowScriptFromSource(const KURL&,
80 const String& nonce, 80 const String& nonce,
81 const IntegrityMetadataSet& hashes,
81 ParserDisposition, 82 ParserDisposition,
82 ResourceRequest::RedirectStatus, 83 ResourceRequest::RedirectStatus,
83 SecurityViolationReportingPolicy) const; 84 SecurityViolationReportingPolicy) const;
84 bool allowStyleFromSource(const KURL&, 85 bool allowStyleFromSource(const KURL&,
85 const String& nonce, 86 const String& nonce,
86 ResourceRequest::RedirectStatus, 87 ResourceRequest::RedirectStatus,
87 SecurityViolationReportingPolicy) const; 88 SecurityViolationReportingPolicy) const;
88 89
89 bool allowObjectFromSource(const KURL&, 90 bool allowObjectFromSource(const KURL&,
90 ResourceRequest::RedirectStatus, 91 ResourceRequest::RedirectStatus,
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
234 const String& directiveText, 235 const String& directiveText,
235 const ContentSecurityPolicy::DirectiveType&, 236 const ContentSecurityPolicy::DirectiveType&,
236 const String& message, 237 const String& message,
237 const KURL& blockedURL, 238 const KURL& blockedURL,
238 ScriptState*, 239 ScriptState*,
239 const ContentSecurityPolicy::ExceptionStatus) const; 240 const ContentSecurityPolicy::ExceptionStatus) const;
240 241
241 bool checkEval(SourceListDirective*) const; 242 bool checkEval(SourceListDirective*) const;
242 bool checkDynamic(SourceListDirective*) const; 243 bool checkDynamic(SourceListDirective*) const;
243 bool isMatchingNoncePresent(SourceListDirective*, const String&) const; 244 bool isMatchingNoncePresent(SourceListDirective*, const String&) const;
245 bool areAllMatchingHashesPresent(SourceListDirective*,
246 const IntegrityMetadataSet&) const;
244 bool checkHash(SourceListDirective*, const CSPHashValue&) const; 247 bool checkHash(SourceListDirective*, const CSPHashValue&) const;
245 bool checkHashedAttributes(SourceListDirective*) const; 248 bool checkHashedAttributes(SourceListDirective*) const;
246 bool checkSource(SourceListDirective*, 249 bool checkSource(SourceListDirective*,
247 const KURL&, 250 const KURL&,
248 ResourceRequest::RedirectStatus) const; 251 ResourceRequest::RedirectStatus) const;
249 bool checkMediaType(MediaListDirective*, 252 bool checkMediaType(MediaListDirective*,
250 const String& type, 253 const String& type,
251 const String& typeAttribute) const; 254 const String& typeAttribute) const;
252 bool checkAncestors(SourceListDirective*, LocalFrame*) const; 255 bool checkAncestors(SourceListDirective*, LocalFrame*) const;
253 bool checkRequestWithoutIntegrity(WebURLRequest::RequestContext) const; 256 bool checkRequestWithoutIntegrity(WebURLRequest::RequestContext) const;
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
334 uint8_t m_requireSRIFor; 337 uint8_t m_requireSRIFor;
335 338
336 Vector<String> m_reportEndpoints; 339 Vector<String> m_reportEndpoints;
337 340
338 String m_evalDisabledErrorMessage; 341 String m_evalDisabledErrorMessage;
339 }; 342 };
340 343
341 } // namespace blink 344 } // namespace blink
342 345
343 #endif 346 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-sri_hash.sub.html.sub.headers ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698