OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 23 matching lines...) Expand all Loading... |
34 Vector<UChar> characters; | 34 Vector<UChar> characters; |
35 value.AppendTo(characters); | 35 value.AppendTo(characters); |
36 Parse(characters.Data(), characters.Data() + characters.size()); | 36 Parse(characters.Data(), characters.Data() + characters.size()); |
37 } | 37 } |
38 | 38 |
39 static bool IsSourceListNone(const UChar* begin, const UChar* end) { | 39 static bool IsSourceListNone(const UChar* begin, const UChar* end) { |
40 skipWhile<UChar, IsASCIISpace>(begin, end); | 40 skipWhile<UChar, IsASCIISpace>(begin, end); |
41 | 41 |
42 const UChar* position = begin; | 42 const UChar* position = begin; |
43 skipWhile<UChar, IsSourceCharacter>(position, end); | 43 skipWhile<UChar, IsSourceCharacter>(position, end); |
44 if (!EqualIgnoringCase("'none'", StringView(begin, position - begin))) | 44 if (!DeprecatedEqualIgnoringCase("'none'", |
| 45 StringView(begin, position - begin))) |
45 return false; | 46 return false; |
46 | 47 |
47 skipWhile<UChar, IsASCIISpace>(position, end); | 48 skipWhile<UChar, IsASCIISpace>(position, end); |
48 if (position != end) | 49 if (position != end) |
49 return false; | 50 return false; |
50 | 51 |
51 return true; | 52 return true; |
52 } | 53 } |
53 | 54 |
54 bool SourceListDirective::Allows( | 55 bool SourceListDirective::Allows( |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
171 String& host, | 172 String& host, |
172 int& port, | 173 int& port, |
173 String& path, | 174 String& path, |
174 CSPSource::WildcardDisposition& host_wildcard, | 175 CSPSource::WildcardDisposition& host_wildcard, |
175 CSPSource::WildcardDisposition& port_wildcard) { | 176 CSPSource::WildcardDisposition& port_wildcard) { |
176 if (begin == end) | 177 if (begin == end) |
177 return false; | 178 return false; |
178 | 179 |
179 StringView token(begin, end - begin); | 180 StringView token(begin, end - begin); |
180 | 181 |
181 if (EqualIgnoringCase("'none'", token)) | 182 if (DeprecatedEqualIgnoringCase("'none'", token)) |
182 return false; | 183 return false; |
183 | 184 |
184 if (end - begin == 1 && *begin == '*') { | 185 if (end - begin == 1 && *begin == '*') { |
185 AddSourceStar(); | 186 AddSourceStar(); |
186 return true; | 187 return true; |
187 } | 188 } |
188 | 189 |
189 if (EqualIgnoringCase("'self'", token)) { | 190 if (DeprecatedEqualIgnoringCase("'self'", token)) { |
190 AddSourceSelf(); | 191 AddSourceSelf(); |
191 return true; | 192 return true; |
192 } | 193 } |
193 | 194 |
194 if (EqualIgnoringCase("'unsafe-inline'", token)) { | 195 if (DeprecatedEqualIgnoringCase("'unsafe-inline'", token)) { |
195 AddSourceUnsafeInline(); | 196 AddSourceUnsafeInline(); |
196 return true; | 197 return true; |
197 } | 198 } |
198 | 199 |
199 if (EqualIgnoringCase("'unsafe-eval'", token)) { | 200 if (DeprecatedEqualIgnoringCase("'unsafe-eval'", token)) { |
200 AddSourceUnsafeEval(); | 201 AddSourceUnsafeEval(); |
201 return true; | 202 return true; |
202 } | 203 } |
203 | 204 |
204 if (EqualIgnoringCase("'strict-dynamic'", token)) { | 205 if (DeprecatedEqualIgnoringCase("'strict-dynamic'", token)) { |
205 AddSourceStrictDynamic(); | 206 AddSourceStrictDynamic(); |
206 return true; | 207 return true; |
207 } | 208 } |
208 | 209 |
209 if (EqualIgnoringCase("'unsafe-hashed-attributes'", token)) { | 210 if (DeprecatedEqualIgnoringCase("'unsafe-hashed-attributes'", token)) { |
210 AddSourceUnsafeHashedAttributes(); | 211 AddSourceUnsafeHashedAttributes(); |
211 return true; | 212 return true; |
212 } | 213 } |
213 | 214 |
214 if (EqualIgnoringCase("'report-sample'", token)) { | 215 if (DeprecatedEqualIgnoringCase("'report-sample'", token)) { |
215 AddReportSample(); | 216 AddReportSample(); |
216 return true; | 217 return true; |
217 } | 218 } |
218 | 219 |
219 String nonce; | 220 String nonce; |
220 if (!ParseNonce(begin, end, nonce)) | 221 if (!ParseNonce(begin, end, nonce)) |
221 return false; | 222 return false; |
222 | 223 |
223 if (!nonce.IsNull()) { | 224 if (!nonce.IsNull()) { |
224 AddSourceNonce(nonce); | 225 AddSourceNonce(nonce); |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
316 // nonce-value = 1*( ALPHA / DIGIT / "+" / "/" / "=" ) | 317 // nonce-value = 1*( ALPHA / DIGIT / "+" / "/" / "=" ) |
317 // | 318 // |
318 bool SourceListDirective::ParseNonce(const UChar* begin, | 319 bool SourceListDirective::ParseNonce(const UChar* begin, |
319 const UChar* end, | 320 const UChar* end, |
320 String& nonce) { | 321 String& nonce) { |
321 size_t nonce_length = end - begin; | 322 size_t nonce_length = end - begin; |
322 StringView prefix("'nonce-"); | 323 StringView prefix("'nonce-"); |
323 | 324 |
324 // TODO(esprehn): Should be StringView(begin, nonceLength).startsWith(prefix). | 325 // TODO(esprehn): Should be StringView(begin, nonceLength).startsWith(prefix). |
325 if (nonce_length <= prefix.length() || | 326 if (nonce_length <= prefix.length() || |
326 !EqualIgnoringCase(prefix, StringView(begin, prefix.length()))) | 327 !DeprecatedEqualIgnoringCase(prefix, StringView(begin, prefix.length()))) |
327 return true; | 328 return true; |
328 | 329 |
329 const UChar* position = begin + prefix.length(); | 330 const UChar* position = begin + prefix.length(); |
330 const UChar* nonce_begin = position; | 331 const UChar* nonce_begin = position; |
331 | 332 |
332 DCHECK(position < end); | 333 DCHECK(position < end); |
333 skipWhile<UChar, IsNonceCharacter>(position, end); | 334 skipWhile<UChar, IsNonceCharacter>(position, end); |
334 DCHECK(nonce_begin <= position); | 335 DCHECK(nonce_begin <= position); |
335 | 336 |
336 if (position + 1 != end || *position != '\'' || position == nonce_begin) | 337 if (position + 1 != end || *position != '\'' || position == nonce_begin) |
(...skipping 29 matching lines...) Expand all Loading... |
366 | 367 |
367 StringView prefix; | 368 StringView prefix; |
368 hash_algorithm = kContentSecurityPolicyHashAlgorithmNone; | 369 hash_algorithm = kContentSecurityPolicyHashAlgorithmNone; |
369 size_t hash_length = end - begin; | 370 size_t hash_length = end - begin; |
370 | 371 |
371 for (const auto& algorithm : kSupportedPrefixes) { | 372 for (const auto& algorithm : kSupportedPrefixes) { |
372 prefix = algorithm.prefix; | 373 prefix = algorithm.prefix; |
373 // TODO(esprehn): Should be StringView(begin, end - | 374 // TODO(esprehn): Should be StringView(begin, end - |
374 // begin).startsWith(prefix). | 375 // begin).startsWith(prefix). |
375 if (hash_length > prefix.length() && | 376 if (hash_length > prefix.length() && |
376 EqualIgnoringCase(prefix, StringView(begin, prefix.length()))) { | 377 DeprecatedEqualIgnoringCase(prefix, |
| 378 StringView(begin, prefix.length()))) { |
377 hash_algorithm = algorithm.type; | 379 hash_algorithm = algorithm.type; |
378 break; | 380 break; |
379 } | 381 } |
380 } | 382 } |
381 | 383 |
382 if (hash_algorithm == kContentSecurityPolicyHashAlgorithmNone) | 384 if (hash_algorithm == kContentSecurityPolicyHashAlgorithmNone) |
383 return true; | 385 return true; |
384 | 386 |
385 const UChar* position = begin + prefix.length(); | 387 const UChar* position = begin + prefix.length(); |
386 const UChar* hash_begin = position; | 388 const UChar* hash_begin = position; |
(...skipping 444 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
831 return normalized; | 833 return normalized; |
832 } | 834 } |
833 | 835 |
834 DEFINE_TRACE(SourceListDirective) { | 836 DEFINE_TRACE(SourceListDirective) { |
835 visitor->Trace(policy_); | 837 visitor->Trace(policy_); |
836 visitor->Trace(list_); | 838 visitor->Trace(list_); |
837 CSPDirective::Trace(visitor); | 839 CSPDirective::Trace(visitor); |
838 } | 840 } |
839 | 841 |
840 } // namespace blink | 842 } // namespace blink |
OLD | NEW |