| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 340 CSPDirectiveList::Create(this, begin, position, type, source); | 340 CSPDirectiveList::Create(this, begin, position, type, source); |
| 341 | 341 |
| 342 if (!policy->AllowEval( | 342 if (!policy->AllowEval( |
| 343 0, SecurityViolationReportingPolicy::kSuppressReporting) && | 343 0, SecurityViolationReportingPolicy::kSuppressReporting) && |
| 344 disable_eval_error_message_.IsNull()) | 344 disable_eval_error_message_.IsNull()) |
| 345 disable_eval_error_message_ = policy->EvalDisabledErrorMessage(); | 345 disable_eval_error_message_ = policy->EvalDisabledErrorMessage(); |
| 346 | 346 |
| 347 policies_.push_back(policy.Release()); | 347 policies_.push_back(policy.Release()); |
| 348 | 348 |
| 349 // Skip the comma, and begin the next header from the current position. | 349 // Skip the comma, and begin the next header from the current position. |
| 350 ASSERT(position == end || *position == ','); | 350 DCHECK(position == end || *position == ','); |
| 351 skipExactly<UChar>(position, end, ','); | 351 skipExactly<UChar>(position, end, ','); |
| 352 begin = position; | 352 begin = position; |
| 353 } | 353 } |
| 354 } | 354 } |
| 355 | 355 |
| 356 void ContentSecurityPolicy::ReportAccumulatedHeaders( | 356 void ContentSecurityPolicy::ReportAccumulatedHeaders( |
| 357 LocalFrameClient* client) const { | 357 LocalFrameClient* client) const { |
| 358 // Notify the embedder about headers that have accumulated before the | 358 // Notify the embedder about headers that have accumulated before the |
| 359 // navigation got committed. See comments in | 359 // navigation got committed. See comments in |
| 360 // addAndReportPolicyFromHeaderValue for more details and context. | 360 // addAndReportPolicyFromHeaderValue for more details and context. |
| (...skipping 806 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1167 const KURL& blocked_url, | 1167 const KURL& blocked_url, |
| 1168 const Vector<String>& report_endpoints, | 1168 const Vector<String>& report_endpoints, |
| 1169 const String& header, | 1169 const String& header, |
| 1170 ContentSecurityPolicyHeaderType header_type, | 1170 ContentSecurityPolicyHeaderType header_type, |
| 1171 ViolationType violation_type, | 1171 ViolationType violation_type, |
| 1172 std::unique_ptr<SourceLocation> source_location, | 1172 std::unique_ptr<SourceLocation> source_location, |
| 1173 LocalFrame* context_frame, | 1173 LocalFrame* context_frame, |
| 1174 RedirectStatus redirect_status, | 1174 RedirectStatus redirect_status, |
| 1175 Element* element, | 1175 Element* element, |
| 1176 const String& source) { | 1176 const String& source) { |
| 1177 ASSERT(violation_type == kURLViolation || blocked_url.IsEmpty()); | 1177 DCHECK(violation_type == kURLViolation || blocked_url.IsEmpty()); |
| 1178 | 1178 |
| 1179 // TODO(lukasza): Support sending reports from OOPIFs - | 1179 // TODO(lukasza): Support sending reports from OOPIFs - |
| 1180 // https://crbug.com/611232 (or move CSP child-src and frame-src checks to the | 1180 // https://crbug.com/611232 (or move CSP child-src and frame-src checks to the |
| 1181 // browser process - see https://crbug.com/376522). | 1181 // browser process - see https://crbug.com/376522). |
| 1182 if (!execution_context_ && !context_frame) { | 1182 if (!execution_context_ && !context_frame) { |
| 1183 DCHECK(effective_type == DirectiveType::kChildSrc || | 1183 DCHECK(effective_type == DirectiveType::kChildSrc || |
| 1184 effective_type == DirectiveType::kFrameSrc || | 1184 effective_type == DirectiveType::kFrameSrc || |
| 1185 effective_type == DirectiveType::kPluginTypes); | 1185 effective_type == DirectiveType::kPluginTypes); |
| 1186 return; | 1186 return; |
| 1187 } | 1187 } |
| (...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1466 "'. Non-whitespace characters outside ASCII 0x21-0x7E must " | 1466 "'. Non-whitespace characters outside ASCII 0x21-0x7E must " |
| 1467 "be percent-encoded, as described in RFC 3986, section 2.1: " | 1467 "be percent-encoded, as described in RFC 3986, section 2.1: " |
| 1468 "http://tools.ietf.org/html/rfc3986#section-2.1."; | 1468 "http://tools.ietf.org/html/rfc3986#section-2.1."; |
| 1469 LogToConsole(message); | 1469 LogToConsole(message); |
| 1470 } | 1470 } |
| 1471 | 1471 |
| 1472 void ContentSecurityPolicy::ReportInvalidPathCharacter( | 1472 void ContentSecurityPolicy::ReportInvalidPathCharacter( |
| 1473 const String& directive_name, | 1473 const String& directive_name, |
| 1474 const String& value, | 1474 const String& value, |
| 1475 const char invalid_char) { | 1475 const char invalid_char) { |
| 1476 ASSERT(invalid_char == '#' || invalid_char == '?'); | 1476 DCHECK(invalid_char == '#' || invalid_char == '?'); |
| 1477 | 1477 |
| 1478 String ignoring = | 1478 String ignoring = |
| 1479 "The fragment identifier, including the '#', will be ignored."; | 1479 "The fragment identifier, including the '#', will be ignored."; |
| 1480 if (invalid_char == '?') | 1480 if (invalid_char == '?') |
| 1481 ignoring = "The query component, including the '?', will be ignored."; | 1481 ignoring = "The query component, including the '?', will be ignored."; |
| 1482 String message = "The source list for Content Security Policy directive '" + | 1482 String message = "The source list for Content Security Policy directive '" + |
| 1483 directive_name + | 1483 directive_name + |
| 1484 "' contains a source with an invalid path: '" + value + | 1484 "' contains a source with an invalid path: '" + value + |
| 1485 "'. " + ignoring; | 1485 "'. " + ignoring; |
| 1486 LogToConsole(message); | 1486 LogToConsole(message); |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1703 if (SecurityOrigin::ShouldUseInnerURL(url)) { | 1703 if (SecurityOrigin::ShouldUseInnerURL(url)) { |
| 1704 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1704 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
| 1705 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); | 1705 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); |
| 1706 } else { | 1706 } else { |
| 1707 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1707 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
| 1708 url.Protocol(), area); | 1708 url.Protocol(), area); |
| 1709 } | 1709 } |
| 1710 } | 1710 } |
| 1711 | 1711 |
| 1712 } // namespace blink | 1712 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2891843004:
Replace remaining ASSERT with DCHECK|DCHECK_FOO in core/frame (Closed)
