| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 414 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 425 // This method checks if if this policy subsumes a given policy. | 425 // This method checks if if this policy subsumes a given policy. |
| 426 // Note the correct result is guaranteed if this policy contains only one | 426 // Note the correct result is guaranteed if this policy contains only one |
| 427 // CSPDirectiveList. More information here: | 427 // CSPDirectiveList. More information here: |
| 428 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy | 428 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy |
| 429 bool Subsumes(const ContentSecurityPolicy&) const; | 429 bool Subsumes(const ContentSecurityPolicy&) const; |
| 430 | 430 |
| 431 Document* GetDocument() const; | 431 Document* GetDocument() const; |
| 432 | 432 |
| 433 bool HasHeaderDeliveredPolicy() const { return header_delivered_; } | 433 bool HasHeaderDeliveredPolicy() const { return header_delivered_; } |
| 434 | 434 |
| 435 static bool IsValidCSPAttr(const String& attr); |
| 436 |
| 435 private: | 437 private: |
| 436 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); | 438 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); |
| 437 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); | 439 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); |
| 438 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy); | 440 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy); |
| 439 FRIEND_TEST_ALL_PREFIXES(BaseFetchContextTest, | 441 FRIEND_TEST_ALL_PREFIXES(BaseFetchContextTest, |
| 440 RedirectChecksReportedAndEnforcedCSP); | 442 RedirectChecksReportedAndEnforcedCSP); |
| 441 FRIEND_TEST_ALL_PREFIXES(BaseFetchContextTest, | 443 FRIEND_TEST_ALL_PREFIXES(BaseFetchContextTest, |
| 442 AllowResponseChecksReportedAndEnforcedCSP); | 444 AllowResponseChecksReportedAndEnforcedCSP); |
| 443 FRIEND_TEST_ALL_PREFIXES(FrameFetchContextTest, | 445 FRIEND_TEST_ALL_PREFIXES(FrameFetchContextTest, |
| 444 PopulateResourceRequestChecksReportOnlyCSP); | 446 PopulateResourceRequestChecksReportOnlyCSP); |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 483 String disable_eval_error_message_; | 485 String disable_eval_error_message_; |
| 484 WebInsecureRequestPolicy insecure_request_policy_; | 486 WebInsecureRequestPolicy insecure_request_policy_; |
| 485 | 487 |
| 486 Member<CSPSource> self_source_; | 488 Member<CSPSource> self_source_; |
| 487 String self_protocol_; | 489 String self_protocol_; |
| 488 }; | 490 }; |
| 489 | 491 |
| 490 } // namespace blink | 492 } // namespace blink |
| 491 | 493 |
| 492 #endif | 494 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2896833002:
Added validation of the policy specified in the 'csp' attribute (Closed)
