OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2000 Simon Hausmann (hausmann@kde.org) | 4 * (C) 2000 Simon Hausmann (hausmann@kde.org) |
5 * (C) 2001 Dirk Mueller (mueller@kde.org) | 5 * (C) 2001 Dirk Mueller (mueller@kde.org) |
6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. | 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. |
7 * Copyright (C) 2009 Ericsson AB. All rights reserved. | 7 * Copyright (C) 2009 Ericsson AB. All rights reserved. |
8 * | 8 * |
9 * This library is free software; you can redistribute it and/or | 9 * This library is free software; you can redistribute it and/or |
10 * modify it under the terms of the GNU Library General Public | 10 * modify it under the terms of the GNU Library General Public |
11 * License as published by the Free Software Foundation; either | 11 * License as published by the Free Software Foundation; either |
12 * version 2 of the License, or (at your option) any later version. | 12 * version 2 of the License, or (at your option) any later version. |
13 * | 13 * |
14 * This library is distributed in the hope that it will be useful, | 14 * This library is distributed in the hope that it will be useful, |
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 * Library General Public License for more details. | 17 * Library General Public License for more details. |
18 * | 18 * |
19 * You should have received a copy of the GNU Library General Public License | 19 * You should have received a copy of the GNU Library General Public License |
20 * along with this library; see the file COPYING.LIB. If not, write to | 20 * along with this library; see the file COPYING.LIB. If not, write to |
21 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | 21 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
22 * Boston, MA 02110-1301, USA. | 22 * Boston, MA 02110-1301, USA. |
23 */ | 23 */ |
24 | 24 |
25 #include "core/html/HTMLIFrameElement.h" | 25 #include "core/html/HTMLIFrameElement.h" |
26 | 26 |
27 #include "core/CSSPropertyNames.h" | 27 #include "core/CSSPropertyNames.h" |
28 #include "core/HTMLNames.h" | 28 #include "core/HTMLNames.h" |
29 #include "core/frame/UseCounter.h" | 29 #include "core/frame/UseCounter.h" |
| 30 #include "core/frame/csp/ContentSecurityPolicy.h" |
30 #include "core/html/HTMLDocument.h" | 31 #include "core/html/HTMLDocument.h" |
31 #include "core/inspector/ConsoleMessage.h" | 32 #include "core/inspector/ConsoleMessage.h" |
32 #include "core/layout/LayoutIFrame.h" | 33 #include "core/layout/LayoutIFrame.h" |
33 #include "platform/RuntimeEnabledFeatures.h" | 34 #include "platform/RuntimeEnabledFeatures.h" |
34 | 35 |
35 namespace blink { | 36 namespace blink { |
36 | 37 |
37 using namespace HTMLNames; | 38 using namespace HTMLNames; |
38 | 39 |
39 inline HTMLIFrameElement::HTMLIFrameElement(Document& document) | 40 inline HTMLIFrameElement::HTMLIFrameElement(Document& document) |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 } | 161 } |
161 } else if (name == allowpaymentrequestAttr) { | 162 } else if (name == allowpaymentrequestAttr) { |
162 bool old_allow_payment_request = allow_payment_request_; | 163 bool old_allow_payment_request = allow_payment_request_; |
163 allow_payment_request_ = !value.IsNull(); | 164 allow_payment_request_ = !value.IsNull(); |
164 if (allow_payment_request_ != old_allow_payment_request) { | 165 if (allow_payment_request_ != old_allow_payment_request) { |
165 FrameOwnerPropertiesChanged(); | 166 FrameOwnerPropertiesChanged(); |
166 UpdateContainerPolicy(); | 167 UpdateContainerPolicy(); |
167 } | 168 } |
168 } else if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && | 169 } else if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && |
169 name == cspAttr) { | 170 name == cspAttr) { |
170 // TODO(amalika): add more robust validation of the value | 171 if (!ContentSecurityPolicy::IsValidCSPAttr(value.GetString())) { |
171 if (!value.GetString().ContainsOnlyASCII()) { | |
172 csp_ = g_null_atom; | 172 csp_ = g_null_atom; |
173 GetDocument().AddConsoleMessage(ConsoleMessage::Create( | 173 GetDocument().AddConsoleMessage(ConsoleMessage::Create( |
174 kOtherMessageSource, kErrorMessageLevel, | 174 kOtherMessageSource, kErrorMessageLevel, |
175 "'csp' attribute contains non-ASCII characters: " + value)); | 175 "'csp' attribute is not a valid policy: " + value)); |
176 return; | 176 return; |
177 } | 177 } |
178 AtomicString old_csp = csp_; | 178 AtomicString old_csp = csp_; |
179 csp_ = value; | 179 csp_ = value; |
180 if (csp_ != old_csp) | 180 if (csp_ != old_csp) |
181 FrameOwnerPropertiesChanged(); | 181 FrameOwnerPropertiesChanged(); |
182 } else if (RuntimeEnabledFeatures::featurePolicyEnabled() && | 182 } else if (RuntimeEnabledFeatures::featurePolicyEnabled() && |
183 name == allowAttr) { | 183 name == allowAttr) { |
184 allow_->DidUpdateAttributeValue(params.old_value, value); | 184 allow_->DidUpdateAttributeValue(params.old_value, value); |
185 String invalid_tokens; | 185 String invalid_tokens; |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
225 | 225 |
226 bool HTMLIFrameElement::IsInteractiveContent() const { | 226 bool HTMLIFrameElement::IsInteractiveContent() const { |
227 return true; | 227 return true; |
228 } | 228 } |
229 | 229 |
230 ReferrerPolicy HTMLIFrameElement::ReferrerPolicyAttribute() { | 230 ReferrerPolicy HTMLIFrameElement::ReferrerPolicyAttribute() { |
231 return referrer_policy_; | 231 return referrer_policy_; |
232 } | 232 } |
233 | 233 |
234 } // namespace blink | 234 } // namespace blink |
OLD | NEW |