third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h - Issue 2896833002: Added validation of the policy specified in the 'csp' attribute

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2896833002: Added validation of the policy specified in the 'csp' attribute (Closed)

Patch Set: Fixed issue with the renaming of the embedding-csp header Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CSPDirectiveList_h	5 #ifndef CSPDirectiveList_h

6 #define CSPDirectiveList_h	6 #define CSPDirectiveList_h

7	7

8 #include "core/frame/csp/ContentSecurityPolicy.h"	8 #include "core/frame/csp/ContentSecurityPolicy.h"

9 #include "core/frame/csp/MediaListDirective.h"	9 #include "core/frame/csp/MediaListDirective.h"

10 #include "core/frame/csp/SourceListDirective.h"	10 #include "core/frame/csp/SourceListDirective.h"

(...skipping 21 matching lines...) Expand all Loading...
32	32

33 public:	33 public:

34 static CSPDirectiveList* Create(ContentSecurityPolicy*,	34 static CSPDirectiveList* Create(ContentSecurityPolicy*,

35 const UChar* begin,	35 const UChar* begin,

36 const UChar* end,	36 const UChar* end,

37 ContentSecurityPolicyHeaderType,	37 ContentSecurityPolicyHeaderType,

38 ContentSecurityPolicyHeaderSource);	38 ContentSecurityPolicyHeaderSource);

39	39

40 void Parse(const UChar* begin, const UChar* end);	40 void Parse(const UChar* begin, const UChar* end);

41	41

	42 static bool IsValid(const UChar* begin, const UChar* end);

	43 static bool IsValid(const String& directive_list);

	44

42 const String& Header() const { return header_; }	45 const String& Header() const { return header_; }

43 ContentSecurityPolicyHeaderType HeaderType() const { return header_type_; }	46 ContentSecurityPolicyHeaderType HeaderType() const { return header_type_; }

44 ContentSecurityPolicyHeaderSource HeaderSource() const {	47 ContentSecurityPolicyHeaderSource HeaderSource() const {

45 return header_source_;	48 return header_source_;

46 }	49 }

47	50

48 bool AllowJavaScriptURLs(Element*,	51 bool AllowJavaScriptURLs(Element*,

49 const String& source,	52 const String& source,

50 const String& context_url,	53 const String& context_url,

51 const WTF::OrdinalNumber& context_line,	54 const WTF::OrdinalNumber& context_line,

(...skipping 133 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
185 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);	188 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);

186 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);	189 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);

187 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);	190 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);

188	191

189 enum RequireSRIForToken { kNone = 0, kScript = 1 << 0, kStyle = 1 << 1 };	192 enum RequireSRIForToken { kNone = 0, kScript = 1 << 0, kStyle = 1 << 1 };

190	193

191 CSPDirectiveList(ContentSecurityPolicy*,	194 CSPDirectiveList(ContentSecurityPolicy*,

192 ContentSecurityPolicyHeaderType,	195 ContentSecurityPolicyHeaderType,

193 ContentSecurityPolicyHeaderSource);	196 ContentSecurityPolicyHeaderSource);

194	197

195 bool ParseDirective(const UChar* begin,	198 static bool ParseDirective(const UChar* begin,

196 const UChar* end,	199 const UChar* end,

197 String& name,	200 String& name,

198 String& value);	201 String& value,

	202 ContentSecurityPolicy*);

199 void ParseRequireSRIFor(const String& name, const String& value);	203 void ParseRequireSRIFor(const String& name, const String& value);

200 void ParseReportURI(const String& name, const String& value);	204 void ParseReportURI(const String& name, const String& value);

201 void ParsePluginTypes(const String& name, const String& value);	205 void ParsePluginTypes(const String& name, const String& value);

202 void AddDirective(const String& name, const String& value);	206 void AddDirective(const String& name, const String& value);

203 void ApplySandboxPolicy(const String& name, const String& sandbox_policy);	207 void ApplySandboxPolicy(const String& name, const String& sandbox_policy);

204 void EnforceStrictMixedContentChecking(const String& name,	208 void EnforceStrictMixedContentChecking(const String& name,

205 const String& value);	209 const String& value);

206 void EnableInsecureRequestsUpgrade(const String& name, const String& value);	210 void EnableInsecureRequestsUpgrade(const String& name, const String& value);

207 void TreatAsPublicAddress(const String& name, const String& value);	211 void TreatAsPublicAddress(const String& name, const String& value);

208	212

(...skipping 129 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
338 uint8_t require_sri_for_;	342 uint8_t require_sri_for_;

339	343

340 Vector<String> report_endpoints_;	344 Vector<String> report_endpoints_;

341	345

342 String eval_disabled_error_message_;	346 String eval_disabled_error_message_;

343 };	347 };

344	348

345 } // namespace blink	349 } // namespace blink

346	350

347 #endif	351 #endif

OLD	NEW