Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
index 15c4761398dfd996f85385ff139212bbd6e84611..fc4297a5368f7c09abde5eee3c87d00590078fc0 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
@@ -957,7 +957,7 @@ void CSPDirectiveList::Parse(const UChar* begin, const UChar* end) { |
skipUntil<UChar>(position, end, ';'); |
String name, value; |
- if (ParseDirective(directive_begin, position, name, value)) { |
+ if (ParseDirective(directive_begin, position, name, value, policy_)) { |
DCHECK(!name.IsEmpty()); |
AddDirective(name, value); |
} |
@@ -967,14 +967,52 @@ void CSPDirectiveList::Parse(const UChar* begin, const UChar* end) { |
} |
} |
+// static |
+bool CSPDirectiveList::IsValid(const String& directive_list) { |
+ Vector<UChar> characters; |
+ directive_list.AppendTo(characters); |
+ const UChar* begin = characters.data(); |
+ const UChar* end = begin + characters.size(); |
+ |
+ return IsValid(begin, end); |
+} |
+ |
+// static |
+bool CSPDirectiveList::IsValid(const UChar* begin, const UChar* end) { |
+ if (begin == end) |
+ return false; |
+ |
+ String name, value; |
+ const UChar* position = begin; |
+ while (position < end) { |
+ const UChar* directive_begin = position; |
+ skipUntil<UChar>(position, end, ';'); |
+ |
+ name = value = ""; |
Mike West
2017/05/23 19:21:36
I don't think you actually need two strings. Somet
andypaicu
2017/05/26 14:41:09
I've modified this whole bit.
|
+ if (!ParseDirective(directive_begin, position, name, value, nullptr)) |
Mike West
2017/05/23 19:21:36
This is doing to dump console messages that probab
andypaicu
2017/05/26 14:41:09
I've modified this whole bit.
|
+ return false; |
+ |
+ if (ContentSecurityPolicy::GetDirectiveType(name) == |
+ ContentSecurityPolicy::DirectiveType::kUndefined) |
Mike West
2017/05/23 19:21:36
Style nit: {} after multi-line conditionals.
andypaicu
2017/05/26 14:41:09
I've modified this whole bit.
|
+ return false; |
+ |
+ DCHECK(position == end || *position == ';'); |
+ skipExactly<UChar>(position, end, ';'); |
+ } |
+ |
+ return true; |
+} |
+ |
// directive = *WSP [ directive-name [ WSP directive-value ] ] |
// directive-name = 1*( ALPHA / DIGIT / "-" ) |
// directive-value = *( WSP / <VCHAR except ";"> ) |
-// |
+ |
+// static |
bool CSPDirectiveList::ParseDirective(const UChar* begin, |
const UChar* end, |
String& name, |
- String& value) { |
+ String& value, |
+ ContentSecurityPolicy* policy) { |
DCHECK(name.IsEmpty()); |
DCHECK(value.IsEmpty()); |
@@ -991,8 +1029,10 @@ bool CSPDirectiveList::ParseDirective(const UChar* begin, |
// The directive-name must be non-empty. |
if (name_begin == position) { |
skipWhile<UChar, IsNotASCIISpace>(position, end); |
- policy_->ReportUnsupportedDirective( |
- String(name_begin, position - name_begin)); |
+ if (policy) { |
+ policy->ReportUnsupportedDirective( |
+ String(name_begin, position - name_begin)); |
+ } |
return false; |
} |
@@ -1003,8 +1043,10 @@ bool CSPDirectiveList::ParseDirective(const UChar* begin, |
if (!skipExactly<UChar, IsASCIISpace>(position, end)) { |
skipWhile<UChar, IsNotASCIISpace>(position, end); |
- policy_->ReportUnsupportedDirective( |
- String(name_begin, position - name_begin)); |
+ if (policy) { |
+ policy->ReportUnsupportedDirective( |
+ String(name_begin, position - name_begin)); |
+ } |
return false; |
} |
@@ -1014,8 +1056,10 @@ bool CSPDirectiveList::ParseDirective(const UChar* begin, |
skipWhile<UChar, IsCSPDirectiveValueCharacter>(position, end); |
if (position != end) { |
- policy_->ReportInvalidDirectiveValueCharacter( |
- name, String(value_begin, end - value_begin)); |
+ if (policy) { |
+ policy->ReportInvalidDirectiveValueCharacter( |
+ name, String(value_begin, end - value_begin)); |
+ } |
return false; |
} |
@@ -1225,9 +1269,7 @@ void CSPDirectiveList::AddDirective(const String& name, const String& value) { |
policy_->UsesScriptHashAlgorithms(script_src_->HashAlgorithmsUsed()); |
} else if (type == ContentSecurityPolicy::DirectiveType::kObjectSrc) { |
SetCSPDirective<SourceListDirective>(name, value, object_src_); |
- } else if (type == |
- |
- ContentSecurityPolicy::DirectiveType::kFrameAncestors) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::kFrameAncestors) { |
SetCSPDirective<SourceListDirective>(name, value, frame_ancestors_); |
} else if (type == ContentSecurityPolicy::DirectiveType::kFrameSrc) { |
SetCSPDirective<SourceListDirective>(name, value, frame_src_); |