OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
467 } | 467 } |
468 | 468 |
469 bool ContentSecurityPolicy::allowChildContextFromSource(const KURL& url, Content
SecurityPolicy::ReportingStatus reportingStatus) const | 469 bool ContentSecurityPolicy::allowChildContextFromSource(const KURL& url, Content
SecurityPolicy::ReportingStatus reportingStatus) const |
470 { | 470 { |
471 return isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>
(m_policies, url, reportingStatus); | 471 return isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>
(m_policies, url, reportingStatus); |
472 } | 472 } |
473 | 473 |
474 bool ContentSecurityPolicy::allowWorkerContextFromSource(const KURL& url, Conten
tSecurityPolicy::ReportingStatus reportingStatus) const | 474 bool ContentSecurityPolicy::allowWorkerContextFromSource(const KURL& url, Conten
tSecurityPolicy::ReportingStatus reportingStatus) const |
475 { | 475 { |
476 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure t
he impact of this backwards-incompatible change. | 476 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure t
he impact of this backwards-incompatible change. |
477 if (m_executionContext->isDocument()) { | 477 if (Document* document = this->document()) { |
478 Document* document = static_cast<Document*>(m_executionContext); | |
479 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); | 478 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); |
480 if (isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource
>(m_policies, url, SuppressReport) && !isAllowedByAllWithURL<&CSPDirectiveList::
allowScriptFromSource>(m_policies, url, SuppressReport)) | 479 if (isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource
>(m_policies, url, SuppressReport) && !isAllowedByAllWithURL<&CSPDirectiveList::
allowScriptFromSource>(m_policies, url, SuppressReport)) |
481 UseCounter::count(*document, UseCounter::WorkerAllowedByChildBlocked
ByScript); | 480 UseCounter::count(*document, UseCounter::WorkerAllowedByChildBlocked
ByScript); |
482 } | 481 } |
483 | 482 |
484 return experimentalFeaturesEnabled() ? | 483 return experimentalFeaturesEnabled() ? |
485 isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_
policies, url, reportingStatus) : | 484 isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_
policies, url, reportingStatus) : |
486 isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_polici
es, url, reportingStatus); | 485 isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_polici
es, url, reportingStatus); |
487 } | 486 } |
488 | 487 |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
581 KURL source = KURL(ParsedURLString, callFrame.sourceURL()); | 580 KURL source = KURL(ParsedURLString, callFrame.sourceURL()); |
582 init.sourceFile = stripURLForUseInReport(document, source); | 581 init.sourceFile = stripURLForUseInReport(document, source); |
583 init.lineNumber = callFrame.lineNumber(); | 582 init.lineNumber = callFrame.lineNumber(); |
584 init.columnNumber = callFrame.columnNumber(); | 583 init.columnNumber = callFrame.columnNumber(); |
585 } | 584 } |
586 } | 585 } |
587 | 586 |
588 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<KURL>& reportURIs, const String& header) | 587 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<KURL>& reportURIs, const String& header) |
589 { | 588 { |
590 // FIXME: Support sending reports from worker. | 589 // FIXME: Support sending reports from worker. |
591 if (!m_executionContext->isDocument()) | 590 Document* document = this->document(); |
| 591 if (!document) |
592 return; | 592 return; |
593 | 593 |
594 Document* document = this->document(); | |
595 LocalFrame* frame = document->frame(); | 594 LocalFrame* frame = document->frame(); |
596 if (!frame) | 595 if (!frame) |
597 return; | 596 return; |
598 | 597 |
599 SecurityPolicyViolationEventInit violationData; | 598 SecurityPolicyViolationEventInit violationData; |
600 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header); | 599 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header); |
601 | 600 |
602 if (experimentalFeaturesEnabled()) | 601 if (experimentalFeaturesEnabled()) |
603 frame->domWindow()->enqueueDocumentEvent(SecurityPolicyViolationEvent::c
reate(EventTypeNames::securitypolicyviolation, violationData)); | 602 frame->domWindow()->enqueueDocumentEvent(SecurityPolicyViolationEvent::c
reate(EventTypeNames::securitypolicyviolation, violationData)); |
604 | 603 |
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
777 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 776 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
778 return !m_violationReportsSent.contains(report.impl()->hash()); | 777 return !m_violationReportsSent.contains(report.impl()->hash()); |
779 } | 778 } |
780 | 779 |
781 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 780 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
782 { | 781 { |
783 m_violationReportsSent.add(report.impl()->hash()); | 782 m_violationReportsSent.add(report.impl()->hash()); |
784 } | 783 } |
785 | 784 |
786 } // namespace WebCore | 785 } // namespace WebCore |
OLD | NEW |