Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 346263009: Make better internal use of ContentSecurityPolicy::document() (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after
467 } 467 }
468 468
469 bool ContentSecurityPolicy::allowChildContextFromSource(const KURL& url, Content SecurityPolicy::ReportingStatus reportingStatus) const 469 bool ContentSecurityPolicy::allowChildContextFromSource(const KURL& url, Content SecurityPolicy::ReportingStatus reportingStatus) const
470 { 470 {
471 return isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource> (m_policies, url, reportingStatus); 471 return isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource> (m_policies, url, reportingStatus);
472 } 472 }
473 473
474 bool ContentSecurityPolicy::allowWorkerContextFromSource(const KURL& url, Conten tSecurityPolicy::ReportingStatus reportingStatus) const 474 bool ContentSecurityPolicy::allowWorkerContextFromSource(const KURL& url, Conten tSecurityPolicy::ReportingStatus reportingStatus) const
475 { 475 {
476 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure t he impact of this backwards-incompatible change. 476 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure t he impact of this backwards-incompatible change.
477 if (m_executionContext->isDocument()) { 477 if (Document* document = this->document()) {
478 Document* document = static_cast<Document*>(m_executionContext);
479 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); 478 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP);
480 if (isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource >(m_policies, url, SuppressReport) && !isAllowedByAllWithURL<&CSPDirectiveList:: allowScriptFromSource>(m_policies, url, SuppressReport)) 479 if (isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource >(m_policies, url, SuppressReport) && !isAllowedByAllWithURL<&CSPDirectiveList:: allowScriptFromSource>(m_policies, url, SuppressReport))
481 UseCounter::count(*document, UseCounter::WorkerAllowedByChildBlocked ByScript); 480 UseCounter::count(*document, UseCounter::WorkerAllowedByChildBlocked ByScript);
482 } 481 }
483 482
484 return experimentalFeaturesEnabled() ? 483 return experimentalFeaturesEnabled() ?
485 isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_ policies, url, reportingStatus) : 484 isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_ policies, url, reportingStatus) :
486 isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_polici es, url, reportingStatus); 485 isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_polici es, url, reportingStatus);
487 } 486 }
488 487
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after
581 KURL source = KURL(ParsedURLString, callFrame.sourceURL()); 580 KURL source = KURL(ParsedURLString, callFrame.sourceURL());
582 init.sourceFile = stripURLForUseInReport(document, source); 581 init.sourceFile = stripURLForUseInReport(document, source);
583 init.lineNumber = callFrame.lineNumber(); 582 init.lineNumber = callFrame.lineNumber();
584 init.columnNumber = callFrame.columnNumber(); 583 init.columnNumber = callFrame.columnNumber();
585 } 584 }
586 } 585 }
587 586
588 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header) 587 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header)
589 { 588 {
590 // FIXME: Support sending reports from worker. 589 // FIXME: Support sending reports from worker.
591 if (!m_executionContext->isDocument()) 590 Document* document = this->document();
591 if (!document)
592 return; 592 return;
593 593
594 Document* document = this->document();
595 LocalFrame* frame = document->frame(); 594 LocalFrame* frame = document->frame();
596 if (!frame) 595 if (!frame)
597 return; 596 return;
598 597
599 SecurityPolicyViolationEventInit violationData; 598 SecurityPolicyViolationEventInit violationData;
600 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex t, effectiveDirective, blockedURL, header); 599 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex t, effectiveDirective, blockedURL, header);
601 600
602 if (experimentalFeaturesEnabled()) 601 if (experimentalFeaturesEnabled())
603 frame->domWindow()->enqueueDocumentEvent(SecurityPolicyViolationEvent::c reate(EventTypeNames::securitypolicyviolation, violationData)); 602 frame->domWindow()->enqueueDocumentEvent(SecurityPolicyViolationEvent::c reate(EventTypeNames::securitypolicyviolation, violationData));
604 603
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after
777 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. 776 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report.
778 return !m_violationReportsSent.contains(report.impl()->hash()); 777 return !m_violationReportsSent.contains(report.impl()->hash());
779 } 778 }
780 779
781 void ContentSecurityPolicy::didSendViolationReport(const String& report) 780 void ContentSecurityPolicy::didSendViolationReport(const String& report)
782 { 781 {
783 m_violationReportsSent.add(report.impl()->hash()); 782 m_violationReportsSent.add(report.impl()->hash());
784 } 783 }
785 784
786 } // namespace WebCore 785 } // namespace WebCore
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698