OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
11 * documentation and/or other materials provided with the distribution. | 11 * documentation and/or other materials provided with the distribution. |
12 * | 12 * |
13 * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY | 13 * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY |
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR | 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR |
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 */ | 24 */ |
25 | 25 |
26 #ifndef ContentSecurityPolicy_h | 26 #ifndef ContentSecurityPolicy_h |
27 #define ContentSecurityPolicy_h | 27 #define ContentSecurityPolicy_h |
28 | 28 |
29 #include "bindings/v8/ScriptState.h" | 29 #include "bindings/v8/ScriptState.h" |
30 #include "core/dom/Document.h" | |
31 #include "core/dom/ExecutionContext.h" | 30 #include "core/dom/ExecutionContext.h" |
32 #include "platform/network/ContentSecurityPolicyParsers.h" | 31 #include "platform/network/ContentSecurityPolicyParsers.h" |
33 #include "platform/network/HTTPParsers.h" | 32 #include "platform/network/HTTPParsers.h" |
34 #include "platform/weborigin/ReferrerPolicy.h" | 33 #include "platform/weborigin/ReferrerPolicy.h" |
35 #include "wtf/HashSet.h" | 34 #include "wtf/HashSet.h" |
36 #include "wtf/PassOwnPtr.h" | 35 #include "wtf/PassOwnPtr.h" |
37 #include "wtf/PassRefPtr.h" | 36 #include "wtf/PassRefPtr.h" |
38 #include "wtf/RefCounted.h" | 37 #include "wtf/RefCounted.h" |
39 #include "wtf/Vector.h" | 38 #include "wtf/Vector.h" |
40 #include "wtf/text/StringHash.h" | 39 #include "wtf/text/StringHash.h" |
41 #include "wtf/text/TextPosition.h" | 40 #include "wtf/text/TextPosition.h" |
42 #include "wtf/text/WTFString.h" | 41 #include "wtf/text/WTFString.h" |
43 | 42 |
44 namespace WTF { | 43 namespace WTF { |
45 class OrdinalNumber; | 44 class OrdinalNumber; |
46 } | 45 } |
47 | 46 |
48 namespace WebCore { | 47 namespace WebCore { |
49 | 48 |
50 class ContentSecurityPolicyResponseHeaders; | 49 class ContentSecurityPolicyResponseHeaders; |
51 class CSPDirectiveList; | 50 class CSPDirectiveList; |
52 class DOMStringList; | 51 class DOMStringList; |
| 52 class Document; |
53 class JSONObject; | 53 class JSONObject; |
54 class KURL; | 54 class KURL; |
55 class SecurityOrigin; | 55 class SecurityOrigin; |
56 | 56 |
57 typedef int SandboxFlags; | 57 typedef int SandboxFlags; |
58 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; | 58 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; |
59 | 59 |
60 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { | 60 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { |
61 WTF_MAKE_FAST_ALLOCATED; | 61 WTF_MAKE_FAST_ALLOCATED; |
62 public: | 62 public: |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
167 void enforceSandboxFlags(SandboxFlags) const; | 167 void enforceSandboxFlags(SandboxFlags) const; |
168 String evalDisabledErrorMessage() const; | 168 String evalDisabledErrorMessage() const; |
169 | 169 |
170 bool experimentalFeaturesEnabled() const; | 170 bool experimentalFeaturesEnabled() const; |
171 | 171 |
172 static bool shouldBypassMainWorld(ExecutionContext*); | 172 static bool shouldBypassMainWorld(ExecutionContext*); |
173 | 173 |
174 static bool isDirectiveName(const String&); | 174 static bool isDirectiveName(const String&); |
175 | 175 |
176 ExecutionContext* executionContext() const { return m_executionContext; } | 176 ExecutionContext* executionContext() const { return m_executionContext; } |
177 Document* document() const { return m_executionContext->isDocument() ? toDoc
ument(m_executionContext) : 0; } | |
178 | 177 |
179 private: | 178 private: |
180 explicit ContentSecurityPolicy(ExecutionContext*); | 179 explicit ContentSecurityPolicy(ExecutionContext*); |
181 | 180 |
| 181 Document* document() const; |
| 182 |
182 void logToConsole(const String& message) const; | 183 void logToConsole(const String& message) const; |
183 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); | 184 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); |
184 | 185 |
185 bool shouldSendViolationReport(const String&) const; | 186 bool shouldSendViolationReport(const String&) const; |
186 void didSendViolationReport(const String&); | 187 void didSendViolationReport(const String&); |
187 | 188 |
188 ExecutionContext* m_executionContext; | 189 ExecutionContext* m_executionContext; |
189 bool m_overrideInlineStyleAllowed; | 190 bool m_overrideInlineStyleAllowed; |
190 CSPDirectiveListVector m_policies; | 191 CSPDirectiveListVector m_policies; |
191 | 192 |
192 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 193 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
193 | 194 |
194 // We put the hash functions used on the policy object so that we only need | 195 // We put the hash functions used on the policy object so that we only need |
195 // to calculate a hash once and then distribute it to all of the directives | 196 // to calculate a hash once and then distribute it to all of the directives |
196 // for validation. | 197 // for validation. |
197 uint8_t m_scriptHashAlgorithmsUsed; | 198 uint8_t m_scriptHashAlgorithmsUsed; |
198 uint8_t m_styleHashAlgorithmsUsed; | 199 uint8_t m_styleHashAlgorithmsUsed; |
199 }; | 200 }; |
200 | 201 |
201 } | 202 } |
202 | 203 |
203 #endif | 204 #endif |
OLD | NEW |