OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/common/csp_validator.h" | 5 #include "extensions/common/csp_validator.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/strings/string_split.h" | 9 #include "base/strings/string_split.h" |
10 #include "base/strings/string_tokenizer.h" | 10 #include "base/strings/string_tokenizer.h" |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
59 bool isWildcardSubdomain = i + 1 < length && source[i + 1] == L'.'; | 59 bool isWildcardSubdomain = i + 1 < length && source[i + 1] == L'.'; |
60 if (!isWildcardPort && !isWildcardSubdomain) | 60 if (!isWildcardPort && !isWildcardSubdomain) |
61 return false; | 61 return false; |
62 } | 62 } |
63 } | 63 } |
64 | 64 |
65 // We might need to relax this whitelist over time. | 65 // We might need to relax this whitelist over time. |
66 if (source == "'self'" || | 66 if (source == "'self'" || |
67 source == "'none'" || | 67 source == "'none'" || |
68 source == "http://127.0.0.1" || | 68 source == "http://127.0.0.1" || |
69 base::LowerCaseEqualsASCII(source, "blob:") || | 69 LowerCaseEqualsASCII(source, "blob:") || |
70 base::LowerCaseEqualsASCII(source, "filesystem:") || | 70 LowerCaseEqualsASCII(source, "filesystem:") || |
71 base::LowerCaseEqualsASCII(source, "http://localhost") || | 71 LowerCaseEqualsASCII(source, "http://localhost") || |
72 StartsWithASCII(source, "http://127.0.0.1:", false) || | 72 StartsWithASCII(source, "http://127.0.0.1:", false) || |
73 StartsWithASCII(source, "http://localhost:", false) || | 73 StartsWithASCII(source, "http://localhost:", false) || |
74 StartsWithASCII(source, "https://", true) || | 74 StartsWithASCII(source, "https://", true) || |
75 StartsWithASCII(source, "chrome://", true) || | 75 StartsWithASCII(source, "chrome://", true) || |
76 StartsWithASCII(source, | 76 StartsWithASCII(source, |
77 std::string(extensions::kExtensionScheme) + | 77 std::string(extensions::kExtensionScheme) + |
78 url::kStandardSchemeSeparator, | 78 url::kStandardSchemeSeparator, |
79 true) || | 79 true) || |
80 StartsWithASCII(source, "chrome-extension-resource:", true)) { | 80 StartsWithASCII(source, "chrome-extension-resource:", true)) { |
81 continue; | 81 continue; |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
198 } | 198 } |
199 } | 199 } |
200 } | 200 } |
201 | 201 |
202 return seen_sandbox; | 202 return seen_sandbox; |
203 } | 203 } |
204 | 204 |
205 } // namespace csp_validator | 205 } // namespace csp_validator |
206 | 206 |
207 } // namespace extensions | 207 } // namespace extensions |
OLD | NEW |