Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Side by Side Diff: trunk/src/extensions/common/csp_validator.cc

Issue 474483002: Revert 289312 "Move StringToUpperASCII and LowerCaseEqualsASCII ..." (Closed) Base URL: svn://svn.chromium.org/chrome/
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/common/csp_validator.h" 5 #include "extensions/common/csp_validator.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/strings/string_split.h" 9 #include "base/strings/string_split.h"
10 #include "base/strings/string_tokenizer.h" 10 #include "base/strings/string_tokenizer.h"
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 bool isWildcardSubdomain = i + 1 < length && source[i + 1] == L'.'; 59 bool isWildcardSubdomain = i + 1 < length && source[i + 1] == L'.';
60 if (!isWildcardPort && !isWildcardSubdomain) 60 if (!isWildcardPort && !isWildcardSubdomain)
61 return false; 61 return false;
62 } 62 }
63 } 63 }
64 64
65 // We might need to relax this whitelist over time. 65 // We might need to relax this whitelist over time.
66 if (source == "'self'" || 66 if (source == "'self'" ||
67 source == "'none'" || 67 source == "'none'" ||
68 source == "http://127.0.0.1" || 68 source == "http://127.0.0.1" ||
69 base::LowerCaseEqualsASCII(source, "blob:") || 69 LowerCaseEqualsASCII(source, "blob:") ||
70 base::LowerCaseEqualsASCII(source, "filesystem:") || 70 LowerCaseEqualsASCII(source, "filesystem:") ||
71 base::LowerCaseEqualsASCII(source, "http://localhost") || 71 LowerCaseEqualsASCII(source, "http://localhost") ||
72 StartsWithASCII(source, "http://127.0.0.1:", false) || 72 StartsWithASCII(source, "http://127.0.0.1:", false) ||
73 StartsWithASCII(source, "http://localhost:", false) || 73 StartsWithASCII(source, "http://localhost:", false) ||
74 StartsWithASCII(source, "https://", true) || 74 StartsWithASCII(source, "https://", true) ||
75 StartsWithASCII(source, "chrome://", true) || 75 StartsWithASCII(source, "chrome://", true) ||
76 StartsWithASCII(source, 76 StartsWithASCII(source,
77 std::string(extensions::kExtensionScheme) + 77 std::string(extensions::kExtensionScheme) +
78 url::kStandardSchemeSeparator, 78 url::kStandardSchemeSeparator,
79 true) || 79 true) ||
80 StartsWithASCII(source, "chrome-extension-resource:", true)) { 80 StartsWithASCII(source, "chrome-extension-resource:", true)) {
81 continue; 81 continue;
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 } 198 }
199 } 199 }
200 } 200 }
201 201
202 return seen_sandbox; 202 return seen_sandbox;
203 } 203 }
204 204
205 } // namespace csp_validator 205 } // namespace csp_validator
206 206
207 } // namespace extensions 207 } // namespace extensions
OLDNEW
« no previous file with comments | « trunk/src/content/test/plugin/plugin_test.cc ('k') | trunk/src/extensions/renderer/runtime_custom_bindings.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698