Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(513)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicy.h

Issue 549163003: CSP: Change 'self' to ask the policy object whether a URL matches. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/frame/csp/CSPSourceList.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
42 #include "wtf/text/WTFString.h" 42 #include "wtf/text/WTFString.h"
43 43
44 namespace WTF { 44 namespace WTF {
45 class OrdinalNumber; 45 class OrdinalNumber;
46 } 46 }
47 47
48 namespace blink { 48 namespace blink {
49 49
50 class ContentSecurityPolicyResponseHeaders; 50 class ContentSecurityPolicyResponseHeaders;
51 class CSPDirectiveList; 51 class CSPDirectiveList;
52 class CSPSource;
52 class DOMStringList; 53 class DOMStringList;
53 class Document; 54 class Document;
54 class JSONObject; 55 class JSONObject;
55 class KURL; 56 class KURL;
56 class SecurityOrigin; 57 class SecurityOrigin;
57 58
58 typedef int SandboxFlags; 59 typedef int SandboxFlags;
59 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; 60 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
60 61
61 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { 62 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> {
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
161 void reportInvalidInReportOnly(const String&) const; 162 void reportInvalidInReportOnly(const String&) const;
162 void reportInvalidReferrer(const String&) const; 163 void reportInvalidReferrer(const String&) const;
163 void reportReportOnlyInMeta(const String&) const; 164 void reportReportOnlyInMeta(const String&) const;
164 void reportMetaOutsideHead(const String&) const; 165 void reportMetaOutsideHead(const String&) const;
165 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header); 166 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header);
166 167
167 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; 168 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst;
168 169
169 const KURL url() const; 170 const KURL url() const;
170 KURL completeURL(const String&) const; 171 KURL completeURL(const String&) const;
171 SecurityOrigin* securityOrigin() const;
172 void enforceSandboxFlags(SandboxFlags) const; 172 void enforceSandboxFlags(SandboxFlags) const;
173 String evalDisabledErrorMessage() const; 173 String evalDisabledErrorMessage() const;
174 174
175 bool urlMatchesSelf(const KURL&) const;
176 bool protocolMatchesSelf(const KURL&) const;
177
175 bool experimentalFeaturesEnabled() const; 178 bool experimentalFeaturesEnabled() const;
176 179
177 static bool shouldBypassMainWorld(ExecutionContext*); 180 static bool shouldBypassMainWorld(ExecutionContext*);
178 181
179 static bool isDirectiveName(const String&); 182 static bool isDirectiveName(const String&);
180 183
181 ExecutionContext* executionContext() const { return m_executionContext; } 184 ExecutionContext* executionContext() const { return m_executionContext; }
182 185
183 private: 186 private:
184 explicit ContentSecurityPolicy(ExecutionContext*); 187 explicit ContentSecurityPolicy(ExecutionContext*);
185 188
186 Document* document() const; 189 Document* document() const;
190 SecurityOrigin* securityOrigin() const;
187 191
188 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel) c onst; 192 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel) c onst;
189 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource); 193 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource);
190 194
191 bool shouldSendViolationReport(const String&) const; 195 bool shouldSendViolationReport(const String&) const;
192 void didSendViolationReport(const String&); 196 void didSendViolationReport(const String&);
193 197
194 ExecutionContext* m_executionContext; 198 ExecutionContext* m_executionContext;
195 bool m_overrideInlineStyleAllowed; 199 bool m_overrideInlineStyleAllowed;
196 CSPDirectiveListVector m_policies; 200 CSPDirectiveListVector m_policies;
197 201
198 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; 202 HashSet<unsigned, AlreadyHashed> m_violationReportsSent;
199 203
200 // We put the hash functions used on the policy object so that we only need 204 // We put the hash functions used on the policy object so that we only need
201 // to calculate a hash once and then distribute it to all of the directives 205 // to calculate a hash once and then distribute it to all of the directives
202 // for validation. 206 // for validation.
203 uint8_t m_scriptHashAlgorithmsUsed; 207 uint8_t m_scriptHashAlgorithmsUsed;
204 uint8_t m_styleHashAlgorithmsUsed; 208 uint8_t m_styleHashAlgorithmsUsed;
209
210 OwnPtr<CSPSource> m_selfSource;
205 }; 211 };
206 212
207 } 213 }
208 214
209 #endif 215 #endif
OLDNEW
« no previous file with comments | « Source/core/frame/csp/CSPSourceList.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698