Chromium Code Reviews Chromium Code Reviews
Issue 550223002:
CSP: Separate side-effects of parsing from the parsing code. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 91 ~ContentSecurityPolicy(); | 91 ~ContentSecurityPolicy(); |
| 92 | 92 |
| 93 void copyStateFrom(const ContentSecurityPolicy*); | 93 void copyStateFrom(const ContentSecurityPolicy*); |
| 94 | 94 |
| 95 enum ReportingStatus { | 95 enum ReportingStatus { |
| 96 SendReport, | 96 SendReport, |
| 97 SuppressReport | 97 SuppressReport |
| 98 }; | 98 }; |
| 99 | 99 |
| 100 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); | 100 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); |
| 101 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource); | 101 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource, bool shouldApplySideEffects = true); |
|
jochen (gone - plz use gerrit)
2014/09/09 08:08:34
can this be an enum instead of a bool?
jochen (gone - plz use gerrit)
2014/09/09 08:08:34
can this be an enum instead of a bool?
Mike West
2014/09/09 09:12:02
Certainly (though I intend to drop it entirely in
| |
| 102 | 102 |
| 103 // These functions are wrong because they assume that there is only one head er. | 103 // These functions are wrong because they assume that there is only one head er. |
| 104 // FIXME: Replace them with functions that return vectors. | 104 // FIXME: Replace them with functions that return vectors. |
| 105 const String& deprecatedHeader() const; | 105 const String& deprecatedHeader() const; |
| 106 ContentSecurityPolicyHeaderType deprecatedHeaderType() const; | 106 ContentSecurityPolicyHeaderType deprecatedHeaderType() const; |
| 107 | 107 |
| 108 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; | 108 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; |
| 109 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const; | 109 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const; |
| 110 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const; | 110 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const; |
| 111 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, ReportingStatus = SendReport) const; | 111 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, ReportingStatus = SendReport) const; |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 162 void reportInvalidInReportOnly(const String&) const; | 162 void reportInvalidInReportOnly(const String&) const; |
| 163 void reportInvalidReferrer(const String&) const; | 163 void reportInvalidReferrer(const String&) const; |
| 164 void reportReportOnlyInMeta(const String&) const; | 164 void reportReportOnlyInMeta(const String&) const; |
| 165 void reportMetaOutsideHead(const String&) const; | 165 void reportMetaOutsideHead(const String&) const; |
| 166 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header); | 166 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header); |
| 167 | 167 |
| 168 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; | 168 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; |
| 169 | 169 |
| 170 const KURL url() const; | 170 const KURL url() const; |
| 171 KURL completeURL(const String&) const; | 171 KURL completeURL(const String&) const; |
| 172 void enforceSandboxFlags(SandboxFlags) const; | 172 void enforceSandboxFlags(SandboxFlags); |
| 173 String evalDisabledErrorMessage() const; | 173 String evalDisabledErrorMessage() const; |
| 174 | 174 |
| 175 bool urlMatchesSelf(const KURL&) const; | 175 bool urlMatchesSelf(const KURL&) const; |
| 176 bool protocolMatchesSelf(const KURL&) const; | 176 bool protocolMatchesSelf(const KURL&) const; |
| 177 | 177 |
| 178 bool experimentalFeaturesEnabled() const; | 178 bool experimentalFeaturesEnabled() const; |
| 179 | 179 |
| 180 static bool shouldBypassMainWorld(ExecutionContext*); | 180 static bool shouldBypassMainWorld(ExecutionContext*); |
| 181 | 181 |
| 182 static bool isDirectiveName(const String&); | 182 static bool isDirectiveName(const String&); |
| 183 | 183 |
| 184 ExecutionContext* executionContext() const { return m_executionContext; } | 184 ExecutionContext* executionContext() const { return m_executionContext; } |
| 185 | 185 |
| 186 private: | 186 private: |
| 187 explicit ContentSecurityPolicy(ExecutionContext*); | 187 explicit ContentSecurityPolicy(ExecutionContext*); |
| 188 | 188 |
| 189 void applyPolicySideEffectsToExecutionContext(); | |
| 190 | |
| 189 Document* document() const; | 191 Document* document() const; |
| 190 SecurityOrigin* securityOrigin() const; | 192 SecurityOrigin* securityOrigin() const; |
| 191 | 193 |
| 192 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel) c onst; | 194 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel) c onst; |
| 193 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource); | 195 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource); |
| 194 | 196 |
| 195 bool shouldSendViolationReport(const String&) const; | 197 bool shouldSendViolationReport(const String&) const; |
| 196 void didSendViolationReport(const String&); | 198 void didSendViolationReport(const String&); |
| 197 | 199 |
| 198 ExecutionContext* m_executionContext; | 200 ExecutionContext* m_executionContext; |
| 199 bool m_overrideInlineStyleAllowed; | 201 bool m_overrideInlineStyleAllowed; |
| 200 CSPDirectiveListVector m_policies; | 202 CSPDirectiveListVector m_policies; |
| 201 | 203 |
| 202 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 204 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
| 203 | 205 |
| 204 // We put the hash functions used on the policy object so that we only need | 206 // We put the hash functions used on the policy object so that we only need |
| 205 // to calculate a hash once and then distribute it to all of the directives | 207 // to calculate a hash once and then distribute it to all of the directives |
| 206 // for validation. | 208 // for validation. |
| 207 uint8_t m_scriptHashAlgorithmsUsed; | 209 uint8_t m_scriptHashAlgorithmsUsed; |
| 208 uint8_t m_styleHashAlgorithmsUsed; | 210 uint8_t m_styleHashAlgorithmsUsed; |
| 209 | 211 |
| 212 // State flags used to configure the environment after parsing a policy. | |
| 213 SandboxFlags m_sandboxMask; | |
| 214 bool m_setReferrerPolicy; | |
| 215 ReferrerPolicy m_referrerPolicy; | |
| 216 String m_disableEvalErrorMessage; | |
| 217 | |
| 210 OwnPtr<CSPSource> m_selfSource; | 218 OwnPtr<CSPSource> m_selfSource; |
| 211 }; | 219 }; |
| 212 | 220 |
| 213 } | 221 } |
| 214 | 222 |
| 215 #endif | 223 #endif |
| OLD | NEW |
