OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 30 matching lines...) Expand all Loading... |
41 #include "wtf/text/TextPosition.h" | 41 #include "wtf/text/TextPosition.h" |
42 #include "wtf/text/WTFString.h" | 42 #include "wtf/text/WTFString.h" |
43 | 43 |
44 namespace WTF { | 44 namespace WTF { |
45 class OrdinalNumber; | 45 class OrdinalNumber; |
46 } | 46 } |
47 | 47 |
48 namespace blink { | 48 namespace blink { |
49 | 49 |
50 class ContentSecurityPolicyResponseHeaders; | 50 class ContentSecurityPolicyResponseHeaders; |
| 51 class ConsoleMessage; |
51 class CSPDirectiveList; | 52 class CSPDirectiveList; |
52 class CSPSource; | 53 class CSPSource; |
53 class DOMStringList; | 54 class DOMStringList; |
54 class Document; | 55 class Document; |
55 class JSONObject; | 56 class JSONObject; |
56 class KURL; | 57 class KURL; |
57 class SecurityOrigin; | 58 class SecurityOrigin; |
58 | 59 |
59 typedef int SandboxFlags; | 60 typedef int SandboxFlags; |
60 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; | 61 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; |
| 62 typedef Vector<RefPtrWillBeRawPtr<ConsoleMessage> > ConsoleMessageVector; |
61 | 63 |
62 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { | 64 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { |
63 WTF_MAKE_FAST_ALLOCATED; | 65 WTF_MAKE_FAST_ALLOCATED; |
64 public: | 66 public: |
65 // CSP 1.0 Directives | 67 // CSP 1.0 Directives |
66 static const char ConnectSrc[]; | 68 static const char ConnectSrc[]; |
67 static const char DefaultSrc[]; | 69 static const char DefaultSrc[]; |
68 static const char FontSrc[]; | 70 static const char FontSrc[]; |
69 static const char FrameSrc[]; | 71 static const char FrameSrc[]; |
70 static const char ImgSrc[]; | 72 static const char ImgSrc[]; |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
147 | 149 |
148 ReflectedXSSDisposition reflectedXSSDisposition() const; | 150 ReflectedXSSDisposition reflectedXSSDisposition() const; |
149 | 151 |
150 ReferrerPolicy referrerPolicy() const; | 152 ReferrerPolicy referrerPolicy() const; |
151 bool didSetReferrerPolicy() const; | 153 bool didSetReferrerPolicy() const; |
152 | 154 |
153 void setOverrideAllowInlineStyle(bool); | 155 void setOverrideAllowInlineStyle(bool); |
154 | 156 |
155 bool isActive() const; | 157 bool isActive() const; |
156 | 158 |
157 void reportDirectiveAsSourceExpression(const String& directiveName, const St
ring& sourceExpression) const; | 159 void logToConsole(PassRefPtr<ConsoleMessage>); |
158 void reportDuplicateDirective(const String&) const; | 160 |
159 void reportInvalidDirectiveValueCharacter(const String& directiveName, const
String& value) const; | 161 void reportDirectiveAsSourceExpression(const String& directiveName, const St
ring& sourceExpression); |
160 void reportInvalidPathCharacter(const String& directiveName, const String& v
alue, const char) const; | 162 void reportDuplicateDirective(const String&); |
161 void reportInvalidPluginTypes(const String&) const; | 163 void reportInvalidDirectiveValueCharacter(const String& directiveName, const
String& value); |
162 void reportInvalidSandboxFlags(const String&) const; | 164 void reportInvalidPathCharacter(const String& directiveName, const String& v
alue, const char); |
163 void reportInvalidSourceExpression(const String& directiveName, const String
& source) const; | 165 void reportInvalidPluginTypes(const String&); |
164 void reportInvalidReflectedXSS(const String&) const; | 166 void reportInvalidSandboxFlags(const String&); |
165 void reportMissingReportURI(const String&) const; | 167 void reportInvalidSourceExpression(const String& directiveName, const String
& source); |
166 void reportUnsupportedDirective(const String&) const; | 168 void reportInvalidReflectedXSS(const String&); |
167 void reportInvalidInReportOnly(const String&) const; | 169 void reportMissingReportURI(const String&); |
168 void reportInvalidReferrer(const String&) const; | 170 void reportUnsupportedDirective(const String&); |
169 void reportReportOnlyInMeta(const String&) const; | 171 void reportInvalidInReportOnly(const String&); |
170 void reportMetaOutsideHead(const String&) const; | 172 void reportInvalidReferrer(const String&); |
| 173 void reportReportOnlyInMeta(const String&); |
| 174 void reportMetaOutsideHead(const String&); |
171 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>
& reportURIs, const String& header); | 175 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>
& reportURIs, const String& header); |
172 | 176 |
173 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; | 177 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; |
174 | 178 |
175 const KURL url() const; | 179 const KURL url() const; |
176 KURL completeURL(const String&) const; | 180 KURL completeURL(const String&) const; |
177 void enforceSandboxFlags(SandboxFlags); | 181 void enforceSandboxFlags(SandboxFlags); |
178 String evalDisabledErrorMessage() const; | 182 String evalDisabledErrorMessage() const; |
179 | 183 |
180 bool urlMatchesSelf(const KURL&) const; | 184 bool urlMatchesSelf(const KURL&) const; |
181 bool protocolMatchesSelf(const KURL&) const; | 185 bool protocolMatchesSelf(const KURL&) const; |
182 | 186 |
183 bool experimentalFeaturesEnabled() const; | 187 bool experimentalFeaturesEnabled() const; |
184 | 188 |
185 static bool shouldBypassMainWorld(ExecutionContext*); | 189 static bool shouldBypassMainWorld(ExecutionContext*); |
186 | 190 |
187 static bool isDirectiveName(const String&); | 191 static bool isDirectiveName(const String&); |
188 | 192 |
189 ExecutionContext* executionContext() const { return m_executionContext; } | 193 ExecutionContext* executionContext() const { return m_executionContext; } |
190 | 194 |
191 private: | 195 private: |
192 explicit ContentSecurityPolicy(ExecutionContext*); | 196 explicit ContentSecurityPolicy(ExecutionContext*); |
193 | 197 |
194 void applyPolicySideEffectsToExecutionContext(); | 198 void applyPolicySideEffectsToExecutionContext(); |
195 | 199 |
196 Document* document() const; | 200 Document* document() const; |
197 SecurityOrigin* securityOrigin() const; | 201 SecurityOrigin* securityOrigin() const; |
198 | 202 |
199 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel) c
onst; | 203 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); |
200 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); | 204 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); |
201 | 205 |
202 bool shouldSendViolationReport(const String&) const; | 206 bool shouldSendViolationReport(const String&) const; |
203 void didSendViolationReport(const String&); | 207 void didSendViolationReport(const String&); |
204 | 208 |
205 ExecutionContext* m_executionContext; | 209 ExecutionContext* m_executionContext; |
206 bool m_overrideInlineStyleAllowed; | 210 bool m_overrideInlineStyleAllowed; |
207 CSPDirectiveListVector m_policies; | 211 CSPDirectiveListVector m_policies; |
| 212 ConsoleMessageVector m_consoleMessages; |
208 | 213 |
209 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 214 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
210 | 215 |
211 // We put the hash functions used on the policy object so that we only need | 216 // We put the hash functions used on the policy object so that we only need |
212 // to calculate a hash once and then distribute it to all of the directives | 217 // to calculate a hash once and then distribute it to all of the directives |
213 // for validation. | 218 // for validation. |
214 uint8_t m_scriptHashAlgorithmsUsed; | 219 uint8_t m_scriptHashAlgorithmsUsed; |
215 uint8_t m_styleHashAlgorithmsUsed; | 220 uint8_t m_styleHashAlgorithmsUsed; |
216 | 221 |
217 // State flags used to configure the environment after parsing a policy. | 222 // State flags used to configure the environment after parsing a policy. |
218 SandboxFlags m_sandboxMask; | 223 SandboxFlags m_sandboxMask; |
219 ReferrerPolicy m_referrerPolicy; | 224 ReferrerPolicy m_referrerPolicy; |
220 String m_disableEvalErrorMessage; | 225 String m_disableEvalErrorMessage; |
221 | 226 |
222 OwnPtr<CSPSource> m_selfSource; | 227 OwnPtr<CSPSource> m_selfSource; |
223 }; | 228 }; |
224 | 229 |
225 } | 230 } |
226 | 231 |
227 #endif | 232 #endif |
OLD | NEW |