| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 30 matching lines...) Expand all Loading... |
| 41 #include "wtf/text/TextPosition.h" | 41 #include "wtf/text/TextPosition.h" |
| 42 #include "wtf/text/WTFString.h" | 42 #include "wtf/text/WTFString.h" |
| 43 | 43 |
| 44 namespace WTF { | 44 namespace WTF { |
| 45 class OrdinalNumber; | 45 class OrdinalNumber; |
| 46 } | 46 } |
| 47 | 47 |
| 48 namespace blink { | 48 namespace blink { |
| 49 | 49 |
| 50 class ContentSecurityPolicyResponseHeaders; | 50 class ContentSecurityPolicyResponseHeaders; |
| 51 class ConsoleMessage; |
| 51 class CSPDirectiveList; | 52 class CSPDirectiveList; |
| 52 class CSPSource; | 53 class CSPSource; |
| 53 class DOMStringList; | 54 class DOMStringList; |
| 54 class Document; | 55 class Document; |
| 55 class JSONObject; | 56 class JSONObject; |
| 56 class KURL; | 57 class KURL; |
| 57 class SecurityOrigin; | 58 class SecurityOrigin; |
| 58 | 59 |
| 59 typedef int SandboxFlags; | 60 typedef int SandboxFlags; |
| 60 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; | 61 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; |
| 62 typedef Vector<RefPtrWillBeRawPtr<ConsoleMessage> > ConsoleMessageVector; |
| 61 | 63 |
| 62 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { | 64 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { |
| 63 WTF_MAKE_FAST_ALLOCATED; | 65 WTF_MAKE_FAST_ALLOCATED; |
| 64 public: | 66 public: |
| 65 // CSP 1.0 Directives | 67 // CSP 1.0 Directives |
| 66 static const char ConnectSrc[]; | 68 static const char ConnectSrc[]; |
| 67 static const char DefaultSrc[]; | 69 static const char DefaultSrc[]; |
| 68 static const char FontSrc[]; | 70 static const char FontSrc[]; |
| 69 static const char FrameSrc[]; | 71 static const char FrameSrc[]; |
| 70 static const char ImgSrc[]; | 72 static const char ImgSrc[]; |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 | 149 |
| 148 ReflectedXSSDisposition reflectedXSSDisposition() const; | 150 ReflectedXSSDisposition reflectedXSSDisposition() const; |
| 149 | 151 |
| 150 ReferrerPolicy referrerPolicy() const; | 152 ReferrerPolicy referrerPolicy() const; |
| 151 bool didSetReferrerPolicy() const; | 153 bool didSetReferrerPolicy() const; |
| 152 | 154 |
| 153 void setOverrideAllowInlineStyle(bool); | 155 void setOverrideAllowInlineStyle(bool); |
| 154 | 156 |
| 155 bool isActive() const; | 157 bool isActive() const; |
| 156 | 158 |
| 157 void reportDirectiveAsSourceExpression(const String& directiveName, const St
ring& sourceExpression) const; | 159 void logToConsole(PassRefPtr<ConsoleMessage>); |
| 158 void reportDuplicateDirective(const String&) const; | 160 |
| 159 void reportInvalidDirectiveValueCharacter(const String& directiveName, const
String& value) const; | 161 void reportDirectiveAsSourceExpression(const String& directiveName, const St
ring& sourceExpression); |
| 160 void reportInvalidPathCharacter(const String& directiveName, const String& v
alue, const char) const; | 162 void reportDuplicateDirective(const String&); |
| 161 void reportInvalidPluginTypes(const String&) const; | 163 void reportInvalidDirectiveValueCharacter(const String& directiveName, const
String& value); |
| 162 void reportInvalidSandboxFlags(const String&) const; | 164 void reportInvalidPathCharacter(const String& directiveName, const String& v
alue, const char); |
| 163 void reportInvalidSourceExpression(const String& directiveName, const String
& source) const; | 165 void reportInvalidPluginTypes(const String&); |
| 164 void reportInvalidReflectedXSS(const String&) const; | 166 void reportInvalidSandboxFlags(const String&); |
| 165 void reportMissingReportURI(const String&) const; | 167 void reportInvalidSourceExpression(const String& directiveName, const String
& source); |
| 166 void reportUnsupportedDirective(const String&) const; | 168 void reportInvalidReflectedXSS(const String&); |
| 167 void reportInvalidInReportOnly(const String&) const; | 169 void reportMissingReportURI(const String&); |
| 168 void reportInvalidReferrer(const String&) const; | 170 void reportUnsupportedDirective(const String&); |
| 169 void reportReportOnlyInMeta(const String&) const; | 171 void reportInvalidInReportOnly(const String&); |
| 170 void reportMetaOutsideHead(const String&) const; | 172 void reportInvalidReferrer(const String&); |
| 173 void reportReportOnlyInMeta(const String&); |
| 174 void reportMetaOutsideHead(const String&); |
| 171 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>
& reportURIs, const String& header); | 175 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>
& reportURIs, const String& header); |
| 172 | 176 |
| 173 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; | 177 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; |
| 174 | 178 |
| 175 const KURL url() const; | 179 const KURL url() const; |
| 176 KURL completeURL(const String&) const; | 180 KURL completeURL(const String&) const; |
| 177 void enforceSandboxFlags(SandboxFlags); | 181 void enforceSandboxFlags(SandboxFlags); |
| 178 String evalDisabledErrorMessage() const; | 182 String evalDisabledErrorMessage() const; |
| 179 | 183 |
| 180 bool urlMatchesSelf(const KURL&) const; | 184 bool urlMatchesSelf(const KURL&) const; |
| 181 bool protocolMatchesSelf(const KURL&) const; | 185 bool protocolMatchesSelf(const KURL&) const; |
| 182 | 186 |
| 183 bool experimentalFeaturesEnabled() const; | 187 bool experimentalFeaturesEnabled() const; |
| 184 | 188 |
| 185 static bool shouldBypassMainWorld(ExecutionContext*); | 189 static bool shouldBypassMainWorld(ExecutionContext*); |
| 186 | 190 |
| 187 static bool isDirectiveName(const String&); | 191 static bool isDirectiveName(const String&); |
| 188 | 192 |
| 189 ExecutionContext* executionContext() const { return m_executionContext; } | 193 ExecutionContext* executionContext() const { return m_executionContext; } |
| 190 | 194 |
| 191 private: | 195 private: |
| 192 explicit ContentSecurityPolicy(ExecutionContext*); | 196 explicit ContentSecurityPolicy(ExecutionContext*); |
| 193 | 197 |
| 194 void applyPolicySideEffectsToExecutionContext(); | 198 void applyPolicySideEffectsToExecutionContext(); |
| 195 | 199 |
| 196 Document* document() const; | 200 Document* document() const; |
| 197 SecurityOrigin* securityOrigin() const; | 201 SecurityOrigin* securityOrigin() const; |
| 198 | 202 |
| 199 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel) c
onst; | 203 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); |
| 200 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); | 204 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); |
| 201 | 205 |
| 202 bool shouldSendViolationReport(const String&) const; | 206 bool shouldSendViolationReport(const String&) const; |
| 203 void didSendViolationReport(const String&); | 207 void didSendViolationReport(const String&); |
| 204 | 208 |
| 205 ExecutionContext* m_executionContext; | 209 ExecutionContext* m_executionContext; |
| 206 bool m_overrideInlineStyleAllowed; | 210 bool m_overrideInlineStyleAllowed; |
| 207 CSPDirectiveListVector m_policies; | 211 CSPDirectiveListVector m_policies; |
| 212 ConsoleMessageVector m_consoleMessages; |
| 208 | 213 |
| 209 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 214 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
| 210 | 215 |
| 211 // We put the hash functions used on the policy object so that we only need | 216 // We put the hash functions used on the policy object so that we only need |
| 212 // to calculate a hash once and then distribute it to all of the directives | 217 // to calculate a hash once and then distribute it to all of the directives |
| 213 // for validation. | 218 // for validation. |
| 214 uint8_t m_scriptHashAlgorithmsUsed; | 219 uint8_t m_scriptHashAlgorithmsUsed; |
| 215 uint8_t m_styleHashAlgorithmsUsed; | 220 uint8_t m_styleHashAlgorithmsUsed; |
| 216 | 221 |
| 217 // State flags used to configure the environment after parsing a policy. | 222 // State flags used to configure the environment after parsing a policy. |
| 218 SandboxFlags m_sandboxMask; | 223 SandboxFlags m_sandboxMask; |
| 219 ReferrerPolicy m_referrerPolicy; | 224 ReferrerPolicy m_referrerPolicy; |
| 220 String m_disableEvalErrorMessage; | 225 String m_disableEvalErrorMessage; |
| 221 | 226 |
| 222 OwnPtr<CSPSource> m_selfSource; | 227 OwnPtr<CSPSource> m_selfSource; |
| 223 }; | 228 }; |
| 224 | 229 |
| 225 } | 230 } |
| 226 | 231 |
| 227 #endif | 232 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 554303002:
CSP: Separate more parse-time side-effects. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk