Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicy.h

Issue 559503002: CSP: Move policy parsing out of Document. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Reworking. Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/dom/Document.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
84 static const char FrameAncestors[]; 84 static const char FrameAncestors[];
85 static const char PluginTypes[]; 85 static const char PluginTypes[];
86 static const char ReflectedXSS[]; 86 static const char ReflectedXSS[];
87 static const char Referrer[]; 87 static const char Referrer[];
88 88
89 enum ReportingStatus { 89 enum ReportingStatus {
90 SendReport, 90 SendReport,
91 SuppressReport 91 SuppressReport
92 }; 92 };
93 93
94 enum SideEffectDisposition { 94 static PassRefPtr<ContentSecurityPolicy> create()
95 ApplySideEffectsToExecutionContext,
96 DoNotApplySideEffectsToExecutionContext
97 };
98
99 static PassRefPtr<ContentSecurityPolicy> create(ExecutionContext* executionC ontext)
100 { 95 {
101 return adoptRef(new ContentSecurityPolicy(executionContext)); 96 return adoptRef(new ContentSecurityPolicy());
102 } 97 }
103 ~ContentSecurityPolicy(); 98 ~ContentSecurityPolicy();
104 99
100 void bindToExecutionContext(ExecutionContext*);
105 void copyStateFrom(const ContentSecurityPolicy*); 101 void copyStateFrom(const ContentSecurityPolicy*);
106 102
107 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); 103 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
108 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource, SideEffectDisposition = ApplySideEffectsToExecution Context); 104 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource);
109 105
110 // These functions are wrong because they assume that there is only one head er. 106 // These functions are wrong because they assume that there is only one head er.
111 // FIXME: Replace them with functions that return vectors. 107 // FIXME: Replace them with functions that return vectors.
112 const String& deprecatedHeader() const; 108 const String& deprecatedHeader() const;
113 ContentSecurityPolicyHeaderType deprecatedHeaderType() const; 109 ContentSecurityPolicyHeaderType deprecatedHeaderType() const;
114 110
115 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 111 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
116 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const; 112 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const;
117 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const; 113 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const;
118 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, ReportingStatus = SendReport) const; 114 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, ReportingStatus = SendReport) const;
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
182 178
183 bool urlMatchesSelf(const KURL&) const; 179 bool urlMatchesSelf(const KURL&) const;
184 bool protocolMatchesSelf(const KURL&) const; 180 bool protocolMatchesSelf(const KURL&) const;
185 181
186 bool experimentalFeaturesEnabled() const; 182 bool experimentalFeaturesEnabled() const;
187 183
188 static bool shouldBypassMainWorld(ExecutionContext*); 184 static bool shouldBypassMainWorld(ExecutionContext*);
189 185
190 static bool isDirectiveName(const String&); 186 static bool isDirectiveName(const String&);
191 187
192 ExecutionContext* executionContext() const { return m_executionContext; }
193
194 private: 188 private:
195 explicit ContentSecurityPolicy(ExecutionContext*); 189 ContentSecurityPolicy();
196 190
197 void applyPolicySideEffectsToExecutionContext(); 191 void applyPolicySideEffectsToExecutionContext();
198 192
199 Document* document() const; 193 Document* document() const;
200 SecurityOrigin* securityOrigin() const; 194 SecurityOrigin* securityOrigin() const;
201 KURL completeURL(const String&) const; 195 KURL completeURL(const String&) const;
202 196
203 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); 197 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel);
204 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource); 198 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource);
205 199
(...skipping 17 matching lines...) Expand all
223 SandboxFlags m_sandboxMask; 217 SandboxFlags m_sandboxMask;
224 ReferrerPolicy m_referrerPolicy; 218 ReferrerPolicy m_referrerPolicy;
225 String m_disableEvalErrorMessage; 219 String m_disableEvalErrorMessage;
226 220
227 OwnPtr<CSPSource> m_selfSource; 221 OwnPtr<CSPSource> m_selfSource;
228 }; 222 };
229 223
230 } 224 }
231 225
232 #endif 226 #endif
OLDNEW
« no previous file with comments | « Source/core/dom/Document.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698