| Index: Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| diff --git a/Source/core/frame/csp/ContentSecurityPolicy.cpp b/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| index 1707163d1de4c04cd764c3f52b6271781cd10f27..c561c3bbe00734e23f06b58c2594f3a2d6b7f17c 100644
|
| --- a/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| +++ b/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| @@ -136,7 +136,7 @@ static ReferrerPolicy mergeReferrerPolicies(ReferrerPolicy a, ReferrerPolicy b)
|
| }
|
|
|
| ContentSecurityPolicy::ContentSecurityPolicy()
|
| - : m_executionContext(0)
|
| + : m_executionContext(nullptr)
|
| , m_overrideInlineStyleAllowed(false)
|
| , m_scriptHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone)
|
| , m_styleHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone)
|
| @@ -169,8 +169,8 @@ void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext()
|
| m_executionContext->addConsoleMessage(consoleMessage);
|
| m_consoleMessages.clear();
|
|
|
| - for (const auto& cspDirective : m_policies)
|
| - UseCounter::count(*document, getUseCounterType(cspDirective->headerType()));
|
| + for (const auto& policy : m_policies)
|
| + UseCounter::count(*document, getUseCounterType(policy->headerType()));
|
| }
|
|
|
| // We disable 'eval()' even in the case of report-only policies, and rely on the check in the
|
| @@ -186,14 +186,14 @@ ContentSecurityPolicy::~ContentSecurityPolicy()
|
|
|
| Document* ContentSecurityPolicy::document() const
|
| {
|
| - return m_executionContext->isDocument() ? toDocument(m_executionContext) : 0;
|
| + return m_executionContext->isDocument() ? toDocument(m_executionContext) : nullptr;
|
| }
|
|
|
| void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)
|
| {
|
| ASSERT(m_policies.isEmpty());
|
| - for (const auto& cspDirective : other->m_policies)
|
| - addPolicyFromHeaderValue(cspDirective->header(), cspDirective->headerType(), cspDirective->headerSource());
|
| + for (const auto& policy : other->m_policies)
|
| + addPolicyFromHeaderValue(policy->header(), policy->headerType(), policy->headerSource());
|
| }
|
|
|
| void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyResponseHeaders& headers)
|
| @@ -284,8 +284,8 @@ ContentSecurityPolicyHeaderType ContentSecurityPolicy::deprecatedHeaderType() co
|
| template<bool (CSPDirectiveList::*allowed)(ContentSecurityPolicy::ReportingStatus) const>
|
| bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolicy::ReportingStatus reportingStatus)
|
| {
|
| - for (size_t i = 0; i < policies.size(); ++i) {
|
| - if (!(policies[i].get()->*allowed)(reportingStatus))
|
| + for (const auto& policy : policies) {
|
| + if (!(policy.get()->*allowed)(reportingStatus))
|
| return false;
|
| }
|
| return true;
|
| @@ -294,8 +294,8 @@ bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolic
|
| template<bool (CSPDirectiveList::*allowed)(ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus) const>
|
| bool isAllowedByAllWithState(const CSPDirectiveListVector& policies, ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus reportingStatus)
|
| {
|
| - for (size_t i = 0; i < policies.size(); ++i) {
|
| - if (!(policies[i].get()->*allowed)(scriptState, reportingStatus))
|
| + for (const auto& policy : policies) {
|
| + if (!(policy.get()->*allowed)(scriptState, reportingStatus))
|
| return false;
|
| }
|
| return true;
|
| @@ -304,8 +304,8 @@ bool isAllowedByAllWithState(const CSPDirectiveListVector& policies, ScriptState
|
| template<bool (CSPDirectiveList::*allowed)(const String&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const>
|
| bool isAllowedByAllWithContext(const CSPDirectiveListVector& policies, const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus)
|
| {
|
| - for (size_t i = 0; i < policies.size(); ++i) {
|
| - if (!(policies[i].get()->*allowed)(contextURL, contextLine, reportingStatus))
|
| + for (const auto& policy : policies) {
|
| + if (!(policy.get()->*allowed)(contextURL, contextLine, reportingStatus))
|
| return false;
|
| }
|
| return true;
|
| @@ -314,8 +314,8 @@ bool isAllowedByAllWithContext(const CSPDirectiveListVector& policies, const Str
|
| template<bool (CSPDirectiveList::*allowed)(const String&) const>
|
| bool isAllowedByAllWithNonce(const CSPDirectiveListVector& policies, const String& nonce)
|
| {
|
| - for (size_t i = 0; i < policies.size(); ++i) {
|
| - if (!(policies[i].get()->*allowed)(nonce))
|
| + for (const auto& policy : policies) {
|
| + if (!(policy.get()->*allowed)(nonce))
|
| return false;
|
| }
|
| return true;
|
| @@ -324,8 +324,8 @@ bool isAllowedByAllWithNonce(const CSPDirectiveListVector& policies, const Strin
|
| template<bool (CSPDirectiveList::*allowed)(const CSPHashValue&) const>
|
| bool isAllowedByAllWithHash(const CSPDirectiveListVector& policies, const CSPHashValue& hashValue)
|
| {
|
| - for (size_t i = 0; i < policies.size(); ++i) {
|
| - if (!(policies[i].get()->*allowed)(hashValue))
|
| + for (const auto& policy : policies) {
|
| + if (!(policy.get()->*allowed)(hashValue))
|
| return false;
|
| }
|
| return true;
|
| @@ -337,8 +337,8 @@ bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const KURL& u
|
| if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))
|
| return true;
|
|
|
| - for (size_t i = 0; i < policies.size(); ++i) {
|
| - if (!(policies[i].get()->*allowFromURL)(url, reportingStatus))
|
| + for (const auto& policy : policies) {
|
| + if (!(policy.get()->*allowFromURL)(url, reportingStatus))
|
| return false;
|
| }
|
| return true;
|
| @@ -347,8 +347,8 @@ bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const KURL& u
|
| template<bool (CSPDirectiveList::*allowed)(LocalFrame*, const KURL&, ContentSecurityPolicy::ReportingStatus) const>
|
| bool isAllowedByAllWithFrame(const CSPDirectiveListVector& policies, LocalFrame* frame, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus)
|
| {
|
| - for (size_t i = 0; i < policies.size(); ++i) {
|
| - if (!(policies[i].get()->*allowed)(frame, url, reportingStatus))
|
| + for (const auto& policy : policies) {
|
| + if (!(policy.get()->*allowed)(frame, url, reportingStatus))
|
| return false;
|
| }
|
| return true;
|
| @@ -419,17 +419,17 @@ bool ContentSecurityPolicy::allowEval(ScriptState* scriptState, ContentSecurityP
|
|
|
| String ContentSecurityPolicy::evalDisabledErrorMessage() const
|
| {
|
| - for (size_t i = 0; i < m_policies.size(); ++i) {
|
| - if (!m_policies[i]->allowEval(0, SuppressReport))
|
| - return m_policies[i]->evalDisabledErrorMessage();
|
| + for (const auto& policy : m_policies) {
|
| + if (!policy->allowEval(0, SuppressReport))
|
| + return policy->evalDisabledErrorMessage();
|
| }
|
| return String();
|
| }
|
|
|
| bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
|
| {
|
| - for (size_t i = 0; i < m_policies.size(); ++i) {
|
| - if (!m_policies[i]->allowPluginType(type, typeAttribute, url, reportingStatus))
|
| + for (const auto& policy : m_policies) {
|
| + if (!policy->allowPluginType(type, typeAttribute, url, reportingStatus))
|
| return false;
|
| }
|
| return true;
|
| @@ -550,32 +550,32 @@ bool ContentSecurityPolicy::isActive() const
|
| ReflectedXSSDisposition ContentSecurityPolicy::reflectedXSSDisposition() const
|
| {
|
| ReflectedXSSDisposition disposition = ReflectedXSSUnset;
|
| - for (size_t i = 0; i < m_policies.size(); ++i) {
|
| - if (m_policies[i]->reflectedXSSDisposition() > disposition)
|
| - disposition = std::max(disposition, m_policies[i]->reflectedXSSDisposition());
|
| + for (const auto& policy : m_policies) {
|
| + if (policy->reflectedXSSDisposition() > disposition)
|
| + disposition = std::max(disposition, policy->reflectedXSSDisposition());
|
| }
|
| return disposition;
|
| }
|
|
|
| ReferrerPolicy ContentSecurityPolicy::referrerPolicy() const
|
| {
|
| - ReferrerPolicy policy = ReferrerPolicyDefault;
|
| + ReferrerPolicy referrerPolicy = ReferrerPolicyDefault;
|
| bool first = true;
|
| - for (size_t i = 0; i < m_policies.size(); ++i) {
|
| - if (m_policies[i]->didSetReferrerPolicy()) {
|
| + for (const auto& policy : m_policies) {
|
| + if (policy->didSetReferrerPolicy()) {
|
| if (first)
|
| - policy = m_policies[i]->referrerPolicy();
|
| + referrerPolicy = policy->referrerPolicy();
|
| else
|
| - policy = mergeReferrerPolicies(policy, m_policies[i]->referrerPolicy());
|
| + referrerPolicy = mergeReferrerPolicies(referrerPolicy, policy->referrerPolicy());
|
| }
|
| }
|
| - return policy;
|
| + return referrerPolicy;
|
| }
|
|
|
| bool ContentSecurityPolicy::didSetReferrerPolicy() const
|
| {
|
| - for (size_t i = 0; i < m_policies.size(); ++i) {
|
| - if (m_policies[i]->didSetReferrerPolicy())
|
| + for (const auto& policy : m_policies) {
|
| + if (policy->didSetReferrerPolicy())
|
| return true;
|
| }
|
| return false;
|
| @@ -702,14 +702,14 @@ void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
|
|
|
| RefPtr<FormData> report = FormData::create(stringifiedReport.utf8());
|
|
|
| - for (size_t i = 0; i < reportEndpoints.size(); ++i) {
|
| + for (const String& endpoint : reportEndpoints) {
|
| // If we have a context frame we're dealing with 'frame-ancestors' and we don't have our
|
| // own execution context. Use the frame's document to complete the endpoint URL, overriding
|
| // its URL with the blocked document's URL.
|
| ASSERT(!contextFrame || !m_executionContext);
|
| ASSERT(!contextFrame || equalIgnoringCase(effectiveDirective, FrameAncestors));
|
| - KURL endpoint = contextFrame ? frame->document()->completeURLWithOverride(reportEndpoints[i], blockedURL) : completeURL(reportEndpoints[i]);
|
| - PingLoader::sendViolationReport(frame, completeURL(reportEndpoints[i]), report, PingLoader::ContentSecurityPolicyViolationReport);
|
| + KURL url = contextFrame ? frame->document()->completeURLWithOverride(endpoint, blockedURL) : completeURL(endpoint);
|
| + PingLoader::sendViolationReport(frame, url, report, PingLoader::ContentSecurityPolicyViolationReport);
|
| }
|
|
|
| didSendViolationReport(stringifiedReport);
|
|
|
Chromium Code Reviews
Issue 658513003:
Use C++11 features in ContentSecurityPolicy (Closed)
Base URL: svn://svn.chromium.org/blink/trunk