| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
| 7 | 7 |
| 8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
| 9 #include "core/frame/LocalFrame.h" | 9 #include "core/frame/LocalFrame.h" |
| 10 #include "core/inspector/ConsoleMessage.h" | 10 #include "core/inspector/ConsoleMessage.h" |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 79 return !directive || directive->allowEval(); | 79 return !directive || directive->allowEval(); |
| 80 } | 80 } |
| 81 | 81 |
| 82 bool CSPDirectiveList::checkInline(SourceListDirective* directive) const | 82 bool CSPDirectiveList::checkInline(SourceListDirective* directive) const |
| 83 { | 83 { |
| 84 return !directive || (directive->allowInline() && !directive->isHashOrNonceP
resent()); | 84 return !directive || (directive->allowInline() && !directive->isHashOrNonceP
resent()); |
| 85 } | 85 } |
| 86 | 86 |
| 87 bool CSPDirectiveList::checkNonce(SourceListDirective* directive, const String&
nonce) const | 87 bool CSPDirectiveList::checkNonce(SourceListDirective* directive, const String&
nonce) const |
| 88 { | 88 { |
| 89 return !directive || directive->allowNonce(nonce) || checkInline(directive); | 89 return !directive || directive->allowNonce(nonce); |
| 90 } | 90 } |
| 91 | 91 |
| 92 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const | 92 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const |
| 93 { | 93 { |
| 94 return !directive || directive->allowHash(hashValue) || checkInline(directiv
e); | 94 return !directive || directive->allowHash(hashValue); |
| 95 } | 95 } |
| 96 | 96 |
| 97 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl) const | 97 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl) const |
| 98 { | 98 { |
| 99 return !directive || directive->allows(url); | 99 return !directive || directive->allows(url); |
| 100 } | 100 } |
| 101 | 101 |
| 102 bool CSPDirectiveList::checkAncestors(SourceListDirective* directive, LocalFrame
* frame) const | 102 bool CSPDirectiveList::checkAncestors(SourceListDirective* directive, LocalFrame
* frame) const |
| 103 { | 103 { |
| 104 if (!frame || !directive) | 104 if (!frame || !directive) |
| (...skipping 583 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 688 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); | 688 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
| 689 else | 689 else |
| 690 m_policy->reportUnsupportedDirective(name); | 690 m_policy->reportUnsupportedDirective(name); |
| 691 } else { | 691 } else { |
| 692 m_policy->reportUnsupportedDirective(name); | 692 m_policy->reportUnsupportedDirective(name); |
| 693 } | 693 } |
| 694 } | 694 } |
| 695 | 695 |
| 696 | 696 |
| 697 } // namespace blink | 697 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 704723003:
Revert "Allow CSP checkNonce and checkHash to pass with 'unsafe-inline' only." (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master