| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
| 6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
| 7 | 7 |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "core/frame/csp/MediaListDirective.h" | 9 #include "core/frame/csp/MediaListDirective.h" |
| 10 #include "core/frame/csp/SourceListDirective.h" | 10 #include "core/frame/csp/SourceListDirective.h" |
| (...skipping 28 matching lines...) Expand all Loading... |
| 39 | 39 |
| 40 void parse(const UChar* begin, const UChar* end); | 40 void parse(const UChar* begin, const UChar* end); |
| 41 | 41 |
| 42 const String& header() const { return m_header; } | 42 const String& header() const { return m_header; } |
| 43 ContentSecurityPolicyHeaderType headerType() const { return m_headerType; } | 43 ContentSecurityPolicyHeaderType headerType() const { return m_headerType; } |
| 44 ContentSecurityPolicyHeaderSource headerSource() const { | 44 ContentSecurityPolicyHeaderSource headerSource() const { |
| 45 return m_headerSource; | 45 return m_headerSource; |
| 46 } | 46 } |
| 47 | 47 |
| 48 bool allowJavaScriptURLs(Element*, | 48 bool allowJavaScriptURLs(Element*, |
| 49 const String& source, |
| 49 const String& contextURL, | 50 const String& contextURL, |
| 50 const WTF::OrdinalNumber& contextLine, | 51 const WTF::OrdinalNumber& contextLine, |
| 51 SecurityViolationReportingPolicy) const; | 52 SecurityViolationReportingPolicy) const; |
| 52 bool allowInlineEventHandlers(Element*, | 53 bool allowInlineEventHandlers(Element*, |
| 54 const String& source, |
| 53 const String& contextURL, | 55 const String& contextURL, |
| 54 const WTF::OrdinalNumber& contextLine, | 56 const WTF::OrdinalNumber& contextLine, |
| 55 SecurityViolationReportingPolicy) const; | 57 SecurityViolationReportingPolicy) const; |
| 56 bool allowInlineScript(Element*, | 58 bool allowInlineScript(Element*, |
| 57 const String& contextURL, | 59 const String& contextURL, |
| 58 const String& nonce, | 60 const String& nonce, |
| 59 const WTF::OrdinalNumber& contextLine, | 61 const WTF::OrdinalNumber& contextLine, |
| 60 SecurityViolationReportingPolicy, | 62 SecurityViolationReportingPolicy, |
| 61 const String& scriptContent) const; | 63 const String& scriptContent) const; |
| 62 bool allowInlineStyle(Element*, | 64 bool allowInlineStyle(Element*, |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 219 const ContentSecurityPolicy::DirectiveType&, | 221 const ContentSecurityPolicy::DirectiveType&, |
| 220 const String& consoleMessage, | 222 const String& consoleMessage, |
| 221 const KURL& blockedURL, | 223 const KURL& blockedURL, |
| 222 LocalFrame*) const; | 224 LocalFrame*) const; |
| 223 void reportViolationWithLocation(const String& directiveText, | 225 void reportViolationWithLocation(const String& directiveText, |
| 224 const ContentSecurityPolicy::DirectiveType&, | 226 const ContentSecurityPolicy::DirectiveType&, |
| 225 const String& consoleMessage, | 227 const String& consoleMessage, |
| 226 const KURL& blockedURL, | 228 const KURL& blockedURL, |
| 227 const String& contextURL, | 229 const String& contextURL, |
| 228 const WTF::OrdinalNumber& contextLine, | 230 const WTF::OrdinalNumber& contextLine, |
| 229 Element*) const; | 231 Element*, |
| 232 const String& source) const; |
| 230 void reportViolationWithState( | 233 void reportViolationWithState( |
| 231 const String& directiveText, | 234 const String& directiveText, |
| 232 const ContentSecurityPolicy::DirectiveType&, | 235 const ContentSecurityPolicy::DirectiveType&, |
| 233 const String& message, | 236 const String& message, |
| 234 const KURL& blockedURL, | 237 const KURL& blockedURL, |
| 235 ScriptState*, | 238 ScriptState*, |
| 236 const ContentSecurityPolicy::ExceptionStatus) const; | 239 const ContentSecurityPolicy::ExceptionStatus) const; |
| 237 | 240 |
| 238 bool checkEval(SourceListDirective*) const; | 241 bool checkEval(SourceListDirective*) const; |
| 239 bool checkDynamic(SourceListDirective*) const; | 242 bool checkDynamic(SourceListDirective*) const; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 255 | 258 |
| 256 bool checkEvalAndReportViolation( | 259 bool checkEvalAndReportViolation( |
| 257 SourceListDirective*, | 260 SourceListDirective*, |
| 258 const String& consoleMessage, | 261 const String& consoleMessage, |
| 259 ScriptState*, | 262 ScriptState*, |
| 260 ContentSecurityPolicy::ExceptionStatus = | 263 ContentSecurityPolicy::ExceptionStatus = |
| 261 ContentSecurityPolicy::WillNotThrowException) const; | 264 ContentSecurityPolicy::WillNotThrowException) const; |
| 262 bool checkInlineAndReportViolation(SourceListDirective*, | 265 bool checkInlineAndReportViolation(SourceListDirective*, |
| 263 const String& consoleMessage, | 266 const String& consoleMessage, |
| 264 Element*, | 267 Element*, |
| 268 const String& source, |
| 265 const String& contextURL, | 269 const String& contextURL, |
| 266 const WTF::OrdinalNumber& contextLine, | 270 const WTF::OrdinalNumber& contextLine, |
| 267 bool isScript, | 271 bool isScript, |
| 268 const String& hashValue) const; | 272 const String& hashValue) const; |
| 269 | 273 |
| 270 bool checkSourceAndReportViolation( | 274 bool checkSourceAndReportViolation( |
| 271 SourceListDirective*, | 275 SourceListDirective*, |
| 272 const KURL&, | 276 const KURL&, |
| 273 const ContentSecurityPolicy::DirectiveType&, | 277 const ContentSecurityPolicy::DirectiveType&, |
| 274 ResourceRequest::RedirectStatus) const; | 278 ResourceRequest::RedirectStatus) const; |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 330 uint8_t m_requireSRIFor; | 334 uint8_t m_requireSRIFor; |
| 331 | 335 |
| 332 Vector<String> m_reportEndpoints; | 336 Vector<String> m_reportEndpoints; |
| 333 | 337 |
| 334 String m_evalDisabledErrorMessage; | 338 String m_evalDisabledErrorMessage; |
| 335 }; | 339 }; |
| 336 | 340 |
| 337 } // namespace blink | 341 } // namespace blink |
| 338 | 342 |
| 339 #endif | 343 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2436003002:
CSP: Add 'script-sample' to violation reports. (Closed)
