| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 127 ContentSecurityPolicyHeaderType, | 127 ContentSecurityPolicyHeaderType, |
| 128 ContentSecurityPolicyHeaderSource); | 128 ContentSecurityPolicyHeaderSource); |
| 129 void reportAccumulatedHeaders(LocalFrameClient*) const; | 129 void reportAccumulatedHeaders(LocalFrameClient*) const; |
| 130 | 130 |
| 131 std::unique_ptr<Vector<CSPHeaderAndType>> headers() const; | 131 std::unique_ptr<Vector<CSPHeaderAndType>> headers() const; |
| 132 | 132 |
| 133 // |element| will not be present for navigations to javascript URLs, | 133 // |element| will not be present for navigations to javascript URLs, |
| 134 // as those checks happen in the middle of the navigation algorithm, | 134 // as those checks happen in the middle of the navigation algorithm, |
| 135 // and we generally don't have access to the responsible element. | 135 // and we generally don't have access to the responsible element. |
| 136 bool allowJavaScriptURLs(Element*, | 136 bool allowJavaScriptURLs(Element*, |
| 137 const String& source, |
| 137 const String& contextURL, | 138 const String& contextURL, |
| 138 const WTF::OrdinalNumber& contextLine, | 139 const WTF::OrdinalNumber& contextLine, |
| 139 SecurityViolationReportingPolicy = | 140 SecurityViolationReportingPolicy = |
| 140 SecurityViolationReportingPolicy::Report) const; | 141 SecurityViolationReportingPolicy::Report) const; |
| 141 | 142 |
| 142 // |element| will be present almost all of the time, but because of | 143 // |element| will be present almost all of the time, but because of |
| 143 // strangeness around targeting handlers for '<body>', '<svg>', and | 144 // strangeness around targeting handlers for '<body>', '<svg>', and |
| 144 // '<frameset>', it will be 'nullptr' for handlers on those | 145 // '<frameset>', it will be 'nullptr' for handlers on those |
| 145 // elements. | 146 // elements. |
| 146 bool allowInlineEventHandler( | 147 bool allowInlineEventHandler( |
| (...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 const DirectiveType& effectiveType, | 333 const DirectiveType& effectiveType, |
| 333 const String& consoleMessage, | 334 const String& consoleMessage, |
| 334 const KURL& blockedURL, | 335 const KURL& blockedURL, |
| 335 const Vector<String>& reportEndpoints, | 336 const Vector<String>& reportEndpoints, |
| 336 const String& header, | 337 const String& header, |
| 337 ContentSecurityPolicyHeaderType, | 338 ContentSecurityPolicyHeaderType, |
| 338 ViolationType, | 339 ViolationType, |
| 339 LocalFrame* = nullptr, | 340 LocalFrame* = nullptr, |
| 340 RedirectStatus = RedirectStatus::FollowedRedirect, | 341 RedirectStatus = RedirectStatus::FollowedRedirect, |
| 341 int contextLine = 0, | 342 int contextLine = 0, |
| 342 Element* = nullptr); | 343 Element* = nullptr, |
| 344 const String& source = emptyString); |
| 343 | 345 |
| 344 // Called when mixed content is detected on a page; will trigger a violation | 346 // Called when mixed content is detected on a page; will trigger a violation |
| 345 // report if the 'block-all-mixed-content' directive is specified for a | 347 // report if the 'block-all-mixed-content' directive is specified for a |
| 346 // policy. | 348 // policy. |
| 347 void reportMixedContent(const KURL& mixedURL, RedirectStatus); | 349 void reportMixedContent(const KURL& mixedURL, RedirectStatus); |
| 348 | 350 |
| 349 void reportBlockedScriptExecutionToInspector( | 351 void reportBlockedScriptExecutionToInspector( |
| 350 const String& directiveText) const; | 352 const String& directiveText) const; |
| 351 | 353 |
| 352 const KURL url() const; | 354 const KURL url() const; |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 438 String m_disableEvalErrorMessage; | 440 String m_disableEvalErrorMessage; |
| 439 WebInsecureRequestPolicy m_insecureRequestPolicy; | 441 WebInsecureRequestPolicy m_insecureRequestPolicy; |
| 440 | 442 |
| 441 Member<CSPSource> m_selfSource; | 443 Member<CSPSource> m_selfSource; |
| 442 String m_selfProtocol; | 444 String m_selfProtocol; |
| 443 }; | 445 }; |
| 444 | 446 |
| 445 } // namespace blink | 447 } // namespace blink |
| 446 | 448 |
| 447 #endif | 449 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2436003002:
CSP: Add 'script-sample' to violation reports. (Closed)
