Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(191)

Side by Side Diff: chrome/common/extensions/csp_validator.cc

Issue 10458063: Add sanbdoxed_pages to allow extension/app pages to be served in a sandboxed, unique origin (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: CheckCurrentContextAccessToExtensionAPI Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/extensions/csp_validator.h" 5 #include "chrome/common/extensions/csp_validator.h"
6 6
7 #include "base/string_split.h" 7 #include "base/string_split.h"
8 #include "base/string_tokenizer.h" 8 #include "base/string_tokenizer.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 10
11 namespace extensions { 11 namespace extensions {
12 12
13 namespace csp_validator { 13 namespace csp_validator {
14 14
15 namespace { 15 namespace {
16 16
17 const char kDefaultSrc[] = "default-src"; 17 const char kDefaultSrc[] = "default-src";
18 const char kScriptSrc[] = "script-src"; 18 const char kScriptSrc[] = "script-src";
19 const char kObjectSrc[] = "object-src"; 19 const char kObjectSrc[] = "object-src";
20 20
21 const char kSandboxDirectiveName[] = "sandbox";
22 const char kAllowSameOriginToken[] = "allow-same-origin";
23 const char kAllowTopNavigation[] = "allow-top-navigation";
24 const char kAllowPopups[] = "allow-popups";
25
21 struct DirectiveStatus { 26 struct DirectiveStatus {
22 explicit DirectiveStatus(const char* name) 27 explicit DirectiveStatus(const char* name)
23 : directive_name(name) 28 : directive_name(name)
24 , seen_in_policy(false) 29 , seen_in_policy(false)
25 , is_secure(false) { 30 , is_secure(false) {
26 } 31 }
27 32
28 const char* directive_name; 33 const char* directive_name;
29 bool seen_in_policy; 34 bool seen_in_policy;
30 bool is_secure; 35 bool is_secure;
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after
112 117
113 if (default_src_status.seen_in_policy && !default_src_status.is_secure) { 118 if (default_src_status.seen_in_policy && !default_src_status.is_secure) {
114 return script_src_status.seen_in_policy && 119 return script_src_status.seen_in_policy &&
115 object_src_status.seen_in_policy; 120 object_src_status.seen_in_policy;
116 } 121 }
117 122
118 return default_src_status.seen_in_policy || 123 return default_src_status.seen_in_policy ||
119 (script_src_status.seen_in_policy && object_src_status.seen_in_policy); 124 (script_src_status.seen_in_policy && object_src_status.seen_in_policy);
120 } 125 }
121 126
127 bool ContentSecurityPolicyIsSandboxed(
128 const std::string& policy, Extension::Type type) {
129 // See http://www.w3.org/TR/CSP/#parse-a-csp-policy for parsing algorithm.
130 std::vector<std::string> directives;
131 base::SplitString(policy, ';', &directives);
132
133 bool seen_sandbox = false;
134
135 for (size_t i = 0; i < directives.size(); ++i) {
136 std::string& input = directives[i];
137 StringTokenizer tokenizer(input, " \t\r\n");
138 if (!tokenizer.GetNext())
139 continue;
140
141 std::string directive_name = tokenizer.token();
142 StringToLowerASCII(&directive_name);
143
144 if (directive_name != kSandboxDirectiveName)
145 continue;
146
147 seen_sandbox = true;
148
149 while (tokenizer.GetNext()) {
150 std::string token = tokenizer.token();
151 StringToLowerASCII(&token);
152
153 // The same origin token negates the sandboxing.
154 if (token == kAllowSameOriginToken)
155 return false;
156
157 // Platform apps don't allow navigation (and have a separate windowing
158 // API that should be used for popups)
159 if (type == Extension::TYPE_PLATFORM_APP) {
160 if (token == kAllowTopNavigation || token == kAllowPopups)
161 return false;
162 }
163 }
164 }
165
166 return seen_sandbox;
167 }
168
122 } // csp_validator 169 } // csp_validator
123 170
124 } // extensions 171 } // extensions
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698