Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/csp_validator.h

Issue 12093036: Move Extension Location and Type enums to Manifest, and move InstallWarning to its own file. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/extensions/tab_helper.h ('K') | « chrome/common/extensions/api/extension_api_unittest.cc ('k') | chrome/common/extensions/csp_validator.cc » ('j') | chrome/common/extensions/extension.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROME_COMMON_EXTENSIONS_CSP_VALIDATOR_H_ 5 #ifndef CHROME_COMMON_EXTENSIONS_CSP_VALIDATOR_H_
6 #define CHROME_COMMON_EXTENSIONS_CSP_VALIDATOR_H_ 6 #define CHROME_COMMON_EXTENSIONS_CSP_VALIDATOR_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "chrome/common/extensions/extension.h" 10 #include "chrome/common/extensions/extension.h"
11 #include "chrome/common/extensions/manifest.h"
11 12
12 namespace extensions { 13 namespace extensions {
13 14
14 namespace csp_validator { 15 namespace csp_validator {
15 16
16 // Checks whether the given |policy| is legal for use in the extension system. 17 // Checks whether the given |policy| is legal for use in the extension system.
17 // This check just ensures that the policy doesn't contain any characters that 18 // This check just ensures that the policy doesn't contain any characters that
18 // will cause problems when we transmit the policy in an HTTP header. 19 // will cause problems when we transmit the policy in an HTTP header.
19 bool ContentSecurityPolicyIsLegal(const std::string& policy); 20 bool ContentSecurityPolicyIsLegal(const std::string& policy);
20 21
21 // Checks whether the given |policy| meets the minimum security requirements 22 // Checks whether the given |policy| meets the minimum security requirements
22 // for use in the extension system. 23 // for use in the extension system.
23 // 24 //
24 // Ideally, we would like to say that an XSS vulnerability in the extension 25 // Ideally, we would like to say that an XSS vulnerability in the extension
25 // should not be able to execute script, even in the precense of an active 26 // should not be able to execute script, even in the precense of an active
26 // network attacker. 27 // network attacker.
27 // 28 //
28 // However, we found that it broke too many deployed extensions to limit 29 // However, we found that it broke too many deployed extensions to limit
29 // 'unsafe-eval' in the script-src directive, so that is allowed as a special 30 // 'unsafe-eval' in the script-src directive, so that is allowed as a special
30 // case for extensions. Platform apps disallow it. 31 // case for extensions. Platform apps disallow it.
31 bool ContentSecurityPolicyIsSecure( 32 bool ContentSecurityPolicyIsSecure(
32 const std::string& policy, Extension::Type type); 33 const std::string& policy, Manifest::Type type);
33 34
34 // Checks whether the given |policy| enforces a unique origin sandbox as 35 // Checks whether the given |policy| enforces a unique origin sandbox as
35 // defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/ 36 // defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/
36 // the-iframe-element.html#attr-iframe-sandbox. The policy must have the 37 // the-iframe-element.html#attr-iframe-sandbox. The policy must have the
37 // "sandbox" directive, and the sandbox tokens must not include 38 // "sandbox" directive, and the sandbox tokens must not include
38 // "allow-same-origin". Additional restrictions may be imposed depending on 39 // "allow-same-origin". Additional restrictions may be imposed depending on
39 // |type|. 40 // |type|.
40 bool ContentSecurityPolicyIsSandboxed( 41 bool ContentSecurityPolicyIsSandboxed(
41 const std::string& policy, Extension::Type type); 42 const std::string& policy, Manifest::Type type);
42 43
43 } // namespace csp_validator 44 } // namespace csp_validator
44 45
45 } // namespace extensions 46 } // namespace extensions
46 47
47 #endif // CHROME_COMMON_EXTENSIONS_CSP_VALIDATOR_H_ 48 #endif // CHROME_COMMON_EXTENSIONS_CSP_VALIDATOR_H_
OLDNEW
« chrome/browser/extensions/tab_helper.h ('K') | « chrome/common/extensions/api/extension_api_unittest.cc ('k') | chrome/common/extensions/csp_validator.cc » ('j') | chrome/common/extensions/extension.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698