Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(25)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/page/ContentSecurityPolicy.h

Issue 14949017: Implementation of W3C compliant CSP script-src nonce. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Minor fixes based on Adam's comments Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/cache/CachedResourceRequest.h ('k') | Source/core/page/ContentSecurityPolicy.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
85 // These functions are wrong because they assume that there is only one head er. 85 // These functions are wrong because they assume that there is only one head er.
86 // FIXME: Replace them with functions that return vectors. 86 // FIXME: Replace them with functions that return vectors.
87 const String& deprecatedHeader() const; 87 const String& deprecatedHeader() const;
88 HeaderType deprecatedHeaderType() const; 88 HeaderType deprecatedHeaderType() const;
89 89
90 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 90 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
91 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const; 91 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNu mber& contextLine, ReportingStatus = SendReport) const;
92 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const; 92 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, ReportingStatus = SendReport) const;
93 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, ReportingStatus = SendReport) const; 93 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, ReportingStatus = SendReport) const;
94 bool allowEval(ScriptState* = 0, ReportingStatus = SendReport) const; 94 bool allowEval(ScriptState* = 0, ReportingStatus = SendReport) const;
95 bool allowScriptNonce(const String& nonce, const String& contextURL, const W TF::OrdinalNumber& contextLine, const KURL& = KURL()) const;
96 bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const; 95 bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
97 96
98 bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const; 97 bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const;
99 bool allowObjectFromSource(const KURL&, ReportingStatus = SendReport) const; 98 bool allowObjectFromSource(const KURL&, ReportingStatus = SendReport) const;
100 bool allowChildFrameFromSource(const KURL&, ReportingStatus = SendReport) co nst; 99 bool allowChildFrameFromSource(const KURL&, ReportingStatus = SendReport) co nst;
101 bool allowImageFromSource(const KURL&, ReportingStatus = SendReport) const; 100 bool allowImageFromSource(const KURL&, ReportingStatus = SendReport) const;
102 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const; 101 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const;
103 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const; 102 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const;
104 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const; 103 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const;
105 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const; 104 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const;
106 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const; 105 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const;
107 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const; 106 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
107 bool allowScriptNonce(const String& nonce) const;
108 108
109 ReflectedXSSDisposition reflectedXSSDisposition() const; 109 ReflectedXSSDisposition reflectedXSSDisposition() const;
110 110
111 void setOverrideAllowInlineStyle(bool); 111 void setOverrideAllowInlineStyle(bool);
112 112
113 bool isActive() const; 113 bool isActive() const;
114 void gatherReportURIs(DOMStringList&) const; 114 void gatherReportURIs(DOMStringList&) const;
115 115
116 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression) const; 116 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression) const;
117 void reportDuplicateDirective(const String&) const; 117 void reportDuplicateDirective(const String&) const;
(...skipping 26 matching lines...) Expand all
144 void logToConsole(const String& message, const String& contextURL = String() , const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), Scr iptState* = 0) const; 144 void logToConsole(const String& message, const String& contextURL = String() , const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), Scr iptState* = 0) const;
145 145
146 ScriptExecutionContext* m_scriptExecutionContext; 146 ScriptExecutionContext* m_scriptExecutionContext;
147 bool m_overrideInlineStyleAllowed; 147 bool m_overrideInlineStyleAllowed;
148 CSPDirectiveListVector m_policies; 148 CSPDirectiveListVector m_policies;
149 }; 149 };
150 150
151 } 151 }
152 152
153 #endif 153 #endif
OLDNEW
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/cache/CachedResourceRequest.h ('k') | Source/core/page/ContentSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698