ContentSecurityPolicy.h [plain text]
#ifndef ContentSecurityPolicy_h
#define ContentSecurityPolicy_h
#include <wtf/Vector.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
class CSPDirective;
class Document;
class KURL;
class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> {
public:
static PassRefPtr<ContentSecurityPolicy> create(Document* document)
{
return adoptRef(new ContentSecurityPolicy(document));
}
~ContentSecurityPolicy();
enum HeaderType {
ReportOnly,
EnforcePolicy
};
void didReceiveHeader(const String&, HeaderType);
bool allowJavaScriptURLs() const;
bool allowInlineEventHandlers() const;
bool allowInlineScript() const;
bool allowInlineStyle() const;
bool allowEval() const;
bool allowScriptFromSource(const KURL&) const;
bool allowObjectFromSource(const KURL&) const;
bool allowChildFrameFromSource(const KURL&) const;
bool allowImageFromSource(const KURL&) const;
bool allowStyleFromSource(const KURL&) const;
bool allowFontFromSource(const KURL&) const;
bool allowMediaFromSource(const KURL&) const;
private:
explicit ContentSecurityPolicy(Document*);
void parse(const String&);
bool parseDirective(const UChar* begin, const UChar* end, String& name, String& value);
void parseReportURI(const String&);
void addDirective(const String& name, const String& value);
PassOwnPtr<CSPDirective> createCSPDirective(const String& name, const String& value);
CSPDirective* operativeDirective(CSPDirective*) const;
void reportViolation(const String& directiveText, const String& consoleMessage) const;
bool checkEval(CSPDirective*) const;
bool checkInlineAndReportViolation(CSPDirective*, const String& consoleMessage) const;
bool checkEvalAndReportViolation(CSPDirective*, const String& consoleMessage) const;
bool checkSourceAndReportViolation(CSPDirective*, const KURL&, const String& type) const;
bool denyIfEnforcingPolicy() const { return m_reportOnly; }
bool m_havePolicy;
Document* m_document;
bool m_reportOnly;
OwnPtr<CSPDirective> m_defaultSrc;
OwnPtr<CSPDirective> m_scriptSrc;
OwnPtr<CSPDirective> m_objectSrc;
OwnPtr<CSPDirective> m_frameSrc;
OwnPtr<CSPDirective> m_imgSrc;
OwnPtr<CSPDirective> m_styleSrc;
OwnPtr<CSPDirective> m_fontSrc;
OwnPtr<CSPDirective> m_mediaSrc;
Vector<KURL> m_reportURLs;
};
}
#endif