ContentSecurityPolicy.h [plain text]
#ifndef ContentSecurityPolicy_h
#define ContentSecurityPolicy_h
#include <wtf/PassOwnPtr.h>
#include <wtf/RefCounted.h>
#include <wtf/Vector.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
class CSPDirectiveList;
class ScriptExecutionContext;
class KURL;
class ContentSecurityPolicy {
public:
static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scriptExecutionContext)
{
return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext));
}
~ContentSecurityPolicy();
void copyStateFrom(const ContentSecurityPolicy*);
enum HeaderType {
ReportOnly,
EnforcePolicy
};
void didReceiveHeader(const String&, HeaderType);
const String& header() const;
HeaderType headerType() const;
bool allowJavaScriptURLs() const;
bool allowInlineEventHandlers() const;
bool allowInlineScript() const;
bool allowInlineStyle() const;
bool allowEval() const;
bool allowScriptFromSource(const KURL&) const;
bool allowObjectFromSource(const KURL&) const;
bool allowChildFrameFromSource(const KURL&) const;
bool allowImageFromSource(const KURL&) const;
bool allowStyleFromSource(const KURL&) const;
bool allowFontFromSource(const KURL&) const;
bool allowMediaFromSource(const KURL&) const;
bool allowConnectFromSource(const KURL&) const;
void setOverrideAllowInlineStyle(bool);
private:
explicit ContentSecurityPolicy(ScriptExecutionContext*);
ScriptExecutionContext* m_scriptExecutionContext;
bool m_overrideInlineStyleAllowed;
OwnPtr<CSPDirectiveList> m_policy;
};
}
#endif