ContentSecurityPolicySourceList.h [plain text]
#pragma once
#include "ContentSecurityPolicyHash.h"
#include "ContentSecurityPolicySource.h"
#include <wtf/HashSet.h>
#include <wtf/OptionSet.h>
#include <wtf/text/StringHash.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
class ContentSecurityPolicy;
class ContentSecurityPolicySourceList {
public:
ContentSecurityPolicySourceList(const ContentSecurityPolicy&, const String& directiveName);
void parse(const String&);
bool matches(const URL&, bool didReceiveRedirectResponse) const;
bool matches(const ContentSecurityPolicyHash&) const;
bool matches(const String& nonce) const;
OptionSet<ContentSecurityPolicyHashAlgorithm> hashAlgorithmsUsed() const { return m_hashAlgorithmsUsed; }
bool allowInline() const { return m_allowInline && m_hashes.isEmpty() && m_nonces.isEmpty(); }
bool allowEval() const { return m_allowEval; }
bool allowSelf() const { return m_allowSelf; }
bool isNone() const { return m_isNone; }
private:
struct Host {
String value;
bool hasWildcard { false };
};
struct Port {
Optional<uint16_t> value;
bool hasWildcard { false };
};
struct Source {
String scheme;
Host host;
Port port;
String path;
};
bool isProtocolAllowedByStar(const URL&) const;
template<typename CharacterType> void parse(StringParsingBuffer<CharacterType>);
template<typename CharacterType> Optional<Source> parseSource(StringParsingBuffer<CharacterType>);
template<typename CharacterType> Optional<String> parseScheme(StringParsingBuffer<CharacterType>);
template<typename CharacterType> Optional<Host> parseHost(StringParsingBuffer<CharacterType>);
template<typename CharacterType> Optional<Port> parsePort(StringParsingBuffer<CharacterType>);
template<typename CharacterType> Optional<String> parsePath(StringParsingBuffer<CharacterType>);
template<typename CharacterType> bool parseNonceSource(StringParsingBuffer<CharacterType>);
template<typename CharacterType> bool parseHashSource(StringParsingBuffer<CharacterType>);
const ContentSecurityPolicy& m_policy;
Vector<ContentSecurityPolicySource> m_list;
HashSet<String> m_nonces;
HashSet<ContentSecurityPolicyHash> m_hashes;
OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsUsed;
String m_directiveName;
bool m_allowSelf { false };
bool m_allowStar { false };
bool m_allowInline { false };
bool m_allowEval { false };
bool m_isNone { false };
};
}