Lines Matching refs:ContentSecurityPolicy
15 CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
28 PassOwnPtr<CSPDirectiveList> CSPDirectiveList::create(ContentSecurityPolicy* policy, const UChar* begin, const UChar* end, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
131 reportViolationWithState(directive->text(), ContentSecurityPolicy::ScriptSrc, consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), scriptState);
148 reportViolation(directive->text(), ContentSecurityPolicy::PluginTypes, message + "\n", KURL());
167 reportViolationWithLocation(directive->text(), isScript ? ContentSecurityPolicy::ScriptSrc : ContentSecurityPolicy::StyleSrc, consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), contextURL, contextLine);
183 if (ContentSecurityPolicy::BaseURI == effectiveDirective)
185 else if (ContentSecurityPolicy::ChildSrc == effectiveDirective)
187 else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective)
189 else if (ContentSecurityPolicy::FontSrc == effectiveDirective)
191 else if (ContentSecurityPolicy::FormAction == effectiveDirective)
193 else if (ContentSecurityPolicy::FrameSrc == effectiveDirective)
195 else if (ContentSecurityPolicy::ImgSrc == effectiveDirective)
197 else if (ContentSecurityPolicy::MediaSrc == effectiveDirective)
199 else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective)
201 else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective)
203 else if (ContentSecurityPolicy::StyleSrc == effectiveDirective)
223 bool CSPDirectiveList::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
226 if (reportingStatus == ContentSecurityPolicy::SendReport)
232 bool CSPDirectiveList::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
235 if (reportingStatus == ContentSecurityPolicy::SendReport)
240 bool CSPDirectiveList::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
243 return reportingStatus == ContentSecurityPolicy::SendReport ?
248 bool CSPDirectiveList::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
251 return reportingStatus == ContentSecurityPolicy::SendReport ?
256 bool CSPDirectiveList::allowEval(ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus reportingStatus) const
260 return reportingStatus == ContentSecurityPolicy::SendReport ?
265 bool CSPDirectiveList::allowPluginType(const String& type, const String& typeAttribute, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
267 return reportingStatus == ContentSecurityPolicy::SendReport ?
272 bool CSPDirectiveList::allowScriptFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
274 return reportingStatus == ContentSecurityPolicy::SendReport ?
275 checkSourceAndReportViolation(operativeDirective(m_scriptSrc.get()), url, ContentSecurityPolicy::ScriptSrc) :
279 bool CSPDirectiveList::allowObjectFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
283 return reportingStatus == ContentSecurityPolicy::SendReport ?
284 checkSourceAndReportViolation(operativeDirective(m_objectSrc.get()), url, ContentSecurityPolicy::ObjectSrc) :
288 bool CSPDirectiveList::allowChildFrameFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
304 return reportingStatus == ContentSecurityPolicy::SendReport ?
305 checkSourceAndReportViolation(whichDirective, url, ContentSecurityPolicy::FrameSrc) :
309 bool CSPDirectiveList::allowImageFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
311 return reportingStatus == ContentSecurityPolicy::SendReport ?
312 checkSourceAndReportViolation(operativeDirective(m_imgSrc.get()), url, ContentSecurityPolicy::ImgSrc) :
316 ContentSecurityPolicy::ReportingStatus reportingStatus) const
318 return reportingStatus == ContentSecurityPolicy::SendReport ?
319 checkSourceAndReportViolation(operativeDirective(m_styleSrc.get()), url, ContentSecurityPolicy::StyleSrc) :
323 bool CSPDirectiveList::allowFontFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
325 return reportingStatus == ContentSecurityPolicy::SendReport ?
326 checkSourceAndReportViolation(operativeDirective(m_fontSrc.get()), url, ContentSecurityPolicy::FontSrc) :
330 bool CSPDirectiveList::allowMediaFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
332 return reportingStatus == ContentSecurityPolicy::SendReport ?
333 checkSourceAndReportViolation(operativeDirective(m_mediaSrc.get()), url, ContentSecurityPolicy::MediaSrc) :
337 bool CSPDirectiveList::allowConnectToSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
339 return reportingStatus == ContentSecurityPolicy::SendReport ?
340 checkSourceAndReportViolation(operativeDirective(m_connectSrc.get()), url, ContentSecurityPolicy::ConnectSrc) :
344 bool CSPDirectiveList::allowFormAction(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
346 return reportingStatus == ContentSecurityPolicy::SendReport ?
347 checkSourceAndReportViolation(m_formAction.get(), url, ContentSecurityPolicy::FormAction) :
351 bool CSPDirectiveList::allowBaseURI(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
353 return reportingStatus == ContentSecurityPolicy::SendReport ?
354 checkSourceAndReportViolation(m_baseURI.get(), url, ContentSecurityPolicy::BaseURI) :
358 bool CSPDirectiveList::allowAncestors(LocalFrame* frame, ContentSecurityPolicy::ReportingStatus reportingStatus) const
360 return reportingStatus == ContentSecurityPolicy::SendReport ?
365 bool CSPDirectiveList::allowChildContextFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
367 return reportingStatus == ContentSecurityPolicy::SendReport ?
368 checkSourceAndReportViolation(operativeDirective(m_childSrc.get()), url, ContentSecurityPolicy::ChildSrc) :
632 if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) {
634 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) {
637 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) {
639 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) {
641 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) {
643 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) {
645 } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) {
648 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) {
650 } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) {
652 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) {
654 } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) {
656 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) {
659 if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI))
661 else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc))
663 else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction))
665 else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes))
667 else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS))
669 else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer))
