summaryrefslogtreecommitdiffstats
path: root/Source/WebCore/page/ContentSecurityPolicy.h
diff options
context:
space:
mode:
Diffstat (limited to 'Source/WebCore/page/ContentSecurityPolicy.h')
-rw-r--r--Source/WebCore/page/ContentSecurityPolicy.h17
1 files changed, 17 insertions, 0 deletions
diff --git a/Source/WebCore/page/ContentSecurityPolicy.h b/Source/WebCore/page/ContentSecurityPolicy.h
index a7cd216..2b430f4 100644
--- a/Source/WebCore/page/ContentSecurityPolicy.h
+++ b/Source/WebCore/page/ContentSecurityPolicy.h
@@ -32,6 +32,7 @@
namespace WebCore {
class CSPDirective;
+class CSPOptions;
class KURL;
class SecurityOrigin;
@@ -47,11 +48,21 @@ public:
bool allowJavaScriptURLs() const;
bool allowInlineEventHandlers() const;
+ bool allowInlineScript() const;
+ bool allowEval() const;
+
bool allowScriptFromSource(const KURL&) const;
+ bool allowObjectFromSource(const KURL&) const;
+ bool allowImageFromSource(const KURL&) const;
+ bool allowStyleFromSource(const KURL&) const;
+ bool allowFontFromSource(const KURL&) const;
+ bool allowMediaFromSource(const KURL&) const;
private:
explicit ContentSecurityPolicy(SecurityOrigin*);
+ bool protectAgainstXSS() const;
+
void parse(const String&);
bool parseDirective(const UChar* begin, const UChar* end, String& name, String& value);
void addDirective(const String& name, const String& value);
@@ -59,6 +70,12 @@ private:
bool m_havePolicy;
RefPtr<SecurityOrigin> m_origin;
OwnPtr<CSPDirective> m_scriptSrc;
+ OwnPtr<CSPDirective> m_objectSrc;
+ OwnPtr<CSPDirective> m_imgSrc;
+ OwnPtr<CSPDirective> m_styleSrc;
+ OwnPtr<CSPDirective> m_fontSrc;
+ OwnPtr<CSPDirective> m_mediaSrc;
+ OwnPtr<CSPOptions> m_options;
};
}
generated by cgit v1.1 at 2024-05-23 05:11:05 +0000