2 * Copyright (C) 2011 Google, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 #ifndef ContentSecurityPolicy_h
27 #define ContentSecurityPolicy_h
29 #include "bindings/v8/ScriptState.h"
30 #include "core/dom/Document.h"
31 #include "platform/network/HTTPParsers.h"
32 #include "platform/weborigin/ReferrerPolicy.h"
33 #include "wtf/HashSet.h"
34 #include "wtf/PassOwnPtr.h"
35 #include "wtf/Vector.h"
36 #include "wtf/text/StringHash.h"
37 #include "wtf/text/TextPosition.h"
38 #include "wtf/text/WTFString.h"
46 class ContentSecurityPolicyResponseHeaders;
47 class CSPDirectiveList;
51 class ExecutionContextClient;
54 typedef int SandboxFlags;
55 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
57 class ContentSecurityPolicy {
58 WTF_MAKE_FAST_ALLOCATED;
60 static PassOwnPtr<ContentSecurityPolicy> create(ExecutionContextClient* client)
62 return adoptPtr(new ContentSecurityPolicy(client));
64 ~ContentSecurityPolicy();
66 void copyStateFrom(const ContentSecurityPolicy*);
78 enum ReportingStatus {
84 HashAlgorithmsNone = 0,
85 HashAlgorithmsSha1 = 1 << 1,
86 HashAlgorithmsSha256 = 1 << 2
89 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
90 void didReceiveHeader(const String&, HeaderType, HeaderSource);
92 // These functions are wrong because they assume that there is only one header.
93 // FIXME: Replace them with functions that return vectors.
94 const String& deprecatedHeader() const;
95 HeaderType deprecatedHeaderType() const;
97 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
98 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
99 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
100 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
101 bool allowScriptEval(ScriptState* = 0, ReportingStatus = SendReport) const;
102 bool allowStyleEval(ScriptState* = 0, ReportingStatus = SendReport) const;
103 bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
105 bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const;
106 bool allowObjectFromSource(const KURL&, ReportingStatus = SendReport) const;
107 bool allowChildFrameFromSource(const KURL&, ReportingStatus = SendReport) const;
108 bool allowImageFromSource(const KURL&, ReportingStatus = SendReport) const;
109 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const;
110 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const;
111 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const;
112 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const;
113 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const;
114 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
115 bool allowAncestors(Frame*, ReportingStatus = SendReport) const;
116 bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
117 bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
119 // The nonce and hash allow functions are guaranteed to not have any side
120 // effects, including reporting.
121 bool allowScriptNonce(const String& nonce) const;
122 bool allowStyleNonce(const String& nonce) const;
123 bool allowScriptHash(const String& source) const;
124 bool allowStyleHash(const String& source) const;
126 void usesScriptHashAlgorithms(uint8_t HashAlgorithms);
127 void usesStyleHashAlgorithms(uint8_t HashAlgorithms);
129 ReflectedXSSDisposition reflectedXSSDisposition() const;
131 ReferrerPolicy referrerPolicy() const;
132 bool didSetReferrerPolicy() const;
134 void setOverrideAllowInlineStyle(bool);
136 bool isActive() const;
138 void reportDirectiveAsSourceExpression(const String& directiveName, const String& sourceExpression) const;
139 void reportDuplicateDirective(const String&) const;
140 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const;
141 void reportInvalidPathCharacter(const String& directiveName, const String& value, const char) const;
142 void reportInvalidPluginTypes(const String&) const;
143 void reportInvalidSandboxFlags(const String&) const;
144 void reportInvalidSourceExpression(const String& directiveName, const String& source) const;
145 void reportInvalidReflectedXSS(const String&) const;
146 void reportMissingReportURI(const String&) const;
147 void reportUnsupportedDirective(const String&) const;
148 void reportInvalidInReportOnly(const String&) const;
149 void reportInvalidReferrer(const String&) const;
150 void reportReportOnlyInMeta(const String&) const;
151 void reportMetaOutsideHead(const String&) const;
152 void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header);
154 void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
156 const KURL url() const;
157 KURL completeURL(const String&) const;
158 SecurityOrigin* securityOrigin() const;
159 void enforceSandboxFlags(SandboxFlags) const;
160 String evalDisabledErrorMessage() const;
161 String styleEvalDisabledErrorMessage() const;
163 bool experimentalFeaturesEnabled() const;
165 static bool shouldBypassMainWorld(ExecutionContext*);
167 ExecutionContextClient* client() const { return m_client; }
168 Document* document() const { return client()->isDocument() ? toDocument(client()) : 0; }
171 explicit ContentSecurityPolicy(ExecutionContextClient*);
173 void logToConsole(const String& message) const;
174 void addPolicyFromHeaderValue(const String&, HeaderType, HeaderSource);
176 bool shouldSendViolationReport(const String&) const;
177 void didSendViolationReport(const String&);
179 ExecutionContextClient* m_client;
180 bool m_overrideInlineStyleAllowed;
181 CSPDirectiveListVector m_policies;
183 HashSet<unsigned, AlreadyHashed> m_violationReportsSent;
185 // We put the hash functions used on the policy object so that we only need
186 // to calculate a hash once and then distribute it to all of the directives
188 uint8_t m_scriptHashAlgorithmsUsed;
189 uint8_t m_styleHashAlgorithmsUsed;