Upstream version 5.34.104.0

[platform/framework/web/crosswalk.git] / src / third_party / WebKit / Source / core / frame / ContentSecurityPolicy.h

diff --git a/src/third_party/WebKit/Source/core/frame/ContentSecurityPolicy.h b/src/third_party/WebKit/Source/core/frame/ContentSecurityPolicy.h
index d17073d..6cf0205 100644 (file)
--- a/src/third_party/WebKit/Source/core/frame/ContentSecurityPolicy.h
+++ b/src/third_party/WebKit/Source/core/frame/ContentSecurityPolicy.h
@@ -27,6 +27,7 @@
 #define ContentSecurityPolicy_h
 
 #include "bindings/v8/ScriptState.h"
+#include "core/dom/Document.h"
 #include "platform/network/HTTPParsers.h"
 #include "platform/weborigin/ReferrerPolicy.h"
 #include "wtf/HashSet.h"
@@ -97,7 +98,8 @@ public:
     bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowEval(ScriptState* = 0, ReportingStatus = SendReport) const;
+    bool allowScriptEval(ScriptState* = 0, ReportingStatus = SendReport) const;
+    bool allowStyleEval(ScriptState* = 0, ReportingStatus = SendReport) const;
     bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
 
     bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const;
@@ -112,6 +114,7 @@ public:
     bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
     bool allowAncestors(Frame*, ReportingStatus = SendReport) const;
     bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
+    bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
 
     // The nonce and hash allow functions are guaranteed to not have any side
     // effects, including reporting.
@@ -145,6 +148,7 @@ public:
     void reportInvalidInReportOnly(const String&) const;
     void reportInvalidReferrer(const String&) const;
     void reportReportOnlyInMeta(const String&) const;
+    void reportMetaOutsideHead(const String&) const;
     void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header);
 
     void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
@@ -154,12 +158,14 @@ public:
     SecurityOrigin* securityOrigin() const;
     void enforceSandboxFlags(SandboxFlags) const;
     String evalDisabledErrorMessage() const;
+    String styleEvalDisabledErrorMessage() const;
 
     bool experimentalFeaturesEnabled() const;
 
     static bool shouldBypassMainWorld(ExecutionContext*);
 
-    ExecutionContextClient* client() { return m_client; }
+    ExecutionContextClient* client() const { return m_client; }
+    Document* document() const { return client()->isDocument() ? toDocument(client()) : 0; }
 
 private:
     explicit ContentSecurityPolicy(ExecutionContextClient*);