#define ContentSecurityPolicy_h
#include "bindings/v8/ScriptState.h"
+#include "core/dom/Document.h"
#include "platform/network/HTTPParsers.h"
#include "platform/weborigin/ReferrerPolicy.h"
#include "wtf/HashSet.h"
bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
- bool allowEval(ScriptState* = 0, ReportingStatus = SendReport) const;
+ bool allowScriptEval(ScriptState* = 0, ReportingStatus = SendReport) const;
+ bool allowStyleEval(ScriptState* = 0, ReportingStatus = SendReport) const;
bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const;
bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
bool allowAncestors(Frame*, ReportingStatus = SendReport) const;
bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
+ bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
// The nonce and hash allow functions are guaranteed to not have any side
// effects, including reporting.
void reportInvalidInReportOnly(const String&) const;
void reportInvalidReferrer(const String&) const;
void reportReportOnlyInMeta(const String&) const;
+ void reportMetaOutsideHead(const String&) const;
void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header);
void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
SecurityOrigin* securityOrigin() const;
void enforceSandboxFlags(SandboxFlags) const;
String evalDisabledErrorMessage() const;
+ String styleEvalDisabledErrorMessage() const;
bool experimentalFeaturesEnabled() const;
static bool shouldBypassMainWorld(ExecutionContext*);
- ExecutionContextClient* client() { return m_client; }
+ ExecutionContextClient* client() const { return m_client; }
+ Document* document() const { return client()->isDocument() ? toDocument(client()) : 0; }
private:
explicit ContentSecurityPolicy(ExecutionContextClient*);