//
bool CSPSourceList::parseNonce(const UChar* begin, const UChar* end, String& nonce)
{
- DEFINE_STATIC_LOCAL(const String, noncePrefix, ("'nonce-"));
+ size_t nonceLength = end - begin;
+ const char* prefix = "'nonce-";
- if (!equalIgnoringCase(noncePrefix.characters8(), begin, noncePrefix.length()))
+ if (nonceLength <= strlen(prefix) || !equalIgnoringCase(prefix, begin, strlen(prefix)))
return true;
- const UChar* position = begin + noncePrefix.length();
+ const UChar* position = begin + strlen(prefix);
const UChar* nonceBegin = position;
+ ASSERT(position < end);
skipWhile<UChar, isNonceCharacter>(position, end);
ASSERT(nonceBegin <= position);
- if ((position + 1) != end || *position != '\'' || !(position - nonceBegin))
+ if (position + 1 != end || *position != '\'' || position == nonceBegin)
return false;
nonce = String(nonceBegin, position - nonceBegin);
// respective entries in the kAlgorithmMap array in checkDigest().
static const struct {
const char* prefix;
- ContentSecurityPolicyHashAlgorithm algorithm;
+ ContentSecurityPolicyHashAlgorithm type;
} kSupportedPrefixes[] = {
{ "'sha1-", ContentSecurityPolicyHashAlgorithmSha1 },
{ "'sha256-", ContentSecurityPolicyHashAlgorithmSha256 },
String prefix;
hashAlgorithm = ContentSecurityPolicyHashAlgorithmNone;
+ size_t hashLength = end - begin;
- // Instead of this sizeof() calculation to get the length of this array,
- // it would be preferable to use WTF_ARRAY_LENGTH for simplicity and to
- // guarantee a compile time calculation. Unfortunately, on some
- // compliers, the call to WTF_ARRAY_LENGTH fails on arrays of anonymous
- // stucts, so, for now, it is necessary to resort to this sizeof
- // calculation.
- for (size_t i = 0; i < (sizeof(kSupportedPrefixes) / sizeof(kSupportedPrefixes[0])); i++) {
- if (equalIgnoringCase(kSupportedPrefixes[i].prefix, begin, strlen(kSupportedPrefixes[i].prefix))) {
- prefix = kSupportedPrefixes[i].prefix;
- hashAlgorithm = kSupportedPrefixes[i].algorithm;
+ for (const auto& algorithm : kSupportedPrefixes) {
+ if (hashLength > strlen(algorithm.prefix) && equalIgnoringCase(algorithm.prefix, begin, strlen(algorithm.prefix))) {
+ prefix = algorithm.prefix;
+ hashAlgorithm = algorithm.type;
break;
}
}
const UChar* position = begin + prefix.length();
const UChar* hashBegin = position;
+ ASSERT(position < end);
skipWhile<UChar, isBase64EncodedCharacter>(position, end);
ASSERT(hashBegin <= position);
// Base64 encodings may end with exactly one or two '=' characters
- skipExactly<UChar>(position, position + 1, '=');
- skipExactly<UChar>(position, position + 1, '=');
+ if (position < end)
+ skipExactly<UChar>(position, position + 1, '=');
+ if (position < end)
+ skipExactly<UChar>(position, position + 1, '=');
- if ((position + 1) != end || *position != '\'' || !(position - hashBegin))
+ if (position + 1 != end || *position != '\'' || position == hashBegin)
return false;
Vector<char> hashVector;