1 | /* |
2 | * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 | * Copyright (C) 2016 Apple Inc. All rights reserved. |
4 | * |
5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions |
7 | * are met: |
8 | * 1. Redistributions of source code must retain the above copyright |
9 | * notice, this list of conditions and the following disclaimer. |
10 | * 2. Redistributions in binary form must reproduce the above copyright |
11 | * notice, this list of conditions and the following disclaimer in the |
12 | * documentation and/or other materials provided with the distribution. |
13 | * |
14 | * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY |
15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR |
18 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
19 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
20 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
21 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
22 | * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
24 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
25 | */ |
26 | |
27 | #include "config.h" |
28 | #include "ContentSecurityPolicySourceListDirective.h" |
29 | |
30 | #include "ContentSecurityPolicy.h" |
31 | #include "ContentSecurityPolicyDirectiveList.h" |
32 | #include <wtf/URL.h> |
33 | |
34 | namespace WebCore { |
35 | |
36 | ContentSecurityPolicySourceListDirective::ContentSecurityPolicySourceListDirective(const ContentSecurityPolicyDirectiveList& directiveList, const String& name, const String& value) |
37 | : ContentSecurityPolicyDirective(directiveList, name, value) |
38 | , m_sourceList(directiveList.policy(), name) |
39 | { |
40 | m_sourceList.parse(value); |
41 | } |
42 | |
43 | bool ContentSecurityPolicySourceListDirective::allows(const URL& url, bool didReceiveRedirectResponse, ShouldAllowEmptyURLIfSourceListIsNotNone shouldAllowEmptyURLIfSourceListEmpty) |
44 | { |
45 | if (url.isEmpty()) |
46 | return shouldAllowEmptyURLIfSourceListEmpty == ShouldAllowEmptyURLIfSourceListIsNotNone::Yes && !m_sourceList.isNone(); |
47 | return m_sourceList.matches(url, didReceiveRedirectResponse); |
48 | } |
49 | |
50 | bool ContentSecurityPolicySourceListDirective::allows(const String& nonce) const |
51 | { |
52 | return m_sourceList.matches(nonce); |
53 | } |
54 | |
55 | bool ContentSecurityPolicySourceListDirective::allows(const ContentSecurityPolicyHash& hash) const |
56 | { |
57 | return m_sourceList.matches(hash); |
58 | } |
59 | |
60 | } // namespace WebCore |
61 | |