mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-08-01 05:39:11 +00:00
LibWeb: Enforce Content Security Policy on navigation request/response
Some checks are pending
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (macos-14, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
Some checks are pending
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (macos-14, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
This commit is contained in:
Luke Wilde
Alexander Kalenik
parent
004173f88b
commit
278666edcd
Notes:
github-actions[bot]
2025-04-01 02:02:22 +00:00
Author: https://github.com/Lubrsi
Commit: 278666edcd
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4143
7 changed files with 256 additions and 19 deletions
|
|
@ -190,4 +190,38 @@ ShouldExecute should_fetch_directive_execute(Optional<FlyString> effective_direc
|
|||
return ShouldExecute::No;
|
||||
}
|
||||
|
||||
// https://w3c.github.io/webappsec-csp/#effective-directive-for-inline-check
|
||||
FlyString get_the_effective_directive_for_inline_checks(Directive::InlineType type)
|
||||
{
|
||||
// Spec Note: While the effective directive is only defined for requests, in this algorithm it is used similarly to
|
||||
// mean the directive that is most relevant to a particular type of inline check.
|
||||
|
||||
// Switch on type:
|
||||
switch (type) {
|
||||
// "script"
|
||||
// "navigation"
|
||||
// Return script-src-elem.
|
||||
case Directive::InlineType::Script:
|
||||
case Directive::InlineType::Navigation:
|
||||
return Names::ScriptSrcElem;
|
||||
// "script attribute"
|
||||
// Return script-src-attr.
|
||||
case Directive::InlineType::ScriptAttribute:
|
||||
return Names::ScriptSrcAttr;
|
||||
// "style"
|
||||
// Return style-src-elem.
|
||||
case Directive::InlineType::Style:
|
||||
return Names::StyleSrcElem;
|
||||
// "style attribute"
|
||||
// Return style-src-attr.
|
||||
case Directive::InlineType::StyleAttribute:
|
||||
return Names::StyleSrcAttr;
|
||||
}
|
||||
|
||||
// 2. Return null.
|
||||
// FIXME: File spec issue that this should be invalid, as the result of this algorithm ends up being piped into
|
||||
// Violation's effective directive, which is defined to be a non-empty string.
|
||||
VERIFY_NOT_REACHED();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue