mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-09-12 04:22:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Create policy containers from responses and then run CSP init

Browse source 
This allows us to parse the Content-Security-Policy header and
Referrer-Policy header from navigation responses and actually allow
them to start having an effect.
This commit is contained in:
Luke Wilde 2024-11-25 17:01:26 +00:00 committed by Alexander Kalenik
commit 819bff9ec0
Notes: github-actions[bot] 2025-03-13 15:20:26 +00:00
8 changed files with 113 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

20
Libraries/LibWeb/DOM/Document.cpp
View file

@ -47,6 +47,9 @@
#include <LibWeb/CSS/SystemColor.h>
#include <LibWeb/CSS/TransitionEvent.h>
#include <LibWeb/CSS/VisualViewport.h>
#include <LibWeb/ContentSecurityPolicy/Directives/Directive.h>
#include <LibWeb/ContentSecurityPolicy/Policy.h>
#include <LibWeb/ContentSecurityPolicy/PolicyList.h>
#include <LibWeb/Cookie/ParsedCookie.h>
#include <LibWeb/DOM/AdoptedStyleSheets.h>
#include <LibWeb/DOM/Attr.h>
@ -379,7 +382,8 @@ WebIDL::ExceptionOr<GC::Ref<Document>> Document::create_and_initialize(Type type
// 10. Set window's associated Document to document.
window->set_associated_document(*document);
// FIXME: 11. Run CSP initialization for a Document given document.
// 11. Run CSP initialization for a Document given document.
document->run_csp_initialization();
// 12. If navigationParams's request is non-null, then:
if (navigation_params.request) {
@ -6386,6 +6390,20 @@ Document::StepsToFireBeforeunloadResult Document::steps_to_fire_beforeunload(boo
return { unload_prompt_shown, unload_prompt_canceled };
}
// https://w3c.github.io/webappsec-csp/#run-document-csp-initialization
void Document::run_csp_initialization() const
{
// 1. For each policy of documents policy container's CSP list:
for (auto policy : policy_container()->csp_list->policies()) {
// 1. For each directive of policy:
for (auto directive : policy->directives()) {
// 1. Execute directives initialization algorithm on document, and assert: its returned value is "Allowed".
auto result = directive->initialization(GC::Ref { *this }, policy);
VERIFY(result == ContentSecurityPolicy::Directives::Directive::Result::Allowed);
}
}
}
WebIDL::CallbackType* Document::onreadystatechange()
{
return event_handler_attribute(HTML::EventNames::readystatechange);

2
Libraries/LibWeb/DOM/Document.h
View file

@ -944,6 +944,8 @@ private:
}
}
void run_csp_initialization() const;
GC::Ref<Page> m_page;
OwnPtr<CSS::StyleComputer> m_style_computer;
GC::Ptr<CSS::StyleSheetList> m_style_sheets;