From 855e17529cd7b96fab1b75d5384af28785b65096 Mon Sep 17 00:00:00 2001 From: Luke Wilde Date: Wed, 4 Dec 2024 14:43:15 +0000 Subject: [PATCH] LibWeb/CSP: Implement the report-to directive This doesn't do anything by itself, the report a violation algorithm will handle this directive itself. --- Libraries/LibWeb/CMakeLists.txt | 1 + .../Directives/DirectiveFactory.cpp | 4 +++ .../Directives/ReportToDirective.cpp | 18 +++++++++++++ .../Directives/ReportToDirective.h | 25 +++++++++++++++++++ Libraries/LibWeb/Forward.h | 1 + 5 files changed, 49 insertions(+) create mode 100644 Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.cpp create mode 100644 Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h diff --git a/Libraries/LibWeb/CMakeLists.txt b/Libraries/LibWeb/CMakeLists.txt index 35a604294d8..e2826f05eb4 100644 --- a/Libraries/LibWeb/CMakeLists.txt +++ b/Libraries/LibWeb/CMakeLists.txt @@ -60,6 +60,7 @@ set(SOURCES ContentSecurityPolicy/Directives/MediaSourceDirective.cpp ContentSecurityPolicy/Directives/Names.cpp ContentSecurityPolicy/Directives/ObjectSourceDirective.cpp + ContentSecurityPolicy/Directives/ReportToDirective.cpp ContentSecurityPolicy/Directives/ReportUriDirective.cpp ContentSecurityPolicy/Directives/ScriptSourceAttributeDirective.cpp ContentSecurityPolicy/Directives/ScriptSourceDirective.cpp diff --git a/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.cpp b/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.cpp index 9427319188e..cff65cbdfe1 100644 --- a/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.cpp +++ b/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.cpp @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -69,6 +70,9 @@ GC::Ref create_directive(GC::Heap& heap, String name, Vector if (name == Names::ObjectSrc) return heap.allocate(move(name), move(value)); + if (name == Names::ReportTo) + return heap.allocate(move(name), move(value)); + if (name == Names::ReportUri) return heap.allocate(move(name), move(value)); diff --git a/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.cpp b/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.cpp new file mode 100644 index 00000000000..fd5a6cf6c7f --- /dev/null +++ b/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.cpp @@ -0,0 +1,18 @@ +/* + * Copyright (c) 2024, Luke Wilde + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +namespace Web::ContentSecurityPolicy::Directives { + +GC_DEFINE_ALLOCATOR(ReportToDirective); + +ReportToDirective::ReportToDirective(String name, Vector value) + : Directive(move(name), move(value)) +{ +} + +} diff --git a/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h b/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h new file mode 100644 index 00000000000..960564989a0 --- /dev/null +++ b/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2024, Luke Wilde + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include + +namespace Web::ContentSecurityPolicy::Directives { + +// https://w3c.github.io/webappsec-csp/#directive-report-to +class ReportToDirective final : public Directive { + GC_CELL(ReportToDirective, Directive) + GC_DECLARE_ALLOCATOR(ReportToDirective); + +public: + virtual ~ReportToDirective() = default; + +private: + ReportToDirective(String name, Vector value); +}; + +} diff --git a/Libraries/LibWeb/Forward.h b/Libraries/LibWeb/Forward.h index 0713d679559..57cdc7d8c1c 100644 --- a/Libraries/LibWeb/Forward.h +++ b/Libraries/LibWeb/Forward.h @@ -149,6 +149,7 @@ class ImageSourceDirective; class ManifestSourceDirective; class MediaSourceDirective; class ObjectSourceDirective; +class ReportToDirective; class ReportUriDirective; class ScriptSourceAttributeDirective; class ScriptSourceDirective;