mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-28 19:59:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

LibWeb/CSP: Implement the style-src-attr directive
Some checks are pending
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
Details
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details

Browse source
This commit is contained in:
Luke Wilde 2024-12-03 17:27:12 +00:00 committed by Shannon Booth
commit 8e999bca62
Notes: github-actions[bot] 2025-07-17 23:59:11 +00:00
5 changed files with 74 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

41
Libraries/LibWeb/ContentSecurityPolicy/Directives/StyleSourceAttributeDirective.cpp Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright (c) 2024, Luke Wilde <luke@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.h>
#include <LibWeb/ContentSecurityPolicy/Directives/Names.h>
#include <LibWeb/ContentSecurityPolicy/Directives/StyleSourceAttributeDirective.h>
#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
namespace Web::ContentSecurityPolicy::Directives {
GC_DEFINE_ALLOCATOR(StyleSourceAttributeDirective);
StyleSourceAttributeDirective::StyleSourceAttributeDirective(String name, Vector<String> value)
: Directive(move(name), move(value))
{
}
// https://w3c.github.io/webappsec-csp/#style-src-attr-inline
Directive::Result StyleSourceAttributeDirective::inline_check(GC::Heap&, GC::Ptr<DOM::Element const> element, InlineType type, GC::Ref<Policy const> policy, String const& source) const
{
// 1. Let name be the result of executing § 6.8.2 Get the effective directive for inline checks on type.
auto name = get_the_effective_directive_for_inline_checks(type);
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, style-src-attr and policy is "No",
// return "Allowed".
if (should_fetch_directive_execute(name, Names::StyleSrcAttr, policy) == ShouldExecute::No)
return Result::Allowed;
// 3. If the result of executing § 6.7.3.3 Does element match source list for type and source? on element, this
// directives value, type, and source, is "Does Not Match", return "Blocked".
if (does_element_match_source_list_for_type_and_source(element, value(), type, source) == MatchResult::DoesNotMatch)
return Result::Blocked;
// 4. Return "Allowed".
return Result::Allowed;
}
}