mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-07-28 19:59:17 +00:00
LibWeb: Introduce Content Security Policy policies and directives
These form the basis of Content Security Policy. A policy is a collection of directives that are parsed from either the Content-Security-Policy(-Report-Only) HTTP header, or the `<meta>` element. The directives are what restrict the operations can be performed in the current global execution context. For example, "frame-ancestors: none" tells us to prevent the page from being loaded in an embedded context, such as `<iframe>`. You can see it a bit like OpenBSD's pledge() functionality, but for the web platform: https://man.openbsd.org/pledge.2
This commit is contained in:
parent
d17bd2c5f1
commit
e34a6c86b9
Notes:
github-actions[bot]
2025-03-04 13:28:21 +00:00
Author: https://github.com/Lubrsi
Commit: e34a6c86b9
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3662
20 changed files with 846 additions and 3 deletions
|
@ -26,7 +26,8 @@ public:
|
|||
virtual ~PolicyContainer() = default;
|
||||
|
||||
// https://html.spec.whatwg.org/multipage/origin.html#policy-container-csp-list
|
||||
// FIXME: A CSP list, which is a CSP list. It is initially empty.
|
||||
// A CSP list, which is a CSP list. It is initially empty.
|
||||
GC::Ref<ContentSecurityPolicy::PolicyList> csp_list;
|
||||
|
||||
// https://html.spec.whatwg.org/multipage/origin.html#policy-container-embedder-policy
|
||||
// An embedder policy, which is an embedder policy. It is initially a new embedder policy.
|
||||
|
@ -39,6 +40,9 @@ public:
|
|||
[[nodiscard]] GC::Ref<PolicyContainer> clone(JS::Realm&) const;
|
||||
[[nodiscard]] SerializedPolicyContainer serialize() const;
|
||||
|
||||
protected:
|
||||
virtual void visit_edges(Cell::Visitor&) override;
|
||||
|
||||
private:
|
||||
PolicyContainer(JS::Realm&);
|
||||
};
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue