LibWeb: Support Content-Security-Policy http-equiv state on meta element

Author: https://github.com/shannonbooth Commit: e364443e60 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4854 Reviewed-by: https://github.com/gmta ✅
2025-09-01 15:18:06 +00:00 · 2024-11-26 14:04:49 +00:00 · 2024-11-26 14:04:49 +00:00 · e364443e60 · 2025-05-23 14:40:23 +00:00
commit e364443e60
parent 59e2416b61
5 changed files with 60 additions and 0 deletions
--- a/Libraries/LibWeb/ContentSecurityPolicy/Policy.cpp
+++ b/Libraries/LibWeb/ContentSecurityPolicy/Policy.cpp
@ -206,6 +206,18 @@ SerializedPolicy Policy::serialize() const
    };
 }

+void Policy::remove_directive(Badge<HTML::HTMLMetaElement>, FlyString const& name)
+{
+    m_directives.remove_all_matching([&name](auto const& directive) {
+        return directive->name() == name;
+    });
+}
+
+void Policy::set_self_origin(Badge<HTML::HTMLMetaElement>, URL::Origin const& origin)
+{
+    m_self_origin = origin;
+}
+
 void Policy::visit_edges(Cell::Visitor& visitor)
 {
    Base::visit_edges(visitor);
--- a/Libraries/LibWeb/ContentSecurityPolicy/Policy.h
+++ b/Libraries/LibWeb/ContentSecurityPolicy/Policy.h
@ -54,6 +54,9 @@ public:
    [[nodiscard]] GC::Ref<Policy> clone(GC::Heap&) const;
    [[nodiscard]] SerializedPolicy serialize() const;

+    void remove_directive(Badge<HTML::HTMLMetaElement>, FlyString const& name);
+    void set_self_origin(Badge<HTML::HTMLMetaElement>, URL::Origin const& origin);
+
 protected:
    virtual void visit_edges(Cell::Visitor&) override;

--- a/Libraries/LibWeb/ContentSecurityPolicy/PolicyList.cpp
+++ b/Libraries/LibWeb/ContentSecurityPolicy/PolicyList.cpp
@ -79,6 +79,13 @@ HTML::SandboxingFlagSet PolicyList::csp_derived_sandboxing_flags() const
    return HTML::SandboxingFlagSet {};
 }

+// https://w3c.github.io/webappsec-csp/#enforced
+void PolicyList::enforce_policy(GC::Ref<Policy> policy)
+{
+    // A policy is enforced or monitored for a global object by inserting it into the global object’s CSP list.
+    m_policies.append(policy);
+}
+
 GC::Ref<PolicyList> PolicyList::clone(GC::Heap& heap) const
 {
    auto policy_list = heap.allocate<PolicyList>();
--- a/Libraries/LibWeb/ContentSecurityPolicy/PolicyList.h
+++ b/Libraries/LibWeb/ContentSecurityPolicy/PolicyList.h
@ -30,6 +30,9 @@ public:
    [[nodiscard]] HTML::SandboxingFlagSet csp_derived_sandboxing_flags() const;

    [[nodiscard]] GC::Ref<PolicyList> clone(GC::Heap&) const;
+
+    void enforce_policy(GC::Ref<Policy>);
+
    [[nodiscard]] Vector<SerializedPolicy> serialize() const;

 protected: