ladybird/Libraries/LibWeb/ContentSecurityPolicy/PolicyList.h
Luke Wilde e34a6c86b9 LibWeb: Introduce Content Security Policy policies and directives
These form the basis of Content Security Policy. A policy is a
collection of directives that are parsed from either the
Content-Security-Policy(-Report-Only) HTTP header, or the `<meta>`
element.

The directives are what restrict the operations can be performed in the
current global execution context. For example, "frame-ancestors: none"
tells us to prevent the page from being loaded in an embedded context,
such as `<iframe>`.

You can see it a bit like OpenBSD's pledge() functionality, but for the
web platform: https://man.openbsd.org/pledge.2
2025-03-04 14:27:19 +01:00

44 lines
1.2 KiB
C++

/*
* Copyright (c) 2025, Luke Wilde <luke@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#pragma once
#include <LibGC/CellAllocator.h>
#include <LibJS/Heap/Cell.h>
#include <LibWeb/ContentSecurityPolicy/Policy.h>
namespace Web::ContentSecurityPolicy {
class PolicyList final : public JS::Cell {
GC_CELL(PolicyList, JS::Cell);
GC_DECLARE_ALLOCATOR(PolicyList);
public:
[[nodiscard]] static GC::Ref<PolicyList> create(JS::Realm&, GC::RootVector<GC::Ref<Policy>> const&);
[[nodiscard]] static GC::Ref<PolicyList> create(JS::Realm&, Vector<SerializedPolicy> const&);
[[nodiscard]] static GC::Ptr<PolicyList> from_object(JS::Object&);
virtual ~PolicyList() = default;
[[nodiscard]] Vector<GC::Ref<Policy>> const& policies() const { return m_policies; }
[[nodiscard]] bool contains_header_delivered_policy() const;
[[nodiscard]] HTML::SandboxingFlagSet csp_derived_sandboxing_flags() const;
[[nodiscard]] GC::Ref<PolicyList> clone(JS::Realm&) const;
[[nodiscard]] Vector<SerializedPolicy> serialize() const;
protected:
virtual void visit_edges(Cell::Visitor&) override;
private:
PolicyList() = default;
Vector<GC::Ref<Policy>> m_policies;
};
}