mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-23 09:22:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
ladybird/Libraries/LibWeb/ContentSecurityPolicy/Directives/StyleSourceAttributeDirective.cpp
Luke Wilde 8e999bca62
Some checks are pending
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
Details
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details
LibWeb/CSP: Implement the style-src-attr directive
2025-07-18 11:58:04 +12:00

41 lines
1.7 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*
* Copyright (c) 2024, Luke Wilde <luke@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.h>
#include <LibWeb/ContentSecurityPolicy/Directives/Names.h>
#include <LibWeb/ContentSecurityPolicy/Directives/StyleSourceAttributeDirective.h>
#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
namespace Web::ContentSecurityPolicy::Directives {
GC_DEFINE_ALLOCATOR(StyleSourceAttributeDirective);
StyleSourceAttributeDirective::StyleSourceAttributeDirective(String name, Vector<String> value)
: Directive(move(name), move(value))
{
}
// https://w3c.github.io/webappsec-csp/#style-src-attr-inline
Directive::Result StyleSourceAttributeDirective::inline_check(GC::Heap&, GC::Ptr<DOM::Element const> element, InlineType type, GC::Ref<Policy const> policy, String const& source) const
{
// 1. Let name be the result of executing § 6.8.2 Get the effective directive for inline checks on type.
auto name = get_the_effective_directive_for_inline_checks(type);
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, style-src-attr and policy is "No",
// return "Allowed".
if (should_fetch_directive_execute(name, Names::StyleSrcAttr, policy) == ShouldExecute::No)
return Result::Allowed;
// 3. If the result of executing § 6.7.3.3 Does element match source list for type and source? on element, this
// directives value, type, and source, is "Does Not Match", return "Blocked".
if (does_element_match_source_list_for_type_and_source(element, value(), type, source) == MatchResult::DoesNotMatch)
return Result::Blocked;
// 4. Return "Allowed".
return Result::Allowed;
}
}
Reference in a new issue View git blame Copy permalink