mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-23 09:22:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
ladybird/Libraries/LibWeb/ContentSecurityPolicy/Directives/StyleSourceElementDirective.cpp

91 lines
4.5 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*
* Copyright (c) 2024, Luke Wilde <luke@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.h>
#include <LibWeb/ContentSecurityPolicy/Directives/Names.h>
#include <LibWeb/ContentSecurityPolicy/Directives/StyleSourceElementDirective.h>
#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
namespace Web::ContentSecurityPolicy::Directives {
GC_DEFINE_ALLOCATOR(StyleSourceElementDirective);
StyleSourceElementDirective::StyleSourceElementDirective(String name, Vector<String> value)
: Directive(move(name), move(value))
{
}
// https://w3c.github.io/webappsec-csp/#style-src-elem-pre-request
Directive::Result StyleSourceElementDirective::pre_request_check(GC::Heap&, GC::Ref<Fetch::Infrastructure::Request const> request, GC::Ref<Policy const> policy) const
{
// 1. Let name be the result of executing § 6.8.1 Get the effective directive for request on request.
auto name = get_the_effective_directive_for_request(request);
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, style-src-elem and policy is "No",
// return "Allowed".
if (should_fetch_directive_execute(name, Names::StyleSrcElem, policy) == ShouldExecute::No)
return Result::Allowed;
// 3. If the result of executing § 6.7.2.3 Does nonce match source list? on requests cryptographic nonce metadata
// and this directives value is "Matches", return "Allowed".
if (does_nonce_match_source_list(request->cryptographic_nonce_metadata(), value()) == MatchResult::Matches)
return Result::Allowed;
// 4. If the result of executing § 6.7.2.5 Does request match source list? on request, this directives value, and
// policy, is "Does Not Match", return "Blocked".
if (does_request_match_source_list(request, value(), policy) == MatchResult::DoesNotMatch)
return Result::Blocked;
// 5. Return "Allowed".
return Result::Allowed;
}
// https://w3c.github.io/webappsec-csp/#style-src-elem-post-request
Directive::Result StyleSourceElementDirective::post_request_check(GC::Heap&, GC::Ref<Fetch::Infrastructure::Request const> request, GC::Ref<Fetch::Infrastructure::Response const> response, GC::Ref<Policy const> policy) const
{
// 1. Let name be the result of executing § 6.8.1 Get the effective directive for request on request.
auto name = get_the_effective_directive_for_request(request);
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, style-src-elem and policy is "No",
// return "Allowed".
if (should_fetch_directive_execute(name, Names::StyleSrcElem, policy) == ShouldExecute::No)
return Result::Allowed;
// 3. If the result of executing § 6.7.2.3 Does nonce match source list? on requests cryptographic nonce metadata
// and this directives value is "Matches", return "Allowed".
if (does_nonce_match_source_list(request->cryptographic_nonce_metadata(), value()) == MatchResult::Matches)
return Result::Allowed;
// 4. If the result of executing § 6.7.2.6 Does response to request match source list? on response, request, this
// directives value, and policy, is "Does Not Match", return "Blocked".
if (does_response_match_source_list(response, request, value(), policy) == MatchResult::DoesNotMatch)
return Result::Blocked;
// 5. Return "Allowed".
return Result::Allowed;
}
// https://w3c.github.io/webappsec-csp/#style-src-elem-inline
Directive::Result StyleSourceElementDirective::inline_check(GC::Heap&, GC::Ptr<DOM::Element const> element, InlineType type, GC::Ref<Policy const> policy, String const& source) const
{
// 1. Let name be the result of executing § 6.8.2 Get the effective directive for inline checks on type.
auto name = get_the_effective_directive_for_inline_checks(type);
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, style-src-elem and policy is "No",
// return "Allowed".
if (should_fetch_directive_execute(name, Names::StyleSrcElem, policy) == ShouldExecute::No)
return Result::Allowed;
// 3. If the result of executing § 6.7.3.3 Does element match source list for type and source? on element, this
// directives value, type, and source, is "Does Not Match", return "Blocked".
if (does_element_match_source_list_for_type_and_source(element, value(), type, source) == MatchResult::DoesNotMatch)
return Result::Blocked;
// 4. Return "Allowed".
return Result::Allowed;
}
}
Reference in a new issue View git blame Copy permalink