• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "config.h"
6 #include "core/frame/csp/CSPSource.h"
7 
8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "platform/weborigin/KURL.h"
10 #include "platform/weborigin/KnownPorts.h"
11 #include "platform/weborigin/SecurityOrigin.h"
12 #include "wtf/text/WTFString.h"
13 
14 namespace blink {
15 
CSPSource(ContentSecurityPolicy * policy,const String & scheme,const String & host,int port,const String & path,WildcardDisposition hostWildcard,WildcardDisposition portWildcard)16 CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, WildcardDisposition hostWildcard, WildcardDisposition portWildcard)
17     : m_policy(policy)
18     , m_scheme(scheme)
19     , m_host(host)
20     , m_port(port)
21     , m_path(path)
22     , m_hostWildcard(hostWildcard)
23     , m_portWildcard(portWildcard)
24 {
25 }
26 
matches(const KURL & url) const27 bool CSPSource::matches(const KURL& url) const
28 {
29     if (!schemeMatches(url))
30         return false;
31     if (isSchemeOnly())
32         return true;
33     return hostMatches(url) && portMatches(url) && pathMatches(url);
34 }
35 
schemeMatches(const KURL & url) const36 bool CSPSource::schemeMatches(const KURL& url) const
37 {
38     if (m_scheme.isEmpty())
39         return m_policy->protocolMatchesSelf(url);
40     return equalIgnoringCase(url.protocol(), m_scheme);
41 }
42 
hostMatches(const KURL & url) const43 bool CSPSource::hostMatches(const KURL& url) const
44 {
45     const String& host = url.host();
46     if (equalIgnoringCase(host, m_host))
47         return true;
48     return m_hostWildcard == HasWildcard && host.endsWith("." + m_host, false);
49 
50 }
51 
pathMatches(const KURL & url) const52 bool CSPSource::pathMatches(const KURL& url) const
53 {
54     if (m_path.isEmpty())
55         return true;
56 
57     String path = decodeURLEscapeSequences(url.path());
58 
59     if (m_path.endsWith("/"))
60         return path.startsWith(m_path, false);
61 
62     return path == m_path;
63 }
64 
portMatches(const KURL & url) const65 bool CSPSource::portMatches(const KURL& url) const
66 {
67     if (m_portWildcard == HasWildcard)
68         return true;
69 
70     int port = url.port();
71 
72     if (port == m_port)
73         return true;
74 
75     if (!port)
76         return isDefaultPortForProtocol(m_port, url.protocol());
77 
78     if (!m_port)
79         return isDefaultPortForProtocol(port, url.protocol());
80 
81     return false;
82 }
83 
isSchemeOnly() const84 bool CSPSource::isSchemeOnly() const
85 {
86     return m_host.isEmpty();
87 }
88 
89 } // namespace
90