Changeset 78497 in webkit
- Timestamp:
- Feb 14, 2011 12:48:12 PM (13 years ago)
- Location:
- trunk/Source
- Files:
-
- 5 edited
-
JavaScriptCore/ChangeLog (modified) (1 diff)
-
JavaScriptCore/wtf/text/WTFString.h (modified) (2 diffs)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/page/ContentSecurityPolicy.cpp (modified) (3 diffs)
-
WebCore/page/ContentSecurityPolicy.h (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r78482 r78497 1 2011-02-14 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Add basic parser for Content Security Policy 6 https://bugs.webkit.org/show_bug.cgi?id=54379 7 8 Add a constructor for copying a Vector into a String. I suspect there 9 are a number of call sites that are doing this manually that would 10 benefit from being moved to this API. 11 12 * wtf/text/WTFString.h: 13 (WTF::String::String): 14 1 15 2011-02-14 Pavel Podivilov <podivilov@chromium.org> 2 16 -
trunk/Source/JavaScriptCore/wtf/text/WTFString.h
r76894 r78497 93 93 String(const UChar* characters, unsigned length); 94 94 95 // Construct a string by copying the contents of a vector. To avoid 96 // copying, consider using String::adopt instead. 97 template<size_t inlineCapacity> 98 explicit String(const Vector<UChar, inlineCapacity>&); 99 95 100 // Construct a string with UTF-16 data, from a null-terminated source. 96 101 String(const UChar*); … … 378 383 379 384 // Definitions of string operations 385 386 template<size_t inlineCapacity> 387 String::String(const Vector<UChar, inlineCapacity>& vector) 388 : m_impl(vector.size() ? StringImpl::create(vector.data(), vector.size()) : 0) 389 { 390 } 380 391 381 392 #ifdef __OBJC__ -
trunk/Source/WebCore/ChangeLog
r78495 r78497 1 2011-02-14 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Add basic parser for Content Security Policy 6 https://bugs.webkit.org/show_bug.cgi?id=54379 7 8 The parser in this patch is very basic. It just segments the CSP 9 header into directives. The exactly syntax will likely change a bit as 10 we discuss the details in public-web-security, but this parser will 11 allow us to make progress. 12 13 Sadly, this patch does not contain any tests. That's because CSP 14 policies do not have any observable effects yet. Hopefully we'll get 15 enough sketched out in the next couple patches to begin writing tests. 16 17 * page/ContentSecurityPolicy.cpp: 18 (WebCore::CSPDirective::CSPDirective): 19 (WebCore::CSPDirective::name): 20 (WebCore::CSPDirective::value): 21 (WebCore::ContentSecurityPolicy::~ContentSecurityPolicy): 22 (WebCore::ContentSecurityPolicy::didReceiveHeader): 23 (WebCore::ContentSecurityPolicy::parse): 24 * page/ContentSecurityPolicy.h: 25 1 26 2011-02-14 Andrew Wason <rectalogic@rectalogic.com> 2 27 -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r78058 r78497 30 30 namespace WebCore { 31 31 32 class CSPDirective { 33 public: 34 CSPDirective(const String& name, const String& value) 35 : m_name(name) 36 , m_value(value) 37 { 38 } 39 40 const String& name() const { return m_name; } 41 const String& value() const { return m_value; } 42 43 private: 44 String m_name; 45 String m_value; 46 }; 47 32 48 ContentSecurityPolicy::ContentSecurityPolicy() 33 49 : m_isEnabled(false) … … 35 51 } 36 52 53 ContentSecurityPolicy::~ContentSecurityPolicy() 54 { 55 } 56 37 57 void ContentSecurityPolicy::didReceiveHeader(const String& header) 38 58 { 59 if (!m_directives.isEmpty()) 60 return; // The first policy wins. 61 39 62 m_isEnabled = true; 40 m_header = header;63 parse(header); 41 64 } 42 65 … … 46 69 } 47 70 71 void ContentSecurityPolicy::parse(const String& policy) 72 { 73 ASSERT(m_directives.isEmpty()); 74 75 if (policy.isEmpty()) 76 return; 77 78 enum { 79 BeforeDirectiveName, 80 DirectiveName, 81 AfterDirectiveName, 82 DirectiveValue, 83 } state = BeforeDirectiveName; 84 85 const UChar* pos = policy.characters(); 86 const UChar* end = pos + policy.length(); 87 88 Vector<UChar, 32> name; 89 Vector<UChar, 64> value; 90 91 while (pos < end) { 92 UChar currentCharacter = *pos++; 93 switch (state) { 94 case BeforeDirectiveName: 95 if (isASCIISpace(currentCharacter)) 96 continue; 97 state = DirectiveName; 98 // Fall through. 99 case DirectiveName: 100 if (!isASCIISpace(currentCharacter)) { 101 name.append(currentCharacter); 102 continue; 103 } 104 state = AfterDirectiveName; 105 // Fall through. 106 case AfterDirectiveName: 107 if (isASCIISpace(currentCharacter)) 108 continue; 109 state = DirectiveValue; 110 // Fall through. 111 case DirectiveValue: 112 if (currentCharacter != ';') { 113 value.append(currentCharacter); 114 continue; 115 } 116 // We use a copy here instead of String::adopt because we expect 117 // the name and the value to be relatively short, so the copy will 118 // be cheaper than the extra malloc. 119 // FIXME: Perform directive-specific parsing of the value. 120 m_directives.append(CSPDirective(String(name), String(value))); 121 name.clear(); 122 value.clear(); 123 state = BeforeDirectiveName; 124 continue; 125 } 126 } 48 127 } 128 129 } -
trunk/Source/WebCore/page/ContentSecurityPolicy.h
r78058 r78497 27 27 #define ContentSecurityPolicy_h 28 28 29 #include <wtf/Vector.h> 29 30 #include <wtf/text/WTFString.h> 30 31 31 32 namespace WebCore { 33 34 class CSPDirective; 32 35 33 36 class ContentSecurityPolicy { … … 35 38 public: 36 39 ContentSecurityPolicy(); 40 ~ContentSecurityPolicy(); 37 41 38 42 void didReceiveHeader(const String&); … … 40 44 41 45 private: 46 typedef Vector<CSPDirective> DirectiveList; 47 48 void parse(const String&); 49 42 50 bool m_isEnabled; 43 String m_header;51 DirectiveList m_directives; 44 52 }; 45 53
Note: See TracChangeset
for help on using the changeset viewer.
