Changeset 82028 in webkit

Timestamp:

Mar 26, 2011 4:59:34 AM (13 years ago)

Author:

abarth@webkit.org

Message:

2011-03-26 Adam Barth <​abarth@webkit.org>

Reviewed by Eric Seidel.

Teach Content Security Policy how to parse source-list
​https://bugs.webkit.org/show_bug.cgi?id=54799

Test a variety of source-list parsing cases. There's a bunch more
cases we could be testing. We'll add more over time.

• http/tests/security/contentSecurityPolicy/source-list-parsing-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/source-list-parsing.html: Added.

2011-03-26 Adam Barth <​abarth@webkit.org>

Reviewed by Eric Seidel.

Teach Content Security Policy how to parse source-list
​https://bugs.webkit.org/show_bug.cgi?id=54799

This patch is larger than I would like, but I wasn't sure how to make
it any smaller while still being reasonably testable. I've left out
some features (such as host wildcarding and 'self') so I can add them
in later patches with tests.

Test: http/tests/security/contentSecurityPolicy/source-list-parsing.html

• bindings/ScriptControllerBase.cpp:
• dom/ScriptElement.cpp:
• html/parser/HTMLDocumentParser.cpp:
• loader/FrameLoader.cpp:
  • Add include explicitly now that we're not spamming the include everywhere.
• dom/Document.cpp: (WebCore::Document::initSecurityContext):
  • We need to pass the SecurityOrigin object to ContentSecurityPolicy so that it can resolve implicit parts of source patterns, such as the scheme.
• dom/Document.h:
  • Forward declare ContentSecurityPolicy rather than including the header. Technically this could be a separate change, but I was getting annoyed at the world re-builds.
• page/ContentSecurityPolicy.cpp: (WebCore::skipExactly): (WebCore::skipUtil): (WebCore::skipWhile):
  • Clean up these parser helper functions. We might consider moving them to a more general location. They're very helpful for writing secure HTTP header parsers.

(WebCore::CSPSource::CSPSource):

• New class to represent one source in a source-list.

(WebCore::CSPSource::matches):
(WebCore::CSPSource::schemeMatches):
(WebCore::CSPSource::hostMatches):
(WebCore::CSPSource::portMatches):
(WebCore::CSPSource::isSchemeOnly):

• Currently we represent scheme-only sources using with an empty m_host. Another approach I considered was using another bool, but that seemed slighly messier.

(WebCore::CSPSourceList::CSPSourceList):

• CSPSourceList doesn't need to ref SecurityOrigin because CSPSourceList is owned by ContentSecurityPolicy, which holds a ref.

(WebCore::CSPSourceList::parse):
(WebCore::CSPSourceList::matches):
(WebCore::CSPSourceList::parseSource):
(WebCore::CSPSourceList::parseScheme):
(WebCore::CSPSourceList::parseHost):
(WebCore::CSPSourceList::parsePort):

• A basic "segment and recurse" parser. This parser causes us to take more branches than we need, but I don't think we need to squeeze every last ouch of performance out of this parser. This approach is more simple than some of the other approaches I tried.

(WebCore::CSPSourceList::addSourceSelf):
(WebCore::CSPDirective::CSPDirective):
(WebCore::CSPDirective::allows):
(WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
(WebCore::ContentSecurityPolicy::parse):
(WebCore::ContentSecurityPolicy::parseDirective):
(WebCore::ContentSecurityPolicy::addDirective):

• I couldn't resist re-writing this parser to use the helper functions and to match the style of the source-list parser.

• page/ContentSecurityPolicy.h: (WebCore::ContentSecurityPolicy::create):
  • Accept a SecurityOrigin context object.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-expected.txt (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/ScriptControllerBase.cpp (modified) (1 diff)
• Source/WebCore/dom/Document.cpp (modified) (2 diffs)
• Source/WebCore/dom/Document.h (modified) (3 diffs)
• Source/WebCore/dom/ScriptElement.cpp (modified) (1 diff)
• Source/WebCore/html/parser/HTMLDocumentParser.cpp (modified) (1 diff)
• Source/WebCore/loader/FrameLoader.cpp (modified) (1 diff)
• Source/WebCore/page/ContentSecurityPolicy.cpp (modified) (4 diffs)
• Source/WebCore/page/ContentSecurityPolicy.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-03-26  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Teach Content Security Policy how to parse source-list
+        https://bugs.webkit.org/show_bug.cgi?id=54799
+
+        Test a variety of source-list parsing cases.  There's a bunch more
+        cases we could be testing.  We'll add more over time.
+
+        * http/tests/security/contentSecurityPolicy/source-list-parsing-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/source-list-parsing.html: Added.
+
 2011-03-26  Dan Bernstein  <mitz@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-03-26  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Teach Content Security Policy how to parse source-list
+        https://bugs.webkit.org/show_bug.cgi?id=54799
+
+        This patch is larger than I would like, but I wasn't sure how to make
+        it any smaller while still being reasonably testable.  I've left out
+        some features (such as host wildcarding and 'self') so I can add them
+        in later patches with tests.
+
+        Test: http/tests/security/contentSecurityPolicy/source-list-parsing.html
+
+        * bindings/ScriptControllerBase.cpp:
+        * dom/ScriptElement.cpp:
+        * html/parser/HTMLDocumentParser.cpp:
+        * loader/FrameLoader.cpp:
+            - Add include explicitly now that we're not spamming the include
+              everywhere.
+        * dom/Document.cpp:
+        (WebCore::Document::initSecurityContext):
+            - We need to pass the SecurityOrigin object to
+              ContentSecurityPolicy so that it can resolve implicit parts of
+              source patterns, such as the scheme.
+        * dom/Document.h:
+            - Forward declare ContentSecurityPolicy rather than including the
+              header.  Technically this could be a separate change, but I was
+              getting annoyed at the world re-builds.
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::skipExactly):
+        (WebCore::skipUtil):
+        (WebCore::skipWhile):
+            - Clean up these parser helper functions.  We might consider moving
+              them to a more general location.  They're very helpful for
+              writing secure HTTP header parsers.
+        (WebCore::CSPSource::CSPSource):
+            - New class to represent one source in a source-list.
+        (WebCore::CSPSource::matches):
+        (WebCore::CSPSource::schemeMatches):
+        (WebCore::CSPSource::hostMatches):
+        (WebCore::CSPSource::portMatches):
+        (WebCore::CSPSource::isSchemeOnly):
+            - Currently we represent scheme-only sources using with an empty
+              m_host.  Another approach I considered was using another bool,
+              but that seemed slighly messier.
+        (WebCore::CSPSourceList::CSPSourceList):
+            - CSPSourceList doesn't need to ref SecurityOrigin because
+              CSPSourceList is owned by ContentSecurityPolicy, which holds a
+              ref.
+        (WebCore::CSPSourceList::parse):
+        (WebCore::CSPSourceList::matches):
+        (WebCore::CSPSourceList::parseSource):
+        (WebCore::CSPSourceList::parseScheme):
+        (WebCore::CSPSourceList::parseHost):
+        (WebCore::CSPSourceList::parsePort):
+            - A basic "segment and recurse" parser.  This parser causes us to
+              take more branches than we need, but I don't think we need to
+              squeeze every last ouch of performance out of this parser.  This
+              approach is more simple than some of the other approaches I
+              tried.
+        (WebCore::CSPSourceList::addSourceSelf):
+        (WebCore::CSPDirective::CSPDirective):
+        (WebCore::CSPDirective::allows):
+        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
+        (WebCore::ContentSecurityPolicy::parse):
+        (WebCore::ContentSecurityPolicy::parseDirective):
+        (WebCore::ContentSecurityPolicy::addDirective):
+            - I couldn't resist re-writing this parser to use the helper
+              functions and to match the style of the source-list parser.
+        * page/ContentSecurityPolicy.h:
+        (WebCore::ContentSecurityPolicy::create):
+            - Accept a SecurityOrigin context object.
+
 2011-03-26  Patrick Gansterer  <paroga@webkit.org>
 

trunk/Source/WebCore/bindings/ScriptControllerBase.cpp

@@ -22 +22 @@
 #include "ScriptController.h"
 
+#include "ContentSecurityPolicy.h"
 #include "DocumentLoader.h"
 #include "Frame.h"

trunk/Source/WebCore/dom/Document.cpp

@@ -43 +43 @@
 #include "Comment.h"
 #include "Console.h"
+#include "ContentSecurityPolicy.h"
 #include "CookieJar.h"
 #include "CustomEvent.h"
@@ -4501 +4502 @@
     m_cookieURL = m_url;
     ScriptExecutionContext::setSecurityOrigin(SecurityOrigin::create(m_url, m_frame->loader()->sandboxFlags()));
-    m_contentSecurityPolicy = ContentSecurityPolicy::create();
+    m_contentSecurityPolicy = ContentSecurityPolicy::create(securityOrigin());
 
     if (SecurityOrigin::allowSubstituteDataAccessToLocal()) {

trunk/Source/WebCore/dom/Document.h

@@ -33 +33 @@
 #include "Color.h"
 #include "ContainerNode.h"
-#include "ContentSecurityPolicy.h"
 #include "DOMTimeStamp.h"
 #include "DocumentOrderedMap.h"
@@ -52 +51 @@
 namespace WebCore {
 
+class AXObjectCache;
 class Attr;
-class AXObjectCache;
 class CDATASection;
+class CSSPrimitiveValueCache;
+class CSSStyleDeclaration;
+class CSSStyleSelector;
+class CSSStyleSheet;
 class CachedCSSStyleSheet;
 class CachedResourceLoader;
@@ -60 +63 @@
 class CanvasRenderingContext;
 class CharacterData;
-class CSSPrimitiveValueCache;
-class CSSStyleDeclaration;
-class CSSStyleSelector;
-class CSSStyleSheet;
 class Comment;
+class ContentSecurityPolicy;
 class DOMImplementation;
 class DOMSelection;

trunk/Source/WebCore/dom/ScriptElement.cpp

@@ -27 +27 @@
 #include "CachedScript.h"
 #include "CachedResourceLoader.h"
+#include "ContentSecurityPolicy.h"
 #include "Document.h"
 #include "DocumentParser.h"

trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp

@@ -27 +27 @@
 #include "HTMLDocumentParser.h"
 
+#include "ContentSecurityPolicy.h"
 #include "DocumentFragment.h"
 #include "Element.h"

trunk/Source/WebCore/loader/FrameLoader.cpp

@@ -42 +42 @@
 #include "CachedResourceLoader.h"
 #include "Chrome.h"
+#include "ContentSecurityPolicy.h"
 #include "DOMImplementation.h"
 #include "DOMWindow.h"

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

@@ -26 +26 @@
 #include "config.h"
 #include "ContentSecurityPolicy.h"
+
 #include "Document.h"
+#include "NotImplemented.h"
+#include "SecurityOrigin.h"
 
 namespace WebCore {
 
-static bool isDirectiveNameCharacter(UChar c)
-{
-    return isASCIIAlpha(c) || isASCIIDigit(c) || c == '-';
-}
-
-static bool isDirectiveValueCharacter(UChar c)
+// Normally WebKit uses "static" for internal linkage, but using "static" for
+// these functions causes a compile error because these functions are used as
+// template parameters.
+namespace {
+
+bool isDirectiveNameCharacter(UChar c)
+{
+    return isASCIIAlphanumeric(c) || c == '-';
+}
+
+bool isDirectiveValueCharacter(UChar c)
 {
     return isASCIISpace(c) || (c >= 0x21 && c <= 0x7e); // Whitespace + VCHAR
 }
 
-static void advanceUntil(const UChar*& pos, const UChar* end, UChar delimiter)
-{
-    while (pos < end) {
-        if (*pos++ == delimiter)
-            return;
-    }
+bool isSourceCharacter(UChar c)
+{
+    return !isASCIISpace(c);
+}
+
+bool isHostCharacter(UChar c)
+{
+    return isASCIIAlphanumeric(c) || c == '-';
+}
+
+bool isSchemeContinuationCharacter(UChar c)
+{
+    return isASCIIAlphanumeric(c) || c == '+' || c == '-' || c == '.';
+}
+
+} // namespace
+
+static bool skipExactly(const UChar*& position, const UChar* end, UChar delimiter)
+{
+    if (position < end && *position == delimiter) {
+        ++position;
+        return true;
+    }
+    return false;
+}
+
+template<bool characterPredicate(UChar)>
+static bool skipExactly(const UChar*& position, const UChar* end)
+{
+    if (position < end && characterPredicate(*position)) {
+        ++position;
+        return true;
+    }
+    return false;
+}
+
+static void skipUtil(const UChar*& position, const UChar* end, UChar delimiter)
+{
+    while (position < end && *position != delimiter)
+        ++position;
+}
+
+template<bool characterPredicate(UChar)>
+static void skipWhile(const UChar*& position, const UChar* end)
+{
+    while (position < end && characterPredicate(*position))
+        ++position;
+}
+
+class CSPSource {
+public:
+    CSPSource(const String& scheme, const String& host, int port, bool hostHasWildcard, bool portHasWildcard)
+        : m_scheme(scheme)
+        , m_host(host)
+        , m_port(port)
+        , m_hostHasWildcard(hostHasWildcard)
+        , m_portHasWildcard(portHasWildcard)
+    {
+    }
+
+    bool matches(const KURL& url) const
+    {
+        if (!schemeMatches(url))
+            return false;
+        if (isSchemeOnly())
+            return true;
+        return hostMatches(url) && portMatches(url);
+    }
+
+private:
+    bool schemeMatches(const KURL& url) const
+    {
+        return equalIgnoringCase(url.protocol(), m_scheme);
+    }
+
+    bool hostMatches(const KURL& url) const
+    {
+        if (m_hostHasWildcard)
+            notImplemented();
+
+        return equalIgnoringCase(url.host(), m_host);
+    }
+
+    bool portMatches(const KURL& url) const
+    {
+        if (m_portHasWildcard)
+            return true;
+
+        // FIXME: Handle explicit default ports correctly.
+        return url.port() == m_port;
+    }
+
+    bool isSchemeOnly() const { return m_host.isEmpty(); }
+
+    String m_scheme;
+    String m_host;
+    int m_port;
+
+    bool m_hostHasWildcard;
+    bool m_portHasWildcard;
+};
+
+class CSPSourceList {
+public:
+    explicit CSPSourceList(SecurityOrigin*);
+
+    void parse(const String&);
+    bool matches(const KURL&);
+
+private:
+    void parse(const UChar* begin, const UChar* end);
+
+    bool parseSource(const UChar* begin, const UChar* end, String& scheme, String& host, int& port, bool& hostHasWildcard, bool& portHasWildcard);
+    bool parseScheme(const UChar* begin, const UChar* end, String& scheme);
+    bool parseHost(const UChar* begin, const UChar* end, String& host, bool& hostHasWildcard);
+    bool parsePort(const UChar* begin, const UChar* end, int& port, bool& portHasWildcard);
+
+    void addSourceSelf();
+
+    SecurityOrigin* m_origin;
+    Vector<CSPSource> m_list;
+};
+
+CSPSourceList::CSPSourceList(SecurityOrigin* origin)
+    : m_origin(origin)
+{
+}
+
+void CSPSourceList::parse(const String& value)
+{
+    parse(value.characters(), value.characters() + value.length());
+}
+
+bool CSPSourceList::matches(const KURL& url)
+{
+    for (size_t i = 0; i < m_list.size(); ++i) {
+        if (m_list[i].matches(url))
+            return true;
+    }
+    return false;
+}
+
+// source-list       = *WSP [ source *( 1*WSP source ) *WSP ]
+//                   / *WSP "'none'" *WSP
+//
+void CSPSourceList::parse(const UChar* begin, const UChar* end)
+{
+    const UChar* position = begin;
+
+    bool isFirstSourceInList = true;
+    while (position < end) {
+        skipWhile<isASCIISpace>(position, end);
+        const UChar* beginSource = position;
+        skipWhile<isSourceCharacter>(position, end);
+
+        if (isFirstSourceInList && equalIgnoringCase("'none'", beginSource, position - beginSource))
+            return; // We represent 'none' as an empty m_list.
+        isFirstSourceInList = false;
+
+        String scheme, host;
+        int port = 0;
+        bool hostHasWildcard = false;
+        bool portHasWildcard = false;
+
+        if (parseSource(beginSource, position, scheme, host, port, hostHasWildcard, portHasWildcard)) {
+            if (scheme.isEmpty())
+                scheme = m_origin->protocol();
+            m_list.append(CSPSource(scheme, host, port, hostHasWildcard, portHasWildcard));
+        }
+
+        ASSERT(position == end || isASCIISpace(*position));
+     }
+}
+
+// source            = scheme ":"
+//                   / ( [ scheme "://" ] host [ port ] )
+//                   / "'self'"
+//
+bool CSPSourceList::parseSource(const UChar* begin, const UChar* end,
+                                String& scheme, String& host, int& port,
+                                bool& hostHasWildcard, bool& portHasWildcard)
+{
+    if (begin == end)
+        return false;
+
+    if (equalIgnoringCase("'self'", begin, end - begin)) {
+        addSourceSelf();
+        return false;
+    }
+
+    const UChar* position = begin;
+
+    const UChar* beginHost = begin;
+    skipUtil(position, end, ':');
+
+    if (position == end) {
+        // This must be a host-only source.
+        if (!parseHost(beginHost, position, host, hostHasWildcard))
+            return false;
+        return true;
+    }
+
+    if (end - position == 1) {
+        ASSERT(*position == ':');
+        // This must be a scheme-only source.
+        if (!parseScheme(begin, position, scheme))
+            return false;
+        return true;
+    }
+
+    ASSERT(end - position >= 2);
+    if (position[1] == '/') {
+        if (!parseScheme(begin, position, scheme)
+            || !skipExactly(position, end, ':')
+            || !skipExactly(position, end, '/')
+            || !skipExactly(position, end, '/'))
+            return false;
+        beginHost = position;
+        skipUtil(position, end, ':');
+    }
+
+    if (position == beginHost)
+        return false;
+
+    if (!parseHost(beginHost, position, host, hostHasWildcard))
+        return false;
+
+    if (position == end) {
+        port = 0;
+        return true;
+    }
+
+    if (!skipExactly(position, end, ':'))
+        ASSERT_NOT_REACHED();
+
+    if (!parsePort(position, end, port, portHasWildcard))
+        return false;
+
+    return true;
+}
+
+//                     ; <scheme> production from RFC 3986
+// scheme      = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+//
+bool CSPSourceList::parseScheme(const UChar* begin, const UChar* end, String& scheme)
+{
+    ASSERT(begin <= end);
+    ASSERT(scheme.isEmpty());
+
+    if (begin == end)
+        return false;
+
+    const UChar* position = begin;
+
+    if (!skipExactly<isASCIIAlpha>(position, end))
+        return false;
+
+    skipWhile<isSchemeContinuationCharacter>(position, end);
+
+    if (position != end)
+        return false;
+
+    scheme = String(begin, end - begin);
+    return true;
+}
+
+// host              = [ "*." ] 1*host-char *( "." 1*host-char )
+//                   / "*"
+// host-char         = ALPHA / DIGIT / "-"
+//
+bool CSPSourceList::parseHost(const UChar* begin, const UChar* end, String& host, bool& hostHasWildcard)
+{
+    ASSERT(begin <= end);
+    ASSERT(host.isEmpty());
+    ASSERT(!hostHasWildcard);
+
+    if (begin == end)
+        return false;
+
+    const UChar* position = begin;
+
+    if (skipExactly(position, end, '*')) {
+        hostHasWildcard = true;
+
+        if (position == end)
+            return true;
+
+        if (!skipExactly(position, end, '.'))
+            return false;
+    }
+
+    const UChar* hostBegin = position;
+
+    while (position < end) {
+        if (!skipExactly<isHostCharacter>(position, end))
+            return false;
+
+        skipWhile<isHostCharacter>(position, end);
+
+        if (position < end && !skipExactly(position, end, '.'))
+            return false;
+    }
+
+    ASSERT(position == end);
+    host = String(hostBegin, end - hostBegin);
+    return true;
+}
+
+// port              = ":" ( 1*DIGIT / "*" )
+//
+bool CSPSourceList::parsePort(const UChar* begin, const UChar* end, int& port, bool& portHasWildcard)
+{
+    ASSERT(begin <= end);
+    ASSERT(!port);
+    ASSERT(!portHasWildcard);
+
+    if (begin == end)
+        return false;
+
+    if (end - begin == 1 && *begin == '*') {
+        port = 0;
+        portHasWildcard = true;
+        return true;
+    }
+
+    const UChar* position = begin;
+    skipWhile<isASCIIDigit>(position, end);
+
+    if (position != end)
+        return false;
+
+    bool ok;
+    port = charactersToIntStrict(begin, end - begin, &ok);
+    return ok;
+}
+
+void CSPSourceList::addSourceSelf()
+{
+    // FIXME: Inherit the scheme, host, and port from the current URL.
+    notImplemented();
 }
 
 class CSPDirective {
 public:
-    explicit CSPDirective(const String& value)
-        : m_value(value)
-    {
-    }
-
-    bool allows(const KURL&)
-    {
-        return false;
+    CSPDirective(const String& value, SecurityOrigin* origin)
+        : m_sourceList(origin)
+    {
+        m_sourceList.parse(value);
+    }
+
+    bool allows(const KURL& url)
+    {
+        return m_sourceList.matches(url);
     }
 
 private:
-    String m_value;
+    CSPSourceList m_sourceList;
 };
 
-ContentSecurityPolicy::ContentSecurityPolicy()
+ContentSecurityPolicy::ContentSecurityPolicy(SecurityOrigin* origin)
     : m_havePolicy(false)
+    , m_origin(origin)
 {
 }
@@ -92 +436 @@
 }
 
+// policy            = directive-list
+// directive-list    = [ directive *( ";" [ directive ] ) ]
+//
 void ContentSecurityPolicy::parse(const String& policy)
 {
@@ -99 +446 @@
         return;
 
-    const UChar* pos = policy.characters();
-    const UChar* end = pos + policy.length();
-
-    while (pos < end) {
-        Vector<UChar, 32> name;
-        Vector<UChar, 64> value;
-
-        if (!parseDirective(pos, end, name, value))
-            continue;
-        if (name.isEmpty())
-            continue;
-
-        // We use a copy here instead of String::adopt because we expect
-        // the name and the value to be relatively short, so the copy will
-        // be cheaper than the extra malloc.
-        emitDirective(String(name), String(value));
-    }
-}
-
-bool ContentSecurityPolicy::parseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value)
-{
-    ASSERT(pos < end);
+    const UChar* position = policy.characters();
+    const UChar* end = position + policy.length();
+
+    while (position < end) {
+        const UChar* directiveBegin = position;
+        skipUtil(position, end, ';');
+
+        String name, value;
+        if (parseDirective(directiveBegin, position, name, value)) {
+            ASSERT(!name.isEmpty());
+            addDirective(name, value);
+        }
+
+        ASSERT(position == end || *position == ';');
+        skipExactly(position, end, ';');
+    }
+}
+
+// directive         = *WSP [ directive-name [ WSP directive-value ] ]
+// directive-name    = 1*( ALPHA / DIGIT / "-" )
+// directive-value   = *( WSP / <VCHAR except ";"> )
+//
+bool ContentSecurityPolicy::parseDirective(const UChar* begin, const UChar* end, String& name, String& value)
+{
     ASSERT(name.isEmpty());
     ASSERT(value.isEmpty());
 
-    while (pos < end && isASCIISpace(*pos))
-        pos++;
-
-    while (pos < end) {
-        UChar currentCharacter = *pos;
-        if (currentCharacter == ';')
-            break;
-        if (isASCIISpace(currentCharacter))
-            break;
-        if (!isDirectiveNameCharacter(currentCharacter)) {
-            advanceUntil(pos, end, ';');
-            return false;
-        }
-        name.append(currentCharacter);
-        pos++;
-    }
-
-    while (pos < end && isASCIISpace(*pos))
-        pos++;
-
-    if (pos < end && *pos == ';') {
-        pos++;
-        return true;
-    }
-
-    while (pos < end) {
-        UChar currentCharacter = *pos;
-        if (currentCharacter == ';')
-            break;
-        if (!isDirectiveValueCharacter(currentCharacter)) {
-            advanceUntil(pos, end, ';');
-            return false;
-        }
-        value.append(currentCharacter);
-        pos++;
-    }
-
-    if (pos < end && *pos == ';') {
-        pos++;
-        return true;
-    }
-
+    const UChar* position = begin;
+    skipWhile<isASCIISpace>(position, end);
+
+    const UChar* nameBegin = position;
+    skipWhile<isDirectiveNameCharacter>(position, end);
+
+    // The directive-name must be non-empty.
+    if (nameBegin == position)
+        return false;
+
+    name = String(nameBegin, position - nameBegin);
+
+    if (position == end)
+        return true;
+
+    if (!skipExactly<isASCIISpace>(position, end))
+        return false;
+
+    skipWhile<isASCIISpace>(position, end);
+
+    const UChar* valueBegin = position;
+    skipWhile<isDirectiveValueCharacter>(position, end);
+
+    if (position != end)
+        return false;
+
+    // The directive-value may be empty.
+    if (valueBegin == position)
+        return true;
+
+    value = String(valueBegin, position - valueBegin);
     return true;
 }
 
-void ContentSecurityPolicy::emitDirective(const String& name, const String& value)
+void ContentSecurityPolicy::addDirective(const String& name, const String& value)
 {
     DEFINE_STATIC_LOCAL(String, scriptSrc, ("script-src"));
@@ -176 +514 @@
 
     if (!m_scriptSrc && equalIgnoringCase(name, scriptSrc))
-        m_scriptSrc = adoptPtr(new CSPDirective(value));
-}
-
-}
+        m_scriptSrc = adoptPtr(new CSPDirective(value, m_origin.get()));
+}
+
+}

trunk/Source/WebCore/page/ContentSecurityPolicy.h

@@ -33 +33 @@
 
 class CSPDirective;
+class SecurityOrigin;
 
 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> {
 public:
-    static PassRefPtr<ContentSecurityPolicy> create() { return adoptRef(new ContentSecurityPolicy); }
+    static PassRefPtr<ContentSecurityPolicy> create(SecurityOrigin* origin = 0)
+    {
+        return adoptRef(new ContentSecurityPolicy(origin));
+    }
     ~ContentSecurityPolicy();
 
@@ -46 +50 @@
 
 private:
-    ContentSecurityPolicy();
+    explicit ContentSecurityPolicy(SecurityOrigin*);
 
     void parse(const String&);
-    bool parseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value);
-    void emitDirective(const String& name, const String& value);
+    bool parseDirective(const UChar* begin, const UChar* end, String& name, String& value);
+    void addDirective(const String& name, const String& value);
 
     bool m_havePolicy;
+    RefPtr<SecurityOrigin> m_origin;
     OwnPtr<CSPDirective> m_scriptSrc;
 };