eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-04-26 09:45:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb/CSP: Implement the child-src directive

Browse Source
This commit is contained in:
Luke Wilde
2024-12-03 18:29:41 +00:00
committed by Shannon Booth
parent c5748437db
commit 5a1de8a187
Notes: github-actions[bot] 2025-07-19 05:16:19 +00:00 
Author: https://github.com/Lubrsi
Commit: https://github.com/LadybirdBrowser/ladybird/commit/5a1de8a187e
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/5503
5 changed files with 90 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
Libraries/LibWeb/ContentSecurityPolicy/Directives/ChildSourceDirective.cpp Normal file
View File

@@ -0,0 +1,56 @@
/*
* Copyright (c) 2024, Luke Wilde <luke@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <LibWeb/ContentSecurityPolicy/Directives/ChildSourceDirective.h>
#include <LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.h>
#include <LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.h>
#include <LibWeb/ContentSecurityPolicy/Directives/Names.h>
#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
namespace Web::ContentSecurityPolicy::Directives {
GC_DEFINE_ALLOCATOR(ChildSourceDirective);
ChildSourceDirective::ChildSourceDirective(String name, Vector<String> value)
: Directive(move(name), move(value))
{
}
// https://w3c.github.io/webappsec-csp/#child-src-pre-request
Directive::Result ChildSourceDirective::pre_request_check(GC::Heap& heap, GC::Ref<Fetch::Infrastructure::Request const> request, GC::Ref<Policy const> policy) const
{
// 1. Let name be the result of executing § 6.8.1 Get the effective directive for request on request.
auto name = get_the_effective_directive_for_request(request);
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, child-src and policy is "No",
// return "Allowed".
if (should_fetch_directive_execute(name, Names::ChildSrc, policy) == ShouldExecute::No)
return Result::Allowed;
// 3. Return the result of executing the pre-request check for the directive whose name is name on request and
// policy, using this directives value for the comparison.
auto directive = create_directive(heap, name->to_string(), value());
return directive->pre_request_check(heap, request, policy);
}
// https://w3c.github.io/webappsec-csp/#child-src-post-request
Directive::Result ChildSourceDirective::post_request_check(GC::Heap& heap, GC::Ref<Fetch::Infrastructure::Request const> request, GC::Ref<Fetch::Infrastructure::Response const> response, GC::Ref<Policy const> policy) const
{
// 1. Let name be the result of executing § 6.8.1 Get the effective directive for request on request.
auto name = get_the_effective_directive_for_request(request);
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, child-src and policy is "No",
// return "Allowed".
if (should_fetch_directive_execute(name, Names::ChildSrc, policy) == ShouldExecute::No)
return Result::Allowed;
// 3. Return the result of executing the post-request check for the directive whose name is name on request,
// response, and policy, using this directives value for the comparison.
auto directive = create_directive(heap, name->to_string(), value());
return directive->post_request_check(heap, request, response, policy);
}
}