mirror of
https://github.com/servo/servo.git
synced 2025-07-23 07:13:52 +01:00
Implement trusted types url setter (#36596)
We now check the sink of script.src for trusted types. This is the first attribute that we check, other sinks will be implemented in follow-up changes. The algorithms currently hardcode various parts. That's because I need to refactor a couple of algorithms already present in TrustedTypePolicy. They use callbacks at the moment, which made sense for their initial use. However, for these new algorithms they don't work. Therefore, I will align them with the specification by taking in an enum. However, since that's a bigger refactoring, I left that out of this PR (which is already quite big). The other trusted types support (createScript and createHTML) will also be implemented separately. Part of #36258 --------- Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
parent
fee2ea34af
commit
6bb087e381
27 changed files with 233 additions and 74 deletions
|
@ -62,6 +62,8 @@ pub(crate) struct CSPViolationReportBuilder {
|
|||
pub source_file: String,
|
||||
/// <https://www.w3.org/TR/CSP3/#violation-effective-directive>
|
||||
pub effective_directive: String,
|
||||
/// <https://www.w3.org/TR/CSP3/#violation-policy>
|
||||
pub original_policy: String,
|
||||
}
|
||||
|
||||
impl CSPViolationReportBuilder {
|
||||
|
@ -106,6 +108,12 @@ impl CSPViolationReportBuilder {
|
|||
self
|
||||
}
|
||||
|
||||
/// <https://www.w3.org/TR/CSP3/#violation-policy>
|
||||
pub fn original_policy(mut self, original_policy: String) -> CSPViolationReportBuilder {
|
||||
self.original_policy = original_policy;
|
||||
self
|
||||
}
|
||||
|
||||
/// <https://w3c.github.io/webappsec-csp/#strip-url-for-use-in-reports>
|
||||
fn strip_url_for_reports(&self, mut url: ServoUrl) -> String {
|
||||
let scheme = url.scheme();
|
||||
|
@ -141,7 +149,7 @@ impl CSPViolationReportBuilder {
|
|||
sample: self.sample,
|
||||
blocked_url: self.resource,
|
||||
source_file: self.source_file,
|
||||
original_policy: "".to_owned(),
|
||||
original_policy: self.original_policy,
|
||||
line_number: self.line_number,
|
||||
column_number: self.column_number,
|
||||
status_code: global.status_code().unwrap_or(0),
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue