mirror of
https://github.com/servo/servo.git
synced 2025-08-06 14:10:11 +01:00
enhance: Add support for unsafe-eval
and wasm-unsafe-eval
(#32893)
Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
This commit is contained in:
parent
2cf207ddc8
commit
92866ab911
51 changed files with 755 additions and 73 deletions
|
@ -2,6 +2,7 @@
|
|||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
||||
|
||||
use content_security_policy::{CspList, PolicyDisposition, PolicySource};
|
||||
use dom_struct::dom_struct;
|
||||
use html5ever::{local_name, namespace_url, ns, LocalName, Prefix};
|
||||
use js::rust::HandleObject;
|
||||
|
@ -80,6 +81,48 @@ impl HTMLHeadElement {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#attr-meta-http-equiv-content-security-policy>
|
||||
pub fn set_content_security_policy(&self) {
|
||||
let doc = document_from_node(self);
|
||||
|
||||
if doc.GetHead().as_deref() != Some(self) {
|
||||
return;
|
||||
}
|
||||
|
||||
let mut csp_list: Option<CspList> = None;
|
||||
let node = self.upcast::<Node>();
|
||||
let candinates = node
|
||||
.traverse_preorder(ShadowIncluding::No)
|
||||
.filter_map(DomRoot::downcast::<Element>)
|
||||
.filter(|elem| elem.is::<HTMLMetaElement>())
|
||||
.filter(|elem| {
|
||||
elem.get_string_attribute(&local_name!("http-equiv"))
|
||||
.to_ascii_lowercase() ==
|
||||
"content-security-policy".to_owned()
|
||||
})
|
||||
.filter(|elem| {
|
||||
elem.get_attribute(&ns!(), &local_name!("content"))
|
||||
.is_some()
|
||||
});
|
||||
|
||||
for meta in candinates {
|
||||
if let Some(ref content) = meta.get_attribute(&ns!(), &local_name!("content")) {
|
||||
let content = content.value();
|
||||
let content_val = content.trim();
|
||||
if !content_val.is_empty() {
|
||||
let policies =
|
||||
CspList::parse(content_val, PolicySource::Meta, PolicyDisposition::Enforce);
|
||||
match csp_list {
|
||||
Some(ref mut csp_list) => csp_list.append(policies),
|
||||
None => csp_list = Some(policies),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
doc.set_csp_list(csp_list);
|
||||
}
|
||||
}
|
||||
|
||||
impl VirtualMethods for HTMLHeadElement {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue