Add simple implementation of content-security-policy on scripts / styles

This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo/servo#4577
2025-10-01 17:19:16 +01:00 · 2019-09-28 19:42:40 +00:00 · 2019-09-28 19:42:40 +00:00 · b8f3e8bb2e
commit b8f3e8bb2e
parent 6d488f1be2
16 changed files with 175 additions and 41 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -736,6 +736,20 @@ dependencies = [
 "webxr-api",
 ]

+[[package]]
+name = "content-security-policy"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f30ee9967a875968e66f6690e299f06781ed109cb82d10e0d60a126a38d61947"
+dependencies = [
+ "bitflags",
+ "lazy_static",
+ "percent-encoding",
+ "regex",
+ "serde",
+ "url",
+]
+
 [[package]]
 name = "cookie"
 version = "0.11.0"
@ -2835,6 +2849,7 @@ name = "malloc_size_of"
 version = "0.0.1"
 dependencies = [
 "app_units",
+ "content-security-policy",
 "crossbeam-channel",
 "cssparser",
 "euclid",
@ -3156,6 +3171,7 @@ dependencies = [
 "base64",
 "brotli",
 "bytes",
+ "content-security-policy",
 "cookie",
 "crossbeam-channel",
 "devtools_traits",
@ -3215,6 +3231,7 @@ dependencies = [
 name = "net_traits"
 version = "0.0.1"
 dependencies = [
+ "content-security-policy",
 "cookie",
 "embedder_traits",
 "headers",
@ -4122,6 +4139,7 @@ dependencies = [
 "canvas_traits",
 "caseless",
 "chrono",
+ "content-security-policy",
 "cookie",
 "crossbeam-channel",
 "cssparser",