Source/core/frame/csp/CSPSource.cpp - fp2-dev/platform/external/chromium_org/third_party/WebKit - Gitiles

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "config.h"
 #include "core/frame/csp/CSPSource.h"

 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/KnownPorts.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "wtf/text/WTFString.h"

 namespace WebCore {

 CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, bool hostHasWildcard, bool portHasWildcard)
     : m_policy(policy)
     , m_scheme(scheme)
     , m_host(host)
     , m_port(port)
     , m_path(path)
     , m_hostHasWildcard(hostHasWildcard)
     , m_portHasWildcard(portHasWildcard)
 {
 }

 bool CSPSource::matches(const KURL& url) const
 {
     if (!schemeMatches(url))
         return false;
     if (isSchemeOnly())
         return true;
     return hostMatches(url) && portMatches(url) && pathMatches(url);
 }

 bool CSPSource::schemeMatches(const KURL& url) const
 {
     if (m_scheme.isEmpty()) {
         String protectedResourceScheme(m_policy->securityOrigin()->protocol());
         if (equalIgnoringCase("http", protectedResourceScheme))
             return url.protocolIs("http") || url.protocolIs("https");
         return equalIgnoringCase(url.protocol(), protectedResourceScheme);
     }
     return equalIgnoringCase(url.protocol(), m_scheme);
 }

 bool CSPSource::hostMatches(const KURL& url) const
 {
     const String& host = url.host();
     if (equalIgnoringCase(host, m_host))
         return true;
     return m_hostHasWildcard && host.endsWith("." + m_host, false);

 }

 bool CSPSource::pathMatches(const KURL& url) const
 {
     if (m_path.isEmpty())
         return true;

     String path = decodeURLEscapeSequences(url.path());

     if (m_path.endsWith("/"))
         return path.startsWith(m_path, false);

     return path == m_path;
 }

 bool CSPSource::portMatches(const KURL& url) const
 {
     if (m_portHasWildcard)
         return true;

     int port = url.port();

     if (port == m_port)
         return true;

     if (!port)
         return isDefaultPortForProtocol(m_port, url.protocol());

     if (!m_port)
         return isDefaultPortForProtocol(port, url.protocol());

     return false;
 }

 bool CSPSource::isSchemeOnly() const
 {
     return m_host.isEmpty();
 }

 } // namespace
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "config.h"
	#include "core/frame/csp/CSPSource.h"

	#include "core/frame/csp/ContentSecurityPolicy.h"
	#include "platform/weborigin/KURL.h"
	#include "platform/weborigin/KnownPorts.h"
	#include "platform/weborigin/SecurityOrigin.h"
	#include "wtf/text/WTFString.h"

	namespace WebCore {

	CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, bool hostHasWildcard, bool portHasWildcard)
	: m_policy(policy)
	, m_scheme(scheme)
	, m_host(host)
	, m_port(port)
	, m_path(path)
	, m_hostHasWildcard(hostHasWildcard)
	, m_portHasWildcard(portHasWildcard)
	{
	}

	bool CSPSource::matches(const KURL& url) const
	{
	if (!schemeMatches(url))
	return false;
	if (isSchemeOnly())
	return true;
	return hostMatches(url) && portMatches(url) && pathMatches(url);
	}

	bool CSPSource::schemeMatches(const KURL& url) const
	{
	if (m_scheme.isEmpty()) {
	String protectedResourceScheme(m_policy->securityOrigin()->protocol());
	if (equalIgnoringCase("http", protectedResourceScheme))
	return url.protocolIs("http") \|\| url.protocolIs("https");
	return equalIgnoringCase(url.protocol(), protectedResourceScheme);
	}
	return equalIgnoringCase(url.protocol(), m_scheme);
	}

	bool CSPSource::hostMatches(const KURL& url) const
	{
	const String& host = url.host();
	if (equalIgnoringCase(host, m_host))
	return true;
	return m_hostHasWildcard && host.endsWith("." + m_host, false);

	}

	bool CSPSource::pathMatches(const KURL& url) const
	{
	if (m_path.isEmpty())
	return true;

	String path = decodeURLEscapeSequences(url.path());

	if (m_path.endsWith("/"))
	return path.startsWith(m_path, false);

	return path == m_path;
	}

	bool CSPSource::portMatches(const KURL& url) const
	{
	if (m_portHasWildcard)
	return true;

	int port = url.port();

	if (port == m_port)
	return true;

	if (!port)
	return isDefaultPortForProtocol(m_port, url.protocol());

	if (!m_port)
	return isDefaultPortForProtocol(port, url.protocol());

	return false;
	}

	bool CSPSource::isSchemeOnly() const
	{
	return m_host.isEmpty();
	}

	} // namespace