tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

CSPViolationData.h (2349B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef DOM_SECURITY_CSPVIOLATION_H_
      8 #define DOM_SECURITY_CSPVIOLATION_H_
      9 
     10 #include <cstdint>
     11 
     12 #include "mozilla/RefPtr.h"
     13 #include "mozilla/Variant.h"
     14 #include "nsCOMPtr.h"
     15 #include "nsIContentSecurityPolicy.h"
     16 #include "nsIURI.h"
     17 #include "nsString.h"
     18 
     19 class nsIURI;
     20 
     21 namespace mozilla::dom {
     22 class Element;
     23 
     24 // Represents parts of <https://w3c.github.io/webappsec-csp/#violation>.
     25 // The remaining parts can be deduced from the corresponding nsCSPContext.
     26 struct CSPViolationData {
     27  enum class BlockedContentSource {
     28    Unknown,
     29    Inline,
     30    Eval,
     31    Self,
     32    WasmEval,
     33    TrustedTypesPolicy,
     34    TrustedTypesSink,
     35  };
     36 
     37  using Resource = mozilla::Variant<nsCOMPtr<nsIURI>, BlockedContentSource>;
     38 
     39  // According to https://github.com/w3c/webappsec-csp/issues/442 column- and
     40  // line-numbers are expected to be 1-origin.
     41  //
     42  // @param aSample Will be truncated if necessary.
     43  // @param aHashSHA256 The source code sha256 hash (encoded as base64) for
     44  // inline scripts and styles.
     45  //                    https://w3c.github.io/webappsec-csp/#grammardef-hash-source
     46  CSPViolationData(uint32_t aViolatedPolicyIndex, Resource&& aResource,
     47                   const CSPDirective aEffectiveDirective,
     48                   const nsACString& aSourceFile, uint32_t aLineNumber,
     49                   uint32_t aColumnNumber, Element* aElement,
     50                   const nsAString& aSample,
     51                   const nsACString& aHashSHA256 = ""_ns);
     52 
     53  ~CSPViolationData();
     54 
     55  static const nsDependentSubstring MaybeTruncateSample(
     56      const nsAString& aSample);
     57  BlockedContentSource BlockedContentSourceOrUnknown() const;
     58 
     59  uint32_t mViolatedPolicyIndex;
     60  Resource mResource;
     61  CSPDirective mEffectiveDirective;
     62  // String representation of the URL. The empty string represents a null-URL.
     63  nsCString mSourceFile;
     64  uint32_t mLineNumber;
     65  uint32_t mColumnNumber;
     66  RefPtr<Element> mElement;
     67  nsString mSample;
     68  nsCString mHashSHA256;
     69 };
     70 }  // namespace mozilla::dom
     71 
     72 #endif  // DOM_SECURITY_CSPVIOLATION_H_