horok/firefox
1
0
Fork 0
Code Activity
firefox/dom/security/CSPViolationData.h
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

72 lines
2.3 KiB
C++
Raw Permalink Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef DOM_SECURITY_CSPVIOLATION_H_
#define DOM_SECURITY_CSPVIOLATION_H_
#include "nsCOMPtr.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIURI.h"
#include "nsString.h"
#include "mozilla/RefPtr.h"
#include "mozilla/Variant.h"
#include <cstdint>
class nsIURI;
namespace mozilla::dom {
class Element;
// Represents parts of <https://w3c.github.io/webappsec-csp/#violation>.
// The remaining parts can be deduced from the corresponding nsCSPContext.
struct CSPViolationData {
enum class BlockedContentSource {
Unknown,
Inline,
Eval,
Self,
WasmEval,
TrustedTypesPolicy,
TrustedTypesSink,
};
using Resource = mozilla::Variant<nsCOMPtr<nsIURI>, BlockedContentSource>;
// According to https://github.com/w3c/webappsec-csp/issues/442 column- and
// line-numbers are expected to be 1-origin.
//
// @param aSample Will be truncated if necessary.
// @param aHashSHA256 The source code sha256 hash (encoded as base64) for
// inline scripts and styles.
// https://w3c.github.io/webappsec-csp/#grammardef-hash-source
CSPViolationData(uint32_t aViolatedPolicyIndex, Resource&& aResource,
const CSPDirective aEffectiveDirective,
const nsACString& aSourceFile, uint32_t aLineNumber,
uint32_t aColumnNumber, Element* aElement,
const nsAString& aSample,
const nsACString& aHashSHA256 = ""_ns);
~CSPViolationData();
static const nsDependentSubstring MaybeTruncateSample(
const nsAString& aSample);
BlockedContentSource BlockedContentSourceOrUnknown() const;
const uint32_t mViolatedPolicyIndex;
const Resource mResource;
const CSPDirective mEffectiveDirective;
// String representation of the URL. The empty string represents a null-URL.
const nsCString mSourceFile;
const uint32_t mLineNumber;
const uint32_t mColumnNumber;
RefPtr<Element> mElement;
const nsString mSample;
const nsCString mHashSHA256;
};
} // namespace mozilla::dom
#endif // DOM_SECURITY_CSPVIOLATION_H_
View git blame Copy permalink