1/* 2 * Copyright (C) 2011 Google, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#ifndef DOMSecurityPolicy_h 27#define DOMSecurityPolicy_h 28 29#include "ContextDestructionObserver.h" 30#include <wtf/PassOwnPtr.h> 31#include <wtf/RefCounted.h> 32#include <wtf/Vector.h> 33#include <wtf/text/WTFString.h> 34 35namespace WebCore { 36 37class ContentSecurityPolicy; 38class DOMStringList; 39class Frame; 40 41class DOMSecurityPolicy : public RefCounted<DOMSecurityPolicy>, public ContextDestructionObserver { 42public: 43 static PassRefPtr<DOMSecurityPolicy> create(ScriptExecutionContext* context) 44 { 45 return adoptRef(new DOMSecurityPolicy(context)); 46 } 47 ~DOMSecurityPolicy(); 48 49 bool isActive() const; 50 PassRefPtr<DOMStringList> reportURIs() const; 51 52 bool allowsInlineScript() const; 53 bool allowsInlineStyle() const; 54 bool allowsEval() const; 55 56 bool allowsConnectionTo(const String& url) const; 57 bool allowsFontFrom(const String& url) const; 58 bool allowsFormAction(const String& url) const; 59 bool allowsFrameFrom(const String& url) const; 60 bool allowsImageFrom(const String& url) const; 61 bool allowsMediaFrom(const String& url) const; 62 bool allowsObjectFrom(const String& url) const; 63 bool allowsPluginType(const String& type) const; 64 bool allowsScriptFrom(const String& url) const; 65 bool allowsStyleFrom(const String& url) const; 66 67private: 68 explicit DOMSecurityPolicy(ScriptExecutionContext*); 69}; 70 71} 72 73#endif 74