Blink roll 25b6bd3a7a131ffe68d809546ad1a20707915cdc:3a503f41ae42e5b79cfcd2ff10e65afde...
[chromium-blink-merge.git] / extensions / common / csp_validator.h
blobe7446f6d4fd885f0363d7002f9d780053e3ab7ba
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_CSP_VALIDATOR_H_
6 #define EXTENSIONS_COMMON_CSP_VALIDATOR_H_
8 #include <string>
10 #include "extensions/common/manifest.h"
12 namespace extensions {
14 namespace csp_validator {
16 // Checks whether the given |policy| is legal for use in the extension system.
17 // This check just ensures that the policy doesn't contain any characters that
18 // will cause problems when we transmit the policy in an HTTP header.
19 bool ContentSecurityPolicyIsLegal(const std::string& policy);
21 // Checks whether the given |policy| meets the minimum security requirements
22 // for use in the extension system.
24 // Ideally, we would like to say that an XSS vulnerability in the extension
25 // should not be able to execute script, even in the precense of an active
26 // network attacker.
28 // However, we found that it broke too many deployed extensions to limit
29 // 'unsafe-eval' in the script-src directive, so that is allowed as a special
30 // case for extensions. Platform apps disallow it.
31 bool ContentSecurityPolicyIsSecure(
32 const std::string& policy, Manifest::Type type);
34 // Checks whether the given |policy| enforces a unique origin sandbox as
35 // defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/
36 // the-iframe-element.html#attr-iframe-sandbox. The policy must have the
37 // "sandbox" directive, and the sandbox tokens must not include
38 // "allow-same-origin". Additional restrictions may be imposed depending on
39 // |type|.
40 bool ContentSecurityPolicyIsSandboxed(
41 const std::string& policy, Manifest::Type type);
43 } // namespace csp_validator
45 } // namespace extensions
47 #endif // EXTENSIONS_COMMON_CSP_VALIDATOR_H_