Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / extensions / common / csp_validator.h
blob93676b0b8e66dcbb6f5a7d82d9ba0e337323aaf5
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_CSP_VALIDATOR_H_
6 #define EXTENSIONS_COMMON_CSP_VALIDATOR_H_
8 #include <string>
10 #include "extensions/common/manifest.h"
12 namespace extensions {
14 namespace csp_validator {
16 // Checks whether the given |policy| is legal for use in the extension system.
17 // This check just ensures that the policy doesn't contain any characters that
18 // will cause problems when we transmit the policy in an HTTP header.
19 bool ContentSecurityPolicyIsLegal(const std::string& policy);
21 // This specifies options for configuring which CSP directives are permitted in
22 // extensions.
23 enum Options {
24 OPTIONS_NONE = 0,
25 // Allows 'unsafe-eval' to be specified as a source in a directive.
26 OPTIONS_ALLOW_UNSAFE_EVAL = 1 << 0,
27 // Allow an object-src to be specified with any sources (i.e. it may contain
28 // wildcards or http sources). Specifying this requires the CSP to contain
29 // a plugin-types directive which restricts the plugins that can be loaded
30 // to those which are fully sandboxed.
31 OPTIONS_ALLOW_INSECURE_OBJECT_SRC = 1 << 1,
34 // Checks whether the given |policy| meets the minimum security requirements
35 // for use in the extension system.
37 // Ideally, we would like to say that an XSS vulnerability in the extension
38 // should not be able to execute script, even in the precense of an active
39 // network attacker.
41 // However, we found that it broke too many deployed extensions to limit
42 // 'unsafe-eval' in the script-src directive, so that is allowed as a special
43 // case for extensions. Platform apps disallow it.
45 // |options| is a bitmask of Options.
47 // If |warnings| is not NULL, any validation errors are appended to |warnings|.
48 // Returns the sanitized policy.
49 std::string SanitizeContentSecurityPolicy(
50 const std::string& policy,
51 int options,
52 std::vector<InstallWarning>* warnings);
54 // Checks whether the given |policy| enforces a unique origin sandbox as
55 // defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/
56 // the-iframe-element.html#attr-iframe-sandbox. The policy must have the
57 // "sandbox" directive, and the sandbox tokens must not include
58 // "allow-same-origin". Additional restrictions may be imposed depending on
59 // |type|.
60 bool ContentSecurityPolicyIsSandboxed(
61 const std::string& policy, Manifest::Type type);
63 } // namespace csp_validator
65 } // namespace extensions
67 #endif // EXTENSIONS_COMMON_CSP_VALIDATOR_H_