Package org.htmlunit.csp

Class Policy

java.lang.Object

org.htmlunit.csp.Policy

public final class Policy
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static enum	Policy.InlineType
private static final class	Policy.NamedDirective
static interface	Policy.PolicyErrorConsumer
static interface	Policy.PolicyListErrorConsumer
static enum	Policy.Severity

Field Summary

Fields

Modifier and Type	Field	Description
private SourceExpressionDirective	baseUri_
private boolean	blockAllMixedContent_
private List<Policy.NamedDirective>	directives_
private final EnumMap<FetchDirectiveKind,SourceExpressionDirective>	fetchDirectives_
private SourceExpressionDirective	formAction_
private FrameAncestorsDirective	frameAncestors_
private SourceExpressionDirective	navigateTo_
private PluginTypesDirective	pluginTypes_
private FetchDirectiveKind	prefetchSrc_
private RFC7230Token	reportTo_
private ReportUriDirective	reportUri_
private SandboxDirective	sandbox_
private boolean	upgradeInsecureRequests_

Constructor Summary

Constructors

Modifier	Constructor	Description
private	Policy()

Method Summary

Modifier and Type	Method	Description
private Directive	add(String name, List<String> values, Directive.DirectiveErrorConsumer directiveErrorConsumer)
boolean	allowsApplicationManifest(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsConnection(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsEval()
boolean	allowsExternalScript(Optional<String> nonce, Optional<String> integrity, Optional<URLWithScheme> scriptUrl, Optional<Boolean> parserInserted, Optional<URLWithScheme> origin)
boolean	allowsExternalStyle(Optional<String> nonce, Optional<URLWithScheme> styleUrl, Optional<URLWithScheme> origin)
boolean	allowsFont(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsFormAction(Optional<URLWithScheme> to, Optional<Boolean> redirected, Optional<URLWithScheme> redirectedTo, Optional<URLWithScheme> origin)
boolean	allowsFrame(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsFrameAncestor(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsImage(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsInlineScript(Optional<String> nonce, Optional<String> source, Optional<Boolean> parserInserted)
boolean	allowsInlineStyle(Optional<String> nonce, Optional<String> source)
boolean	allowsJavascriptUrlNavigation(Optional<String> source, Optional<URLWithScheme> origin)
boolean	allowsMedia(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsNavigation(Optional<URLWithScheme> to, Optional<Boolean> redirected, Optional<URLWithScheme> redirectedTo, Optional<URLWithScheme> origin)
boolean	allowsObject(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsPlugin(Optional<MediaType> mediaType)
boolean	allowsPrefetch(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsScriptAsAttribute(Optional<String> source)
boolean	allowsStyleAsAttribute(Optional<String> source)
boolean	allowsWorker(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
Optional<SourceExpressionDirective>	baseUri()
boolean	blockAllMixedContent()
private static String	collect(String input, String regex)
private boolean	doesElementMatchSourceListForTypeAndSource(Policy.InlineType type, Optional<String> nonce, Optional<String> source, Optional<Boolean> parserInserted)
static boolean	doesUrlMatchSourceListInOrigin(URLWithScheme url, HostSourceDirective list, Optional<URLWithScheme> origin)
(package private) static void	enforceAscii(String s)
Optional<SourceExpressionDirective>	formAction()
Optional<FrameAncestorsDirective>	frameAncestors()
Optional<SourceExpressionDirective>	getFetchDirective(FetchDirectiveKind kind)
Optional<SourceExpressionDirective>	getGoverningDirectiveForEffectiveDirective(FetchDirectiveKind kind)
private static boolean	hostPartMatches(String a, String b)
Optional<SourceExpressionDirective>	navigateTo()
private static String	normalizeBase64Url(String input)
static Policy	parseSerializedCSP(String serialized, Policy.PolicyErrorConsumer policyErrorConsumer)
static PolicyList	parseSerializedCSPList(String serialized, Policy.PolicyListErrorConsumer policyListErrorConsumer)
private static boolean	pathPartMatches(String pathA, String pathB)
Optional<PluginTypesDirective>	pluginTypes()
private static boolean	portPartMatches(int a, int portB, String schemeB)
Optional<FetchDirectiveKind>	prefetchSrc()
Optional<RFC7230Token>	reportTo()
Optional<ReportUriDirective>	reportUri()
Optional<SandboxDirective>	sandbox()
private static boolean	schemePartMatches(String a, String b)
private static String	stripLeadingWhitespace(String string)
private static String	stripTrailingWhitespace(String string)
String	toString()
boolean	upgradeInsecureRequests()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

directives_

private List<Policy.NamedDirective> directives_

baseUri_

private SourceExpressionDirective baseUri_

blockAllMixedContent_

private boolean blockAllMixedContent_

formAction_

private SourceExpressionDirective formAction_

frameAncestors_

private FrameAncestorsDirective frameAncestors_

navigateTo_

private SourceExpressionDirective navigateTo_

pluginTypes_

private PluginTypesDirective pluginTypes_

prefetchSrc_

private FetchDirectiveKind prefetchSrc_

reportTo_

private RFC7230Token reportTo_

reportUri_

private ReportUriDirective reportUri_

sandbox_

private SandboxDirective sandbox_

upgradeInsecureRequests_

private boolean upgradeInsecureRequests_

fetchDirectives_

private final EnumMap<FetchDirectiveKind,SourceExpressionDirective> fetchDirectives_

Constructor Details

Policy

private Policy()

Method Details

parseSerializedCSPList

public static PolicyList parseSerializedCSPList(String serialized,
 Policy.PolicyListErrorConsumer policyListErrorConsumer)

parseSerializedCSP

public static Policy parseSerializedCSP(String serialized,
 Policy.PolicyErrorConsumer policyErrorConsumer)

add

private Directive add(String name,
 List<String> values,
 Directive.DirectiveErrorConsumer directiveErrorConsumer)

toString

public String toString()

Overrides:

toString in class Object

baseUri

public Optional<SourceExpressionDirective> baseUri()

blockAllMixedContent

public boolean blockAllMixedContent()

formAction

public Optional<SourceExpressionDirective> formAction()

frameAncestors

public Optional<FrameAncestorsDirective> frameAncestors()

navigateTo

public Optional<SourceExpressionDirective> navigateTo()

pluginTypes

public Optional<PluginTypesDirective> pluginTypes()

prefetchSrc

public Optional<FetchDirectiveKind> prefetchSrc()

reportTo

public Optional<RFC7230Token> reportTo()

reportUri

public Optional<ReportUriDirective> reportUri()

sandbox

public Optional<SandboxDirective> sandbox()

upgradeInsecureRequests

public boolean upgradeInsecureRequests()

getFetchDirective

public Optional<SourceExpressionDirective> getFetchDirective(FetchDirectiveKind kind)

allowsExternalScript

public boolean allowsExternalScript(Optional<String> nonce,
 Optional<String> integrity,
 Optional<URLWithScheme> scriptUrl,
 Optional<Boolean> parserInserted,
 Optional<URLWithScheme> origin)

allowsInlineScript

public boolean allowsInlineScript(Optional<String> nonce,
 Optional<String> source,
 Optional<Boolean> parserInserted)

allowsScriptAsAttribute

public boolean allowsScriptAsAttribute(Optional<String> source)

allowsEval

public boolean allowsEval()

allowsNavigation

public boolean allowsNavigation(Optional<URLWithScheme> to,
 Optional<Boolean> redirected,
 Optional<URLWithScheme> redirectedTo,
 Optional<URLWithScheme> origin)

allowsFormAction

public boolean allowsFormAction(Optional<URLWithScheme> to,
 Optional<Boolean> redirected,
 Optional<URLWithScheme> redirectedTo,
 Optional<URLWithScheme> origin)

allowsJavascriptUrlNavigation

public boolean allowsJavascriptUrlNavigation(Optional<String> source,
 Optional<URLWithScheme> origin)

allowsExternalStyle

public boolean allowsExternalStyle(Optional<String> nonce,
 Optional<URLWithScheme> styleUrl,
 Optional<URLWithScheme> origin)

allowsInlineStyle

public boolean allowsInlineStyle(Optional<String> nonce,
 Optional<String> source)

allowsStyleAsAttribute

public boolean allowsStyleAsAttribute(Optional<String> source)

allowsFrame

public boolean allowsFrame(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsFrameAncestor

public boolean allowsFrameAncestor(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsConnection

public boolean allowsConnection(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsFont

public boolean allowsFont(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsImage

public boolean allowsImage(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsApplicationManifest

public boolean allowsApplicationManifest(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsMedia

public boolean allowsMedia(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsObject

public boolean allowsObject(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsPrefetch

public boolean allowsPrefetch(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsWorker

public boolean allowsWorker(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsPlugin

public boolean allowsPlugin(Optional<MediaType> mediaType)

getGoverningDirectiveForEffectiveDirective

public Optional<SourceExpressionDirective> getGoverningDirectiveForEffectiveDirective(FetchDirectiveKind kind)

doesElementMatchSourceListForTypeAndSource

private boolean doesElementMatchSourceListForTypeAndSource(Policy.InlineType type,
 Optional<String> nonce,
 Optional<String> source,
 Optional<Boolean> parserInserted)

normalizeBase64Url

private static String normalizeBase64Url(String input)

doesUrlMatchSourceListInOrigin

public static boolean doesUrlMatchSourceListInOrigin(URLWithScheme url,
 HostSourceDirective list,
 Optional<URLWithScheme> origin)

schemePartMatches

private static boolean schemePartMatches(String a,
 String b)

hostPartMatches

private static boolean hostPartMatches(String a,
 String b)

portPartMatches

private static boolean portPartMatches(int a,
 int portB,
 String schemeB)

pathPartMatches

private static boolean pathPartMatches(String pathA,
 String pathB)

enforceAscii

static void enforceAscii(String s)

stripLeadingWhitespace

private static String stripLeadingWhitespace(String string)

stripTrailingWhitespace

private static String stripTrailingWhitespace(String string)

collect

private static String collect(String input,
 String regex)