extensions/common/csp_validator.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_COMMON_CSP_VALIDATOR_H_
   6 #define EXTENSIONS_COMMON_CSP_VALIDATOR_H_
   7
   8 #include <string>
   9
  10 #include "extensions/common/manifest.h"
  11
  12 namespace extensions {
  13
  14 namespace csp_validator {
  15
  16 // Checks whether the given |policy| is legal for use in the extension system.
  17 // This check just ensures that the policy doesn't contain any characters that
  18 // will cause problems when we transmit the policy in an HTTP header.
  19 bool ContentSecurityPolicyIsLegal(const std::string& policy);
  20
  21 // This specifies options for configuring which CSP directives are permitted in
  22 // extensions.
  23 enum Options {
  24   OPTIONS_NONE = 0,
  25   // Allows 'unsafe-eval' to be specified as a source in a directive.
  26   OPTIONS_ALLOW_UNSAFE_EVAL = 1 << 0,
  27   // Allow an object-src to be specified with any sources (i.e. it may contain
  28   // wildcards or http sources). Specifying this requires the CSP to contain
  29   // a plugin-types directive which restricts the plugins that can be loaded
  30   // to those which are fully sandboxed.
  31   OPTIONS_ALLOW_INSECURE_OBJECT_SRC = 1 << 1,
  32 };
  33
  34 // Checks whether the given |policy| meets the minimum security requirements
  35 // for use in the extension system.
  36 //
  37 // Ideally, we would like to say that an XSS vulnerability in the extension
  38 // should not be able to execute script, even in the precense of an active
  39 // network attacker.
  40 //
  41 // However, we found that it broke too many deployed extensions to limit
  42 // 'unsafe-eval' in the script-src directive, so that is allowed as a special
  43 // case for extensions. Platform apps disallow it.
  44 //
  45 // |options| is a bitmask of Options.
  46 //
  47 // If |warnings| is not NULL, any validation errors are appended to |warnings|.
  48 // Returns the sanitized policy.
  49 std::string SanitizeContentSecurityPolicy(
  50     const std::string& policy,
  51     int options,
  52     std::vector<InstallWarning>* warnings);
  53
  54 // Checks whether the given |policy| enforces a unique origin sandbox as
  55 // defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/
  56 // the-iframe-element.html#attr-iframe-sandbox. The policy must have the
  57 // "sandbox" directive, and the sandbox tokens must not include
  58 // "allow-same-origin". Additional restrictions may be imposed depending on
  59 // |type|.
  60 bool ContentSecurityPolicyIsSandboxed(
  61     const std::string& policy, Manifest::Type type);
  62
  63 }  // namespace csp_validator
  64
  65 }  // namespace extensions
  66
  67 #endif  // EXTENSIONS_COMMON_CSP_VALIDATOR_H_