1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "mozilla/ArrayUtils.h"
8 #include "mozilla/TextUtils.h"
9 #include "mozilla/dom/Document.h"
10 #include "mozilla/Preferences.h"
11 #include "mozilla/StaticPrefs_security.h"
13 #include "nsContentUtils.h"
14 #include "nsCSPParser.h"
15 #include "nsCSPUtils.h"
16 #include "nsIScriptError.h"
17 #include "nsNetUtil.h"
18 #include "nsReadableUtils.h"
19 #include "nsServiceManagerUtils.h"
20 #include "nsUnicharUtils.h"
22 using namespace mozilla
;
23 using namespace mozilla::dom
;
25 static LogModule
* GetCspParserLog() {
26 static LazyLogModule
gCspParserPRLog("CSPParser");
27 return gCspParserPRLog
;
30 #define CSPPARSERLOG(args) \
31 MOZ_LOG(GetCspParserLog(), mozilla::LogLevel::Debug, args)
32 #define CSPPARSERLOGENABLED() \
33 MOZ_LOG_TEST(GetCspParserLog(), mozilla::LogLevel::Debug)
35 static const uint32_t kSubHostPathCharacterCutoff
= 512;
37 static const char* const kHashSourceValidFns
[] = {"sha256", "sha384", "sha512"};
38 static const uint32_t kHashSourceValidFnsLen
= 3;
40 /* ===== nsCSPParser ==================== */
42 nsCSPParser::nsCSPParser(policyTokens
& aTokens
, nsIURI
* aSelfURI
,
43 nsCSPContext
* aCSPContext
, bool aDeliveredViaMetaTag
,
44 bool aSuppressLogMessages
)
47 mHasHashOrNonce(false),
48 mHasAnyUnsafeEval(false),
49 mStrictDynamic(false),
50 mUnsafeInlineKeywordSrc(nullptr),
56 mParsingFrameAncestorsDir(false),
57 mTokens(aTokens
.Clone()),
60 mCSPContext(aCSPContext
),
61 mDeliveredViaMetaTag(aDeliveredViaMetaTag
),
62 mSuppressLogMessages(aSuppressLogMessages
) {
63 CSPPARSERLOG(("nsCSPParser::nsCSPParser"));
66 nsCSPParser::~nsCSPParser() { CSPPARSERLOG(("nsCSPParser::~nsCSPParser")); }
68 static bool isCharacterToken(char16_t aSymbol
) {
69 return (aSymbol
>= 'a' && aSymbol
<= 'z') ||
70 (aSymbol
>= 'A' && aSymbol
<= 'Z');
73 bool isNumberToken(char16_t aSymbol
) {
74 return (aSymbol
>= '0' && aSymbol
<= '9');
77 bool isValidHexDig(char16_t aHexDig
) {
78 return (isNumberToken(aHexDig
) || (aHexDig
>= 'A' && aHexDig
<= 'F') ||
79 (aHexDig
>= 'a' && aHexDig
<= 'f'));
82 static bool isValidBase64Value(const char16_t
* cur
, const char16_t
* end
) {
84 // https://w3c.github.io/webappsec-csp/#grammardef-nonce-source
86 // May end with one or two =
87 if (end
> cur
&& *(end
- 1) == EQUALS
) end
--;
88 if (end
> cur
&& *(end
- 1) == EQUALS
) end
--;
90 // Must have at least one character aside from any =
95 // Rest must all be A-Za-z0-9+/-_
96 for (; cur
< end
; ++cur
) {
97 if (!(isCharacterToken(*cur
) || isNumberToken(*cur
) || *cur
== PLUS
||
98 *cur
== SLASH
|| *cur
== DASH
|| *cur
== UNDERLINE
)) {
106 void nsCSPParser::resetCurChar(const nsAString
& aToken
) {
107 mCurChar
= aToken
.BeginReading();
108 mEndChar
= aToken
.EndReading();
112 // The path is terminated by the first question mark ("?") or
113 // number sign ("#") character, or by the end of the URI.
114 // http://tools.ietf.org/html/rfc3986#section-3.3
115 bool nsCSPParser::atEndOfPath() {
116 return (atEnd() || peek(QUESTIONMARK
) || peek(NUMBER_SIGN
));
119 // unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
120 bool nsCSPParser::atValidUnreservedChar() {
121 return (peek(isCharacterToken
) || peek(isNumberToken
) || peek(DASH
) ||
122 peek(DOT
) || peek(UNDERLINE
) || peek(TILDE
));
125 // sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
126 // / "*" / "+" / "," / ";" / "="
127 // Please note that even though ',' and ';' appear to be
128 // valid sub-delims according to the RFC production of paths,
129 // both can not appear here by itself, they would need to be
130 // pct-encoded in order to be part of the path.
131 bool nsCSPParser::atValidSubDelimChar() {
132 return (peek(EXCLAMATION
) || peek(DOLLAR
) || peek(AMPERSAND
) ||
133 peek(SINGLEQUOTE
) || peek(OPENBRACE
) || peek(CLOSINGBRACE
) ||
134 peek(WILDCARD
) || peek(PLUS
) || peek(EQUALS
));
137 // pct-encoded = "%" HEXDIG HEXDIG
138 bool nsCSPParser::atValidPctEncodedChar() {
139 const char16_t
* pctCurChar
= mCurChar
;
141 if ((pctCurChar
+ 2) >= mEndChar
) {
142 // string too short, can't be a valid pct-encoded char.
146 // Any valid pct-encoding must follow the following format:
148 if (PERCENT_SIGN
!= *pctCurChar
|| !isValidHexDig(*(pctCurChar
+ 1)) ||
149 !isValidHexDig(*(pctCurChar
+ 2))) {
155 // pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
156 // http://tools.ietf.org/html/rfc3986#section-3.3
157 bool nsCSPParser::atValidPathChar() {
158 return (atValidUnreservedChar() || atValidSubDelimChar() ||
159 atValidPctEncodedChar() || peek(COLON
) || peek(ATSYMBOL
));
162 void nsCSPParser::logWarningErrorToConsole(uint32_t aSeverityFlag
,
163 const char* aProperty
,
164 const nsTArray
<nsString
>& aParams
) {
165 CSPPARSERLOG(("nsCSPParser::logWarningErrorToConsole: %s", aProperty
));
167 if (mSuppressLogMessages
) {
171 // send console messages off to the context and let the context
172 // deal with it (potentially messages need to be queued up)
173 mCSPContext
->logToConsole(aProperty
, aParams
,
174 u
""_ns
, // aSourceName
175 u
""_ns
, // aSourceLine
178 aSeverityFlag
); // aFlags
181 bool nsCSPParser::hostChar() {
185 return accept(isCharacterToken
) || accept(isNumberToken
) || accept(DASH
);
188 // (ALPHA / DIGIT / "+" / "-" / "." )
189 bool nsCSPParser::schemeChar() {
193 return accept(isCharacterToken
) || accept(isNumberToken
) || accept(PLUS
) ||
194 accept(DASH
) || accept(DOT
);
197 // port = ":" ( 1*DIGIT / "*" )
198 bool nsCSPParser::port() {
199 CSPPARSERLOG(("nsCSPParser::port, mCurToken: %s, mCurValue: %s",
200 NS_ConvertUTF16toUTF8(mCurToken
).get(),
201 NS_ConvertUTF16toUTF8(mCurValue
).get()));
203 // Consume the COLON we just peeked at in houstSource
206 // Resetting current value since we start to parse a port now.
207 // e.g; "http://www.example.com:8888" then we have already parsed
208 // everything up to (including) ":";
212 if (accept(WILDCARD
)) {
216 // Port must start with a number
217 if (!accept(isNumberToken
)) {
218 AutoTArray
<nsString
, 1> params
= {mCurToken
};
219 logWarningErrorToConsole(nsIScriptError::warningFlag
, "couldntParsePort",
223 // Consume more numbers and set parsed port to the nsCSPHost
224 while (accept(isNumberToken
)) { /* consume */
229 bool nsCSPParser::subPath(nsCSPHostSrc
* aCspHost
) {
230 CSPPARSERLOG(("nsCSPParser::subPath, mCurToken: %s, mCurValue: %s",
231 NS_ConvertUTF16toUTF8(mCurToken
).get(),
232 NS_ConvertUTF16toUTF8(mCurValue
).get()));
234 // Emergency exit to avoid endless loops in case a path in a CSP policy
235 // is longer than 512 characters, or also to avoid endless loops
236 // in case we are parsing unrecognized characters in the following loop.
237 uint32_t charCounter
= 0;
238 nsString pctDecodedSubPath
;
240 while (!atEndOfPath()) {
242 // before appendig any additional portion of a subpath we have to
243 // pct-decode that portion of the subpath. atValidPathChar() already
244 // verified a correct pct-encoding, now we can safely decode and append
245 // the decoded-sub path.
246 CSP_PercentDecodeStr(mCurValue
, pctDecodedSubPath
);
247 aCspHost
->appendPath(pctDecodedSubPath
);
248 // Resetting current value since we are appending parts of the path
249 // to aCspHost, e.g; "http://www.example.com/path1/path2" then the
250 // first part is "/path1", second part "/path2"
252 } else if (!atValidPathChar()) {
253 AutoTArray
<nsString
, 1> params
= {mCurToken
};
254 logWarningErrorToConsole(nsIScriptError::warningFlag
,
255 "couldntParseInvalidSource", params
);
258 // potentially we have encountred a valid pct-encoded character in
259 // atValidPathChar(); if so, we have to account for "% HEXDIG HEXDIG" and
260 // advance the pointer past the pct-encoded char.
261 if (peek(PERCENT_SIGN
)) {
266 if (++charCounter
> kSubHostPathCharacterCutoff
) {
270 // before appendig any additional portion of a subpath we have to pct-decode
271 // that portion of the subpath. atValidPathChar() already verified a correct
272 // pct-encoding, now we can safely decode and append the decoded-sub path.
273 CSP_PercentDecodeStr(mCurValue
, pctDecodedSubPath
);
274 aCspHost
->appendPath(pctDecodedSubPath
);
279 bool nsCSPParser::path(nsCSPHostSrc
* aCspHost
) {
280 CSPPARSERLOG(("nsCSPParser::path, mCurToken: %s, mCurValue: %s",
281 NS_ConvertUTF16toUTF8(mCurToken
).get(),
282 NS_ConvertUTF16toUTF8(mCurValue
).get()));
284 // Resetting current value and forgetting everything we have parsed so far
285 // e.g. parsing "http://www.example.com/path1/path2", then
286 // "http://www.example.com" has already been parsed so far
290 if (!accept(SLASH
)) {
291 AutoTArray
<nsString
, 1> params
= {mCurToken
};
292 logWarningErrorToConsole(nsIScriptError::warningFlag
,
293 "couldntParseInvalidSource", params
);
297 // one slash right after host [port] is also considered a path, e.g.
298 // www.example.com/ should result in www.example.com/
299 // please note that we do not have to perform any pct-decoding here
300 // because we are just appending a '/' and not any actual chars.
301 aCspHost
->appendPath(u
"/"_ns
);
304 // path can begin with "/" but not "//"
305 // see http://tools.ietf.org/html/rfc3986#section-3.3
307 AutoTArray
<nsString
, 1> params
= {mCurToken
};
308 logWarningErrorToConsole(nsIScriptError::warningFlag
,
309 "couldntParseInvalidSource", params
);
312 return subPath(aCspHost
);
315 bool nsCSPParser::subHost() {
316 CSPPARSERLOG(("nsCSPParser::subHost, mCurToken: %s, mCurValue: %s",
317 NS_ConvertUTF16toUTF8(mCurToken
).get(),
318 NS_ConvertUTF16toUTF8(mCurValue
).get()));
320 // Emergency exit to avoid endless loops in case a host in a CSP policy
321 // is longer than 512 characters, or also to avoid endless loops
322 // in case we are parsing unrecognized characters in the following loop.
323 uint32_t charCounter
= 0;
325 while (!atEndOfPath() && !peek(COLON
) && !peek(SLASH
)) {
331 if (accept(DOT
) && !hostChar()) {
334 if (charCounter
> kSubHostPathCharacterCutoff
) {
341 // host = "*" / [ "*." ] 1*host-char *( "." 1*host-char )
342 nsCSPHostSrc
* nsCSPParser::host() {
343 CSPPARSERLOG(("nsCSPParser::host, mCurToken: %s, mCurValue: %s",
344 NS_ConvertUTF16toUTF8(mCurToken
).get(),
345 NS_ConvertUTF16toUTF8(mCurValue
).get()));
347 // Check if the token starts with "*"; please remember that we handle
348 // a single "*" as host in sourceExpression, but we still have to handle
349 // the case where a scheme was defined, e.g., as:
350 // "https://*", "*.example.com", "*:*", etc.
351 if (accept(WILDCARD
)) {
352 // Might solely be the wildcard
353 if (atEnd() || peek(COLON
)) {
354 return new nsCSPHostSrc(mCurValue
);
356 // If the token is not only the "*", a "." must follow right after
358 AutoTArray
<nsString
, 1> params
= {mCurToken
};
359 logWarningErrorToConsole(nsIScriptError::warningFlag
,
360 "couldntParseInvalidHost", params
);
365 // Expecting at least one host-char
367 AutoTArray
<nsString
, 1> params
= {mCurToken
};
368 logWarningErrorToConsole(nsIScriptError::warningFlag
,
369 "couldntParseInvalidHost", params
);
373 // There might be several sub hosts defined.
375 AutoTArray
<nsString
, 1> params
= {mCurToken
};
376 logWarningErrorToConsole(nsIScriptError::warningFlag
,
377 "couldntParseInvalidHost", params
);
381 // HostName might match a keyword, log to the console.
382 if (CSP_IsQuotelessKeyword(mCurValue
)) {
383 nsString keyword
= mCurValue
;
384 ToLowerCase(keyword
);
385 AutoTArray
<nsString
, 2> params
= {mCurToken
, keyword
};
386 logWarningErrorToConsole(nsIScriptError::warningFlag
,
387 "hostNameMightBeKeyword", params
);
390 // Create a new nsCSPHostSrc with the parsed host.
391 return new nsCSPHostSrc(mCurValue
);
394 // keyword-source = "'self'" / "'unsafe-inline'" / "'unsafe-eval'" /
395 // "'wasm-unsafe-eval'"
396 nsCSPBaseSrc
* nsCSPParser::keywordSource() {
397 CSPPARSERLOG(("nsCSPParser::keywordSource, mCurToken: %s, mCurValue: %s",
398 NS_ConvertUTF16toUTF8(mCurToken
).get(),
399 NS_ConvertUTF16toUTF8(mCurValue
).get()));
401 // Special case handling for 'self' which is not stored internally as a
402 // keyword, but rather creates a nsCSPHostSrc using the selfURI
403 if (CSP_IsKeyword(mCurToken
, CSP_SELF
)) {
404 return CSP_CreateHostSrcFromSelfURI(mSelfURI
);
407 if (CSP_IsKeyword(mCurToken
, CSP_REPORT_SAMPLE
)) {
408 return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken
));
411 if (CSP_IsKeyword(mCurToken
, CSP_STRICT_DYNAMIC
)) {
412 if (!CSP_IsDirective(mCurDir
[0],
413 nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE
) &&
414 !CSP_IsDirective(mCurDir
[0],
415 nsIContentSecurityPolicy::SCRIPT_SRC_ELEM_DIRECTIVE
) &&
416 !CSP_IsDirective(mCurDir
[0],
417 nsIContentSecurityPolicy::SCRIPT_SRC_ATTR_DIRECTIVE
) &&
418 !CSP_IsDirective(mCurDir
[0],
419 nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE
)) {
420 AutoTArray
<nsString
, 1> params
= {u
"strict-dynamic"_ns
};
421 logWarningErrorToConsole(nsIScriptError::warningFlag
,
422 "ignoringStrictDynamic", params
);
425 mStrictDynamic
= true;
426 return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken
));
429 if (CSP_IsKeyword(mCurToken
, CSP_UNSAFE_INLINE
)) {
430 // make sure script-src only contains 'unsafe-inline' once;
431 // ignore duplicates and log warning
432 if (mUnsafeInlineKeywordSrc
) {
433 AutoTArray
<nsString
, 1> params
= {mCurToken
};
434 logWarningErrorToConsole(nsIScriptError::warningFlag
,
435 "ignoringDuplicateSrc", params
);
438 // cache if we encounter 'unsafe-inline' so we can invalidate (ignore) it in
439 // case that script-src directive also contains hash- or nonce-.
440 mUnsafeInlineKeywordSrc
=
441 new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken
));
442 return mUnsafeInlineKeywordSrc
;
445 if (CSP_IsKeyword(mCurToken
, CSP_UNSAFE_EVAL
)) {
446 mHasAnyUnsafeEval
= true;
447 return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken
));
450 if (CSP_IsKeyword(mCurToken
, CSP_WASM_UNSAFE_EVAL
)) {
451 mHasAnyUnsafeEval
= true;
452 return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken
));
455 if (CSP_IsKeyword(mCurToken
, CSP_UNSAFE_HASHES
)) {
456 return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken
));
462 // host-source = [ scheme "://" ] host [ port ] [ path ]
463 nsCSPHostSrc
* nsCSPParser::hostSource() {
464 CSPPARSERLOG(("nsCSPParser::hostSource, mCurToken: %s, mCurValue: %s",
465 NS_ConvertUTF16toUTF8(mCurToken
).get(),
466 NS_ConvertUTF16toUTF8(mCurValue
).get()));
468 nsCSPHostSrc
* cspHost
= host();
470 // Error was reported in host()
474 // Calling port() to see if there is a port to parse, if an error
475 // occurs, port() reports the error, if port() returns true;
476 // we have a valid port, so we add it to cspHost.
482 cspHost
->setPort(mCurValue
);
489 // Calling path() to see if there is a path to parse, if an error
490 // occurs, path() reports the error; handing cspHost as an argument
491 // which simplifies parsing of several paths.
492 if (!path(cspHost
)) {
493 // If the host [port] is followed by a path, it has to be a valid path,
494 // otherwise we pass the nullptr, indicating an error, up the callstack.
495 // see also http://www.w3.org/TR/CSP11/#source-list
502 // scheme-source = scheme ":"
503 nsCSPSchemeSrc
* nsCSPParser::schemeSource() {
504 CSPPARSERLOG(("nsCSPParser::schemeSource, mCurToken: %s, mCurValue: %s",
505 NS_ConvertUTF16toUTF8(mCurToken
).get(),
506 NS_ConvertUTF16toUTF8(mCurValue
).get()));
508 if (!accept(isCharacterToken
)) {
511 while (schemeChar()) { /* consume */
513 nsString scheme
= mCurValue
;
515 // If the potential scheme is not followed by ":" - it's not a scheme
516 if (!accept(COLON
)) {
520 // If the chraracter following the ":" is a number or the "*"
521 // then we are not parsing a scheme; but rather a host;
522 if (peek(isNumberToken
) || peek(WILDCARD
)) {
526 return new nsCSPSchemeSrc(scheme
);
529 // nonce-source = "'nonce-" nonce-value "'"
530 nsCSPNonceSrc
* nsCSPParser::nonceSource() {
531 CSPPARSERLOG(("nsCSPParser::nonceSource, mCurToken: %s, mCurValue: %s",
532 NS_ConvertUTF16toUTF8(mCurToken
).get(),
533 NS_ConvertUTF16toUTF8(mCurValue
).get()));
535 // Check if mCurToken begins with "'nonce-" and ends with "'"
536 if (!StringBeginsWith(mCurToken
,
537 nsDependentString(CSP_EnumToUTF16Keyword(CSP_NONCE
)),
538 nsASCIICaseInsensitiveStringComparator
) ||
539 mCurToken
.Last() != SINGLEQUOTE
) {
543 // Trim surrounding single quotes
544 const nsAString
& expr
= Substring(mCurToken
, 1, mCurToken
.Length() - 2);
546 int32_t dashIndex
= expr
.FindChar(DASH
);
550 if (!isValidBase64Value(expr
.BeginReading() + dashIndex
+ 1,
551 expr
.EndReading())) {
555 // cache if encountering hash or nonce to invalidate unsafe-inline
556 mHasHashOrNonce
= true;
557 return new nsCSPNonceSrc(
558 Substring(expr
, dashIndex
+ 1, expr
.Length() - dashIndex
+ 1));
561 // hash-source = "'" hash-algo "-" base64-value "'"
562 nsCSPHashSrc
* nsCSPParser::hashSource() {
563 CSPPARSERLOG(("nsCSPParser::hashSource, mCurToken: %s, mCurValue: %s",
564 NS_ConvertUTF16toUTF8(mCurToken
).get(),
565 NS_ConvertUTF16toUTF8(mCurValue
).get()));
567 // Check if mCurToken starts and ends with "'"
568 if (mCurToken
.First() != SINGLEQUOTE
|| mCurToken
.Last() != SINGLEQUOTE
) {
572 // Trim surrounding single quotes
573 const nsAString
& expr
= Substring(mCurToken
, 1, mCurToken
.Length() - 2);
575 int32_t dashIndex
= expr
.FindChar(DASH
);
580 if (!isValidBase64Value(expr
.BeginReading() + dashIndex
+ 1,
581 expr
.EndReading())) {
585 nsAutoString
algo(Substring(expr
, 0, dashIndex
));
587 Substring(expr
, dashIndex
+ 1, expr
.Length() - dashIndex
+ 1));
589 for (uint32_t i
= 0; i
< kHashSourceValidFnsLen
; i
++) {
590 if (algo
.LowerCaseEqualsASCII(kHashSourceValidFns
[i
])) {
591 // cache if encountering hash or nonce to invalidate unsafe-inline
592 mHasHashOrNonce
= true;
593 return new nsCSPHashSrc(algo
, hash
);
599 // source-expression = scheme-source / host-source / keyword-source
600 // / nonce-source / hash-source
601 nsCSPBaseSrc
* nsCSPParser::sourceExpression() {
602 CSPPARSERLOG(("nsCSPParser::sourceExpression, mCurToken: %s, mCurValue: %s",
603 NS_ConvertUTF16toUTF8(mCurToken
).get(),
604 NS_ConvertUTF16toUTF8(mCurValue
).get()));
606 // Check if it is a keyword
607 if (nsCSPBaseSrc
* cspKeyword
= keywordSource()) {
611 // Check if it is a nonce-source
612 if (nsCSPNonceSrc
* cspNonce
= nonceSource()) {
616 // Check if it is a hash-source
617 if (nsCSPHashSrc
* cspHash
= hashSource()) {
621 // We handle a single "*" as host here, to avoid any confusion when applying
622 // the default scheme. However, we still would need to apply the default
623 // scheme in case we would parse "*:80".
624 if (mCurToken
.EqualsASCII("*")) {
625 return new nsCSPHostSrc(u
"*"_ns
);
628 // Calling resetCurChar allows us to use mCurChar and mEndChar
629 // to parse mCurToken; e.g. mCurToken = "http://www.example.com", then
631 // mEndChar = points just after the last 'm'
633 resetCurChar(mCurToken
);
635 // Check if mCurToken starts with a scheme
636 nsAutoString parsedScheme
;
637 if (nsCSPSchemeSrc
* cspScheme
= schemeSource()) {
638 // mCurToken might only enforce a specific scheme
642 // If something follows the scheme, we do not create
643 // a nsCSPSchemeSrc, but rather a nsCSPHostSrc, which
644 // needs to know the scheme to enforce; remember the
645 // scheme and delete cspScheme;
646 cspScheme
->toString(parsedScheme
);
647 parsedScheme
.Trim(":", false, true);
650 // If mCurToken provides not only a scheme, but also a host, we have to
651 // check if two slashes follow the scheme.
652 if (!accept(SLASH
) || !accept(SLASH
)) {
653 AutoTArray
<nsString
, 1> params
= {mCurToken
};
654 logWarningErrorToConsole(nsIScriptError::warningFlag
,
655 "failedToParseUnrecognizedSource", params
);
660 // Calling resetCurValue allows us to keep pointers for mCurChar and mEndChar
661 // alive, but resets mCurValue; e.g. mCurToken = "http://www.example.com",
662 // then mCurChar = 'w' mEndChar = 'm' mCurValue = ""
665 // If mCurToken does not provide a scheme (scheme-less source), we apply the
666 // scheme from selfURI
667 if (parsedScheme
.IsEmpty()) {
668 // Resetting internal helpers, because we might already have parsed some of
669 // the host when trying to parse a scheme.
670 resetCurChar(mCurToken
);
671 nsAutoCString selfScheme
;
672 mSelfURI
->GetScheme(selfScheme
);
673 parsedScheme
.AssignASCII(selfScheme
.get());
676 // At this point we are expecting a host to be parsed.
677 // Trying to create a new nsCSPHost.
678 if (nsCSPHostSrc
* cspHost
= hostSource()) {
679 // Do not forget to set the parsed scheme.
680 cspHost
->setScheme(parsedScheme
);
681 cspHost
->setWithinFrameAncestorsDir(mParsingFrameAncestorsDir
);
684 // Error was reported in hostSource()
688 // source-list = *WSP [ source-expression *( 1*WSP source-expression ) *WSP ]
689 // / *WSP "'none'" *WSP
690 void nsCSPParser::sourceList(nsTArray
<nsCSPBaseSrc
*>& outSrcs
) {
693 // remember, srcs start at index 1
694 for (uint32_t i
= 1; i
< mCurDir
.Length(); i
++) {
695 // mCurToken is only set here and remains the current token
696 // to be processed, which avoid passing arguments between functions.
697 mCurToken
= mCurDir
[i
];
700 CSPPARSERLOG(("nsCSPParser::sourceList, mCurToken: %s, mCurValue: %s",
701 NS_ConvertUTF16toUTF8(mCurToken
).get(),
702 NS_ConvertUTF16toUTF8(mCurValue
).get()));
704 // Special case handling for none:
705 // Ignore 'none' if any other src is available.
706 // (See http://www.w3.org/TR/CSP11/#parsing)
707 if (CSP_IsKeyword(mCurToken
, CSP_NONE
)) {
711 // Must be a regular source expression
712 nsCSPBaseSrc
* src
= sourceExpression();
714 outSrcs
.AppendElement(src
);
718 // Check if the directive contains a 'none'
720 // If the directive contains no other srcs, then we set the 'none'
721 if (outSrcs
.IsEmpty() ||
722 (outSrcs
.Length() == 1 && outSrcs
[0]->isReportSample())) {
723 nsCSPKeywordSrc
* keyword
= new nsCSPKeywordSrc(CSP_NONE
);
724 outSrcs
.InsertElementAt(0, keyword
);
726 // Otherwise, we ignore 'none' and report a warning
728 AutoTArray
<nsString
, 1> params
;
729 params
.AppendElement(CSP_EnumToUTF16Keyword(CSP_NONE
));
730 logWarningErrorToConsole(nsIScriptError::warningFlag
,
731 "ignoringUnknownOption", params
);
736 void nsCSPParser::reportURIList(nsCSPDirective
* aDir
) {
737 CSPPARSERLOG(("nsCSPParser::reportURIList"));
739 nsTArray
<nsCSPBaseSrc
*> srcs
;
740 nsCOMPtr
<nsIURI
> uri
;
743 // remember, srcs start at index 1
744 for (uint32_t i
= 1; i
< mCurDir
.Length(); i
++) {
745 mCurToken
= mCurDir
[i
];
747 CSPPARSERLOG(("nsCSPParser::reportURIList, mCurToken: %s, mCurValue: %s",
748 NS_ConvertUTF16toUTF8(mCurToken
).get(),
749 NS_ConvertUTF16toUTF8(mCurValue
).get()));
751 rv
= NS_NewURI(getter_AddRefs(uri
), mCurToken
, "", mSelfURI
);
753 // If creating the URI casued an error, skip this URI
755 AutoTArray
<nsString
, 1> params
= {mCurToken
};
756 logWarningErrorToConsole(nsIScriptError::warningFlag
,
757 "couldNotParseReportURI", params
);
761 // Create new nsCSPReportURI and append to the list.
762 nsCSPReportURI
* reportURI
= new nsCSPReportURI(uri
);
763 srcs
.AppendElement(reportURI
);
766 if (srcs
.Length() == 0) {
767 AutoTArray
<nsString
, 1> directiveName
= {mCurToken
};
768 logWarningErrorToConsole(nsIScriptError::warningFlag
,
769 "ignoringDirectiveWithNoValues", directiveName
);
775 mPolicy
->addDirective(aDir
);
778 /* Helper function for parsing sandbox flags. This function solely concatenates
779 * all the source list tokens (the sandbox flags) so the attribute parser
780 * (nsContentUtils::ParseSandboxAttributeToFlags) can parse them.
782 void nsCSPParser::sandboxFlagList(nsCSPDirective
* aDir
) {
783 CSPPARSERLOG(("nsCSPParser::sandboxFlagList"));
787 // remember, srcs start at index 1
788 for (uint32_t i
= 1; i
< mCurDir
.Length(); i
++) {
789 mCurToken
= mCurDir
[i
];
791 CSPPARSERLOG(("nsCSPParser::sandboxFlagList, mCurToken: %s, mCurValue: %s",
792 NS_ConvertUTF16toUTF8(mCurToken
).get(),
793 NS_ConvertUTF16toUTF8(mCurValue
).get()));
795 if (!nsContentUtils::IsValidSandboxFlag(mCurToken
)) {
796 AutoTArray
<nsString
, 1> params
= {mCurToken
};
797 logWarningErrorToConsole(nsIScriptError::warningFlag
,
798 "couldntParseInvalidSandboxFlag", params
);
802 flags
.Append(mCurToken
);
803 if (i
!= mCurDir
.Length() - 1) {
804 flags
.AppendLiteral(" ");
808 // Please note that the sandbox directive can exist
809 // by itself (not containing any flags).
810 nsTArray
<nsCSPBaseSrc
*> srcs
;
811 srcs
.AppendElement(new nsCSPSandboxFlags(flags
));
813 mPolicy
->addDirective(aDir
);
816 // directive-value = *( WSP / <VCHAR except ";" and ","> )
817 void nsCSPParser::directiveValue(nsTArray
<nsCSPBaseSrc
*>& outSrcs
) {
818 CSPPARSERLOG(("nsCSPParser::directiveValue"));
820 // Just forward to sourceList
824 // directive-name = 1*( ALPHA / DIGIT / "-" )
825 nsCSPDirective
* nsCSPParser::directiveName() {
826 CSPPARSERLOG(("nsCSPParser::directiveName, mCurToken: %s, mCurValue: %s",
827 NS_ConvertUTF16toUTF8(mCurToken
).get(),
828 NS_ConvertUTF16toUTF8(mCurValue
).get()));
830 // Check if it is a valid directive
831 CSPDirective directive
= CSP_StringToCSPDirective(mCurToken
);
832 if (directive
== nsIContentSecurityPolicy::NO_DIRECTIVE
) {
833 AutoTArray
<nsString
, 1> params
= {mCurToken
};
834 logWarningErrorToConsole(nsIScriptError::warningFlag
,
835 "couldNotProcessUnknownDirective", params
);
839 // The directive 'reflected-xss' is part of CSP 1.1, see:
840 // http://www.w3.org/TR/2014/WD-CSP11-20140211/#reflected-xss
841 // Currently we are not supporting that directive, hence we log a
842 // warning to the console and ignore the directive including its values.
843 if (directive
== nsIContentSecurityPolicy::REFLECTED_XSS_DIRECTIVE
) {
844 AutoTArray
<nsString
, 1> params
= {mCurToken
};
845 logWarningErrorToConsole(nsIScriptError::warningFlag
,
846 "notSupportingDirective", params
);
850 // Make sure the directive does not already exist
851 // (see http://www.w3.org/TR/CSP11/#parsing)
852 if (mPolicy
->hasDirective(directive
)) {
853 AutoTArray
<nsString
, 1> params
= {mCurToken
};
854 logWarningErrorToConsole(nsIScriptError::warningFlag
, "duplicateDirective",
859 // CSP delivered via meta tag should ignore the following directives:
860 // report-uri, frame-ancestors, and sandbox, see:
861 // http://www.w3.org/TR/CSP11/#delivery-html-meta-element
862 if (mDeliveredViaMetaTag
&&
863 ((directive
== nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE
) ||
864 (directive
== nsIContentSecurityPolicy::FRAME_ANCESTORS_DIRECTIVE
) ||
865 (directive
== nsIContentSecurityPolicy::SANDBOX_DIRECTIVE
))) {
866 // log to the console to indicate that meta CSP is ignoring the directive
867 AutoTArray
<nsString
, 1> params
= {mCurToken
};
868 logWarningErrorToConsole(nsIScriptError::warningFlag
,
869 "ignoringSrcFromMetaCSP", params
);
873 // special case handling for block-all-mixed-content
874 if (directive
== nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT
) {
875 // If mixed content upgrade is enabled for all types block-all-mixed-content
877 if (mozilla::StaticPrefs::
878 security_mixed_content_upgrade_display_content() &&
879 mozilla::StaticPrefs::
880 security_mixed_content_upgrade_display_content_image() &&
881 mozilla::StaticPrefs::
882 security_mixed_content_upgrade_display_content_audio() &&
883 mozilla::StaticPrefs::
884 security_mixed_content_upgrade_display_content_video()) {
885 // log to the console that if mixed content display upgrading is enabled
886 // block-all-mixed-content is obsolete.
887 AutoTArray
<nsString
, 1> params
= {mCurToken
};
888 logWarningErrorToConsole(nsIScriptError::warningFlag
,
889 "obsoleteBlockAllMixedContent", params
);
891 return new nsBlockAllMixedContentDirective(directive
);
894 // special case handling for upgrade-insecure-requests
895 if (directive
== nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE
) {
896 return new nsUpgradeInsecureDirective(directive
);
899 // if we have a child-src, cache it as a fallback for
900 // * workers (if worker-src is not explicitly specified)
901 // * frames (if frame-src is not explicitly specified)
902 if (directive
== nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE
) {
903 mChildSrc
= new nsCSPChildSrcDirective(directive
);
907 // if we have a frame-src, cache it so we can discard child-src for frames
908 if (directive
== nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE
) {
909 mFrameSrc
= new nsCSPDirective(directive
);
913 // if we have a worker-src, cache it so we can discard child-src for workers
914 if (directive
== nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE
) {
915 mWorkerSrc
= new nsCSPDirective(directive
);
919 // if we have a script-src, cache it as a fallback for worker-src
920 // in case child-src is not present. It is also used as a fallback for
921 // script-src-elem and script-src-attr.
922 if (directive
== nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE
) {
923 mScriptSrc
= new nsCSPScriptSrcDirective(directive
);
927 // If we have a style-src, cache it as a fallback for style-src-elem and
929 if (directive
== nsIContentSecurityPolicy::STYLE_SRC_DIRECTIVE
) {
930 mStyleSrc
= new nsCSPStyleSrcDirective(directive
);
934 return new nsCSPDirective(directive
);
937 // directive = *WSP [ directive-name [ WSP directive-value ] ]
938 void nsCSPParser::directive() {
939 // Make sure that the directive-srcs-array contains at least
941 if (mCurDir
.Length() == 0) {
942 AutoTArray
<nsString
, 1> params
= {u
"directive missing"_ns
};
943 logWarningErrorToConsole(nsIScriptError::warningFlag
,
944 "failedToParseUnrecognizedSource", params
);
948 // Set the directiveName to mCurToken
949 // Remember, the directive name is stored at index 0
950 mCurToken
= mCurDir
[0];
952 CSPPARSERLOG(("nsCSPParser::directive, mCurToken: %s, mCurValue: %s",
953 NS_ConvertUTF16toUTF8(mCurToken
).get(),
954 NS_ConvertUTF16toUTF8(mCurValue
).get()));
956 if (CSP_IsEmptyDirective(mCurValue
, mCurToken
)) {
960 // Try to create a new CSPDirective
961 nsCSPDirective
* cspDir
= directiveName();
963 // if we can not create a CSPDirective, we can skip parsing the srcs for
968 // special case handling for block-all-mixed-content, which is only specified
969 // by a directive name but does not include any srcs.
970 if (cspDir
->equals(nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT
)) {
971 if (mCurDir
.Length() > 1) {
972 AutoTArray
<nsString
, 1> params
= {u
"block-all-mixed-content"_ns
};
973 logWarningErrorToConsole(nsIScriptError::warningFlag
,
974 "ignoreSrcForDirective", params
);
976 // add the directive and return
977 mPolicy
->addDirective(cspDir
);
981 // special case handling for upgrade-insecure-requests, which is only
982 // specified by a directive name but does not include any srcs.
983 if (cspDir
->equals(nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE
)) {
984 if (mCurDir
.Length() > 1) {
985 AutoTArray
<nsString
, 1> params
= {u
"upgrade-insecure-requests"_ns
};
986 logWarningErrorToConsole(nsIScriptError::warningFlag
,
987 "ignoreSrcForDirective", params
);
989 // add the directive and return
990 mPolicy
->addUpgradeInsecDir(
991 static_cast<nsUpgradeInsecureDirective
*>(cspDir
));
995 // special case handling for report-uri directive (since it doesn't contain
996 // a valid source list but rather actual URIs)
997 if (CSP_IsDirective(mCurDir
[0],
998 nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE
)) {
999 reportURIList(cspDir
);
1003 // special case handling for sandbox directive (since it doe4sn't contain
1004 // a valid source list but rather special sandbox flags)
1005 if (CSP_IsDirective(mCurDir
[0],
1006 nsIContentSecurityPolicy::SANDBOX_DIRECTIVE
)) {
1007 sandboxFlagList(cspDir
);
1011 // make sure to reset cache variables when trying to invalidate unsafe-inline;
1012 // unsafe-inline might not only appear in script-src, but also in default-src
1013 mHasHashOrNonce
= false;
1014 mHasAnyUnsafeEval
= false;
1015 mStrictDynamic
= false;
1016 mUnsafeInlineKeywordSrc
= nullptr;
1018 mParsingFrameAncestorsDir
= CSP_IsDirective(
1019 mCurDir
[0], nsIContentSecurityPolicy::FRAME_ANCESTORS_DIRECTIVE
);
1021 // Try to parse all the srcs by handing the array off to directiveValue
1022 nsTArray
<nsCSPBaseSrc
*> srcs
;
1023 directiveValue(srcs
);
1025 // If we can not parse any srcs; we let the source expression be the empty set
1026 // ('none') see, http://www.w3.org/TR/CSP11/#source-list-parsing
1027 if (srcs
.IsEmpty() || (srcs
.Length() == 1 && srcs
[0]->isReportSample())) {
1028 nsCSPKeywordSrc
* keyword
= new nsCSPKeywordSrc(CSP_NONE
);
1029 srcs
.InsertElementAt(0, keyword
);
1032 MaybeWarnAboutIgnoredSources(srcs
);
1033 MaybeWarnAboutUnsafeInline(*cspDir
);
1034 MaybeWarnAboutUnsafeEval(*cspDir
);
1036 // Add the newly created srcs to the directive and add the directive to the
1038 cspDir
->addSrcs(srcs
);
1039 mPolicy
->addDirective(cspDir
);
1042 void nsCSPParser::MaybeWarnAboutIgnoredSources(
1043 const nsTArray
<nsCSPBaseSrc
*>& aSrcs
) {
1044 // If policy contains 'strict-dynamic' warn about ignored sources.
1045 if (mStrictDynamic
&&
1046 !CSP_IsDirective(mCurDir
[0],
1047 nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE
)) {
1048 for (uint32_t i
= 0; i
< aSrcs
.Length(); i
++) {
1049 nsAutoString srcStr
;
1050 aSrcs
[i
]->toString(srcStr
);
1051 // Hashes and nonces continue to apply with 'strict-dynamic', as well as
1052 // 'unsafe-eval', 'wasm-unsafe-eval' and 'unsafe-hashes'.
1053 if (!aSrcs
[i
]->isKeyword(CSP_STRICT_DYNAMIC
) &&
1054 !aSrcs
[i
]->isKeyword(CSP_UNSAFE_EVAL
) &&
1055 !aSrcs
[i
]->isKeyword(CSP_WASM_UNSAFE_EVAL
) &&
1056 !aSrcs
[i
]->isKeyword(CSP_UNSAFE_HASHES
) && !aSrcs
[i
]->isNonce() &&
1057 !aSrcs
[i
]->isHash()) {
1058 AutoTArray
<nsString
, 2> params
= {srcStr
, mCurDir
[0]};
1059 logWarningErrorToConsole(nsIScriptError::warningFlag
,
1060 "ignoringScriptSrcForStrictDynamic", params
);
1064 // Log a warning that all scripts might be blocked because the policy
1065 // contains 'strict-dynamic' but no valid nonce or hash.
1066 if (!mHasHashOrNonce
) {
1067 AutoTArray
<nsString
, 1> params
= {mCurDir
[0]};
1068 logWarningErrorToConsole(nsIScriptError::warningFlag
,
1069 "strictDynamicButNoHashOrNonce", params
);
1074 void nsCSPParser::MaybeWarnAboutUnsafeInline(const nsCSPDirective
& aDirective
) {
1075 // From https://w3c.github.io/webappsec-csp/#allow-all-inline
1076 // follows that when either a hash or nonce is specified, 'unsafe-inline'
1077 // should not apply.
1078 if (mHasHashOrNonce
&& mUnsafeInlineKeywordSrc
&&
1079 (aDirective
.isDefaultDirective() ||
1080 aDirective
.equals(nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE
) ||
1081 aDirective
.equals(nsIContentSecurityPolicy::SCRIPT_SRC_ELEM_DIRECTIVE
) ||
1082 aDirective
.equals(nsIContentSecurityPolicy::SCRIPT_SRC_ATTR_DIRECTIVE
) ||
1083 aDirective
.equals(nsIContentSecurityPolicy::STYLE_SRC_DIRECTIVE
) ||
1084 aDirective
.equals(nsIContentSecurityPolicy::STYLE_SRC_ELEM_DIRECTIVE
) ||
1085 aDirective
.equals(nsIContentSecurityPolicy::STYLE_SRC_ATTR_DIRECTIVE
))) {
1086 // Log to the console that unsafe-inline will be ignored.
1087 AutoTArray
<nsString
, 2> params
= {u
"'unsafe-inline'"_ns
, mCurDir
[0]};
1088 logWarningErrorToConsole(nsIScriptError::warningFlag
,
1089 "ignoringSrcWithinNonceOrHashDirective", params
);
1093 void nsCSPParser::MaybeWarnAboutUnsafeEval(const nsCSPDirective
& aDirective
) {
1094 if (mHasAnyUnsafeEval
&&
1095 (aDirective
.equals(nsIContentSecurityPolicy::SCRIPT_SRC_ELEM_DIRECTIVE
) ||
1097 nsIContentSecurityPolicy::SCRIPT_SRC_ATTR_DIRECTIVE
))) {
1098 // Log to the console that (wasm-)unsafe-eval will be ignored.
1099 AutoTArray
<nsString
, 1> params
= {mCurDir
[0]};
1100 logWarningErrorToConsole(nsIScriptError::warningFlag
, "ignoringUnsafeEval",
1105 // policy = [ directive *( ";" [ directive ] ) ]
1106 nsCSPPolicy
* nsCSPParser::policy() {
1107 CSPPARSERLOG(("nsCSPParser::policy"));
1109 mPolicy
= new nsCSPPolicy();
1110 for (uint32_t i
= 0; i
< mTokens
.Length(); i
++) {
1111 // https://w3c.github.io/webappsec-csp/#parse-serialized-policy
1112 // Step 2.2. ..., or if token is not an ASCII string, continue.
1114 // Note: In the spec the token isn't split by whitespace yet.
1115 bool isAscii
= true;
1116 for (const auto& token
: mTokens
[i
]) {
1117 if (!IsAscii(token
)) {
1118 AutoTArray
<nsString
, 1> params
= {mTokens
[i
][0], token
};
1119 logWarningErrorToConsole(nsIScriptError::warningFlag
,
1120 "ignoringNonAsciiToken", params
);
1129 // All input is already tokenized; set one tokenized array in the form of
1130 // [ name, src, src, ... ]
1131 // to mCurDir and call directive which processes the current directive.
1132 mCurDir
= mTokens
[i
].Clone();
1138 // if frame-src is specified explicitly for that policy than child-src
1139 // should not restrict frames; if not, than child-src needs to restrict
1141 mChildSrc
->setRestrictFrames();
1144 // if worker-src is specified explicitly for that policy than child-src
1145 // should not restrict workers; if not, than child-src needs to restrict
1147 mChildSrc
->setRestrictWorkers();
1151 // if script-src is specified, but not worker-src and also no child-src, then
1152 // script-src has to govern workers.
1153 if (mScriptSrc
&& !mWorkerSrc
&& !mChildSrc
) {
1154 mScriptSrc
->setRestrictWorkers();
1157 // If script-src is specified and script-src-elem is not specified, then
1158 // script-src has to govern script requests and script blocks.
1159 if (mScriptSrc
&& !mPolicy
->hasDirective(
1160 nsIContentSecurityPolicy::SCRIPT_SRC_ELEM_DIRECTIVE
)) {
1161 mScriptSrc
->setRestrictScriptElem();
1164 // If script-src is specified and script-src-attr is not specified, then
1165 // script-src has to govern script attr (event handlers).
1166 if (mScriptSrc
&& !mPolicy
->hasDirective(
1167 nsIContentSecurityPolicy::SCRIPT_SRC_ATTR_DIRECTIVE
)) {
1168 mScriptSrc
->setRestrictScriptAttr();
1171 // If style-src is specified and style-src-elem is not specified, then
1172 // style-src serves as a fallback.
1173 if (mStyleSrc
&& !mPolicy
->hasDirective(
1174 nsIContentSecurityPolicy::STYLE_SRC_ELEM_DIRECTIVE
)) {
1175 mStyleSrc
->setRestrictStyleElem();
1178 // If style-src is specified and style-attr-elem is not specified, then
1179 // style-src serves as a fallback.
1180 if (mStyleSrc
&& !mPolicy
->hasDirective(
1181 nsIContentSecurityPolicy::STYLE_SRC_ATTR_DIRECTIVE
)) {
1182 mStyleSrc
->setRestrictStyleAttr();
1188 nsCSPPolicy
* nsCSPParser::parseContentSecurityPolicy(
1189 const nsAString
& aPolicyString
, nsIURI
* aSelfURI
, bool aReportOnly
,
1190 nsCSPContext
* aCSPContext
, bool aDeliveredViaMetaTag
,
1191 bool aSuppressLogMessages
) {
1192 if (CSPPARSERLOGENABLED()) {
1193 CSPPARSERLOG(("nsCSPParser::parseContentSecurityPolicy, policy: %s",
1194 NS_ConvertUTF16toUTF8(aPolicyString
).get()));
1195 CSPPARSERLOG(("nsCSPParser::parseContentSecurityPolicy, selfURI: %s",
1196 aSelfURI
->GetSpecOrDefault().get()));
1197 CSPPARSERLOG(("nsCSPParser::parseContentSecurityPolicy, reportOnly: %s",
1198 (aReportOnly
? "true" : "false")));
1200 ("nsCSPParser::parseContentSecurityPolicy, deliveredViaMetaTag: %s",
1201 (aDeliveredViaMetaTag
? "true" : "false")));
1204 NS_ASSERTION(aSelfURI
, "Can not parseContentSecurityPolicy without aSelfURI");
1206 // Separate all input into tokens and store them in the form of:
1207 // [ [ name, src, src, ... ], [ name, src, src, ... ], ... ]
1208 // The tokenizer itself can not fail; all eventual errors
1209 // are detected in the parser itself.
1211 nsTArray
<CopyableTArray
<nsString
> > tokens
;
1212 PolicyTokenizer::tokenizePolicy(aPolicyString
, tokens
);
1214 nsCSPParser
parser(tokens
, aSelfURI
, aCSPContext
, aDeliveredViaMetaTag
,
1215 aSuppressLogMessages
);
1217 // Start the parser to generate a new CSPPolicy using the generated tokens.
1218 nsCSPPolicy
* policy
= parser
.policy();
1220 // Check that report-only policies define a report-uri, otherwise log warning.
1222 policy
->setReportOnlyFlag(true);
1223 if (!policy
->hasDirective(nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE
)) {
1224 nsAutoCString prePath
;
1225 nsresult rv
= aSelfURI
->GetPrePath(prePath
);
1226 NS_ENSURE_SUCCESS(rv
, policy
);
1227 AutoTArray
<nsString
, 1> params
;
1228 CopyUTF8toUTF16(prePath
, *params
.AppendElement());
1229 parser
.logWarningErrorToConsole(nsIScriptError::warningFlag
,
1230 "reportURInotInReportOnlyHeader", params
);
1234 policy
->setDeliveredViaMetaTagFlag(aDeliveredViaMetaTag
);
1236 if (policy
->getNumDirectives() == 0) {
1237 // Individual errors were already reported in the parser, but if
1238 // we do not have an enforcable directive at all, we return null.
1243 if (CSPPARSERLOGENABLED()) {
1244 nsString parsedPolicy
;
1245 policy
->toString(parsedPolicy
);
1246 CSPPARSERLOG(("nsCSPParser::parseContentSecurityPolicy, parsedPolicy: %s",
1247 NS_ConvertUTF16toUTF8(parsedPolicy
).get()));