bool CSPDirectiveList::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const { DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to apply inline style because it violates the following Content Security Policy directive: ")); return reportingStatus == ContentSecurityPolicy::SendReport ? checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage, contextURL, contextLine, false) : checkInline(operativeDirective(m_styleSrc.get())); }
bool CSPDirectiveList::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const { DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute inline event handler because it violates the following Content Security Policy directive: ")); if (reportingStatus == ContentSecurityPolicy::SendReport) return checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, contextURL, contextLine, true); return checkInline(operativeDirective(m_scriptSrc.get())); }
bool CSPDirectiveList::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus, const String& content) const { if (reportingStatus == ContentSecurityPolicy::SendReport) { return checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), "Refused to apply inline style because it violates the following Content Security Policy directive: ", contextURL, contextLine, false, getSha256String(content)); } return checkInline(operativeDirective(m_styleSrc.get())); }
bool CSPDirectiveList::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const { if (reportingStatus == ContentSecurityPolicy::SendReport) { return checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), "Refused to execute inline event handler because it violates the following Content Security Policy directive: ", contextURL, contextLine, true, "sha256-..."); } return checkInline(operativeDirective(m_scriptSrc.get())); }
bool ContentSecurityPolicy::allowInlineStyle() const { DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to apply inline style because of Content-Security-Policy.\n")); return checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage); }
bool ContentSecurityPolicy::allowInlineEventHandlers() const { DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute inline event handler because of Content-Security-Policy.\n")); return checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage); }