void ContentSecurityPolicySourceList::parse(const String& value)
{
if (isSourceListNone(value)) {
m_isNone = true;
return;
}
auto characters = StringView(value).upconvertedCharacters();
parse(characters, characters + value.length());
}
// source-list = *WSP [ source *( 1*WSP source ) *WSP ]
// / *WSP "'none'" *WSP
//
void CSPSourceList::parse(const UChar* begin, const UChar* end)
{
// We represent 'none' as an empty m_list.
if (isSourceListNone(begin, end))
return;
const UChar* position = begin;
while (position < end) {
skipWhile<UChar, isASCIISpace>(position, end);
if (position == end)
return;
const UChar* beginSource = position;
skipWhile<UChar, isSourceCharacter>(position, end);
String scheme, host, path;
int port = 0;
CSPSource::WildcardDisposition hostWildcard = CSPSource::NoWildcard;
CSPSource::WildcardDisposition portWildcard = CSPSource::NoWildcard;
if (parseSource(beginSource, position, scheme, host, port, path, hostWildcard, portWildcard)) {
// Wildcard hosts and keyword sources ('self', 'unsafe-inline',
// etc.) aren't stored in m_list, but as attributes on the source
// list itself.
if (scheme.isEmpty() && host.isEmpty())
continue;
if (m_policy->isDirectiveName(host))
m_policy->reportDirectiveAsSourceExpression(m_directiveName, host);
m_list.append(CSPSource(m_policy, scheme, host, port, path, hostWildcard, portWildcard));
} else {
m_policy->reportInvalidSourceExpression(m_directiveName, String(beginSource, position - beginSource));
}
ASSERT(position == end || isASCIISpace(*position));
}
}
