Name Description Size
CSPEvalChecker.cpp static 6014
CSPEvalChecker.h 1047
DOMSecurityManager.cpp static 6142
DOMSecurityManager.h mozilla_dom_DOMSecurityManager_h 1277
featurepolicy 10
FramingChecker.cpp static 10084
FramingChecker.h Logs to the window about a X-Frame-Options error. @param aMessageTag the error message identifier to log @param aParentURI || aParentBrowsingContext * @parentURI: the URI * @aParentBrowsingContext: the BrowsingContext of the document that the frame is loading into @param aChildURI the URI of the frame attempting to load @param aPolicy the header value string from the frame @param aInnerWindowID the inner window id for logging to the console. 2017
fuzztest 3 1718
nsContentSecurityManager.cpp static 38151
nsContentSecurityManager.h nsContentSecurityManager_h___ 1674
nsContentSecurityUtils.cpp A namespace class for static content security utilities. 24617
nsContentSecurityUtils.h A namespace class for static content security utilities. 1544
nsCSPContext.cpp This function is only used for verification purposes within GatherSecurityPolicyViolationEventData. 68539
nsCSPContext.h SetRequestContextWithDocument() needs to be called before the innerWindowID is initialized on the document. Use this function to call back to flush queued up console messages and initialize the innerWindowID. Node, If SetRequestContextWithPrincipal() was called then we do not have a innerWindowID anyway and hence we can not flush messages to the correct console. 8104
nsCSPParser.cpp ===== nsCSPParser ==================== 44384
nsCSPParser.h The CSP parser only has one publicly accessible function, which is parseContentSecurityPolicy. Internally the input string is separated into string tokens and policy() is called, which starts parsing the policy. The parser calls one function after the other according the the source-list from E.g., the parser can only call port() after the parser has already processed any possible host in host(), similar to a finite state machine. 6671
nsCSPService.cpp static 13721
nsCSPService.h nsCSPService_h___ 1856
nsCSPUtils.cpp 52545
nsCSPUtils.h =============== Logging =================== 23005
nsMixedContentBlocker.cpp 46959
nsMixedContentBlocker.h daf1461b-bf29-4f88-8d0e-4bcdf332c862 3295
PolicyTokenizer.cpp 2241
PolicyTokenizer.h How does the parsing work? We generate tokens by splitting the policy-string by whitespace and semicolon. Interally the tokens are represented as an array of string-arrays: [ [ name, src, src, src, ... ], [ name, src, src, src, ... ], [ name, src, src, src, ... ] ] for example: [ [ img-src,, ], [ default-src, 'self'], [ script-src, 'unsafe-eval', 'unsafe-inline' ], ] 2090
ReferrerInfo.cpp Parse ReferrerPolicy from token. The supported tokens are defined in ReferrerPolicy.webidl. The legacy tokens are "never", "default", "always" and "origin-when-crossorigin". The legacy tokens are only supported in meta referrer content @param aContent content string to be transformed into ReferrerPolicyEnum, e.g. "origin". 43519
ReferrerInfo.h The ReferrerInfo class holds the raw referrer and potentially a referrer policy which allows to query the computed referrer which should be applied to a channel as the actual referrer value. The ReferrerInfo class solely contains readonly fields and represents a 1:1 sync to the referrer header of the corresponding channel. In turn that means the class is immutable - so any modifications require to clone the current ReferrerInfo. For example if a request undergoes a redirect, the new channel will need a new ReferrerInfo clone with members being updated accordingly. 16035
SRICheck.cpp Returns whether or not the sub-resource about to be loaded is eligible for integrity checks. If it's not, the checks will be skipped and the sub-resource will be loaded. 18086
SRICheck.h Parse the multiple hashes specified in the integrity attribute and return the strongest supported hash. 4008
SRILogHelper.h 691
SRIMetadata.cpp 5462
SRIMetadata.h Create an empty metadata object. 2286
test 9