[−][src]Crate content_security_policy

Parse and validate Web Content-Security-Policy level 3

Example

extern crate content_security_policy;
use content_security_policy::*;
fn main() {
    let csp_list = CspList::parse("script-src *.notriddle.com", PolicySource::Header, PolicyDisposition::Enforce);
    let (check_result, _) = csp_list.should_request_be_blocked(&Request {
        url: Url::parse("https://www.notriddle.com/script.js").unwrap(),
        origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
        redirect_count: 0,
        destination: Destination::Script,
        initiator: Initiator::None,
        nonce: String::new(),
        integrity_metadata: String::new(),
        parser_metadata: ParserMetadata::None,
    });
    assert_eq!(check_result, CheckResult::Allowed);
    let (check_result, _) = csp_list.should_request_be_blocked(&Request {
        url: Url::parse("https://www.evil.example/script.js").unwrap(),
        origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
        redirect_count: 0,
        destination: Destination::Script,
        initiator: Initiator::None,
        nonce: String::new(),
        integrity_metadata: String::new(),
        parser_metadata: ParserMetadata::None,
    });
    assert_eq!(check_result, CheckResult::Blocked);
}

Re-exports

pub extern crate url;

pub extern crate percent_encoding;

Modules

sandboxing_directive
text_util

Structs

CspList	https://www.w3.org/TR/CSP/#csp-list
Directive	https://www.w3.org/TR/CSP/#directives
Element
HashFunction	https://www.w3.org/TR/SRI/#integrity-metadata
Policy	A single parsed content security policy.
Request	request to be validated
Response	response to be validated
Url	A parsed URL record.
Violation	violation information

Enums

CheckResult	Many algorithms are allowed to return either "Allowed" or "Blocked". The spec describes these as strings.
Destination
HashAlgorithm
Initiator
InlineCheckType	The valid values for type are "script", "script attribute", "style", and "style attribute".
MatchResult	https://www.w3.org/TR/CSP/#match-element-to-source-list
Origin	The origin of an URL
ParserMetadata
PolicyDisposition	https://www.w3.org/TR/CSP/#policy-disposition
PolicySource	https://www.w3.org/TR/CSP/#policy-source
SubresourceIntegrityMetadata	https://www.w3.org/TR/SRI/#parse-metadata
Violates	https://www.w3.org/TR/CSP/#does-request-violate-policy
ViolationResource	violation information

Functions

parse_subresource_integrity_metadata

https://www.w3.org/TR/SRI/#parse-metadata