[−][src]Crate content_security_policy
Parse and validate Web Content-Security-Policy level 3
Example
extern crate content_security_policy; use content_security_policy::*; fn main() { let csp_list = CspList::parse("script-src *.notriddle.com", PolicySource::Header, PolicyDisposition::Enforce); let (check_result, _) = csp_list.should_request_be_blocked(&Request { url: Url::parse("https://www.notriddle.com/script.js").unwrap(), origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443), redirect_count: 0, destination: Destination::Script, initiator: Initiator::None, nonce: String::new(), integrity_metadata: String::new(), parser_metadata: ParserMetadata::None, }); assert_eq!(check_result, CheckResult::Allowed); let (check_result, _) = csp_list.should_request_be_blocked(&Request { url: Url::parse("https://www.evil.example/script.js").unwrap(), origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443), redirect_count: 0, destination: Destination::Script, initiator: Initiator::None, nonce: String::new(), integrity_metadata: String::new(), parser_metadata: ParserMetadata::None, }); assert_eq!(check_result, CheckResult::Blocked); }
Re-exports
pub extern crate url; |
pub extern crate percent_encoding; |
Modules
sandboxing_directive | |
text_util |
Structs
CspList | https://www.w3.org/TR/CSP/#csp-list |
Directive | https://www.w3.org/TR/CSP/#directives |
Element | |
HashFunction | https://www.w3.org/TR/SRI/#integrity-metadata |
Policy | A single parsed content security policy. |
Request | request to be validated |
Response | response to be validated |
Url | A parsed URL record. |
Violation | violation information |
Enums
CheckResult | Many algorithms are allowed to return either "Allowed" or "Blocked". The spec describes these as strings. |
Destination | |
HashAlgorithm | |
Initiator | |
InlineCheckType | The valid values for type are "script", "script attribute", "style", and "style attribute". |
MatchResult | https://www.w3.org/TR/CSP/#match-element-to-source-list |
Origin | The origin of an URL |
ParserMetadata | |
PolicyDisposition | https://www.w3.org/TR/CSP/#policy-disposition |
PolicySource | https://www.w3.org/TR/CSP/#policy-source |
SubresourceIntegrityMetadata | https://www.w3.org/TR/SRI/#parse-metadata |
Violates | https://www.w3.org/TR/CSP/#does-request-violate-policy |
ViolationResource | violation information |
Functions
parse_subresource_integrity_metadata | https://www.w3.org/TR/SRI/#parse-metadata |