Crate content_security_policy

Expand description

Parse and validate Web Content-Security-Policy level 3

§Example

extern crate content_security_policy;
use content_security_policy::*;
fn main() {
    let csp_list = CspList::parse("script-src *.notriddle.com", PolicySource::Header, PolicyDisposition::Enforce);
    let (check_result, _) = csp_list.should_request_be_blocked(&Request {
        url: Url::parse("https://www.notriddle.com/script.js").unwrap(),
        origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
        redirect_count: 0,
        destination: Destination::Script,
        initiator: Initiator::None,
        nonce: String::new(),
        integrity_metadata: String::new(),
        parser_metadata: ParserMetadata::None,
    });
    assert_eq!(check_result, CheckResult::Allowed);
    let (check_result, _) = csp_list.should_request_be_blocked(&Request {
        url: Url::parse("https://www.evil.example/script.js").unwrap(),
        origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
        redirect_count: 0,
        destination: Destination::Script,
        initiator: Initiator::None,
        nonce: String::new(),
        integrity_metadata: String::new(),
        parser_metadata: ParserMetadata::None,
    });
    assert_eq!(check_result, CheckResult::Blocked);
}

Re-exports§

pub extern crate percent_encoding;
pub extern crate url;

Modules§

sandboxing_directive

Structs§

CspList: https://www.w3.org/TR/CSP/#csp-list
Directive: https://www.w3.org/TR/CSP/#directives
Element
HashFunction: https://www.w3.org/TR/SRI/#integrity-metadata
InvalidDestination
Policy: A single parsed content security policy.
Request: request to be validated
Response: response to be validated https://fetch.spec.whatwg.org/#concept-response
Url: A parsed URL record.
Violation: violation information

Enums§

CheckResult: Many algorithms are allowed to return either “Allowed” or “Blocked”. The spec describes these as strings.
Destination
HashAlgorithm
Initiator
InlineCheckType: The valid values for type are “script”, “script attribute”, “style”, and “style attribute”.
MatchResult: https://www.w3.org/TR/CSP/#match-element-to-source-list
Origin: The origin of an URL
ParserMetadata
PolicyDisposition: https://www.w3.org/TR/CSP/#policy-disposition
PolicySource: https://www.w3.org/TR/CSP/#policy-source
SubresourceIntegrityMetadata: https://www.w3.org/TR/SRI/#parse-metadata
Violates: https://www.w3.org/TR/CSP/#does-request-violate-policy
ViolationResource: violation information

Functions§

parse_subresource_integrity_metadata: https://www.w3.org/TR/SRI/#parse-metadata

Crate content_security_policyCopy item path

§Example

Re-exports§

Modules§

Structs§

Enums§

Functions§

Crate content_security_policy