Crate content_security_policy

Expand description

Parse and validate Web Content-Security-Policy level 3

§Example

extern crate content_security_policy;
use content_security_policy::*;
fn main() {
    let csp_list = CspList::parse("script-src *.notriddle.com", PolicySource::Header, PolicyDisposition::Enforce);
    let (check_result, _) = csp_list.should_request_be_blocked(&Request {
        url: Url::parse("https://www.notriddle.com/script.js").unwrap(),
        origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
        redirect_count: 0,
        destination: Destination::Script,
        initiator: Initiator::None,
        nonce: String::new(),
        integrity_metadata: String::new(),
        parser_metadata: ParserMetadata::None,
    });
    assert_eq!(check_result, CheckResult::Allowed);
    let (check_result, _) = csp_list.should_request_be_blocked(&Request {
        url: Url::parse("https://www.evil.example/script.js").unwrap(),
        origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
        redirect_count: 0,
        destination: Destination::Script,
        initiator: Initiator::None,
        nonce: String::new(),
        integrity_metadata: String::new(),
        parser_metadata: ParserMetadata::None,
    });
    assert_eq!(check_result, CheckResult::Blocked);
}

Re-exports§

pub extern crate percent_encoding;
pub extern crate url;

Modules§

sandboxing_directive
text_util 🔒

Structs§

CspList: https://www.w3.org/TR/CSP/#csp-list
Directive: https://www.w3.org/TR/CSP/#directives
Element
HashFunction: https://www.w3.org/TR/SRI/#integrity-metadata
InvalidDestination
Policy: A single parsed content security policy.
Request: request to be validated
Response: response to be validated https://fetch.spec.whatwg.org/#concept-response
SourceList 🔒: https://www.w3.org/TR/CSP/#framework-directive-source-list
Url: A parsed URL record.
Violation: violation information

Enums§

AllowResult 🔒: https://www.w3.org/TR/CSP/#allow-all-inline
CheckResult: Many algorithms are allowed to return either “Allowed” or “Blocked”. The spec describes these as strings.
Destination
HashAlgorithm
Initiator
InlineCheckType: The valid values for type are “script”, “script attribute”, “style”, and “style attribute”.
MatchResult: https://www.w3.org/TR/CSP/#match-element-to-source-list
NavigationCheckType: The valid values for type are “form-submission” and “other”.
Origin: The origin of an URL
ParserMetadata
PolicyDisposition: https://www.w3.org/TR/CSP/#policy-disposition
PolicySource: https://www.w3.org/TR/CSP/#policy-source
Position: Indicates a position within a URL based on its components.
SubresourceIntegrityMetadata: https://www.w3.org/TR/SRI/#parse-metadata
Violates: https://www.w3.org/TR/CSP/#does-request-violate-policy
ViolationResource: violation information

Statics§

DIRECTIVE_NAME_GRAMMAR 🔒: https://www.w3.org/TR/CSP/#grammardef-directive-name
DIRECTIVE_VALUE_TOKEN_GRAMMAR 🔒: https://www.w3.org/TR/CSP/#grammardef-directive-value
HASH_SOURCE_GRAMMAR 🔒: https://www.w3.org/TR/CSP/#grammardef-hash-source
HOST_SOURCE_GRAMMAR 🔒: https://www.w3.org/TR/CSP/#grammardef-host-source
NONCE_SOURCE_GRAMMAR 🔒: https://www.w3.org/TR/CSP/#grammardef-nonce-source
NONE_SOURCE_GRAMMAR 🔒
SCHEME_SOURCE_GRAMMAR 🔒: https://www.w3.org/TR/CSP/#grammardef-scheme-source
SUBRESOURCE_METADATA_GRAMMAR 🔒: https://www.w3.org/TR/SRI/#the-integrity-attribute This corresponds to the “hash-expression” grammar.
TRUSTED_POLICY_SOURCE_GRAMMAR 🔒: https://www.w3.org/TR/trusted-types/#trusted-types-csp-directive

Functions§

default_port 🔒
default_port_str 🔒
does_url_match_expression_in_origin_with_redirect_count 🔒: https://www.w3.org/TR/CSP/#match-url-to-source-expression
get_fetch_directive_fallback_list 🔒: https://www.w3.org/TR/CSP/#directive-fallback-list
get_the_effective_directive_for_inline_checks 🔒: https://www.w3.org/TR/CSP/#effective-directive-for-inline-check
get_the_effective_directive_for_request 🔒: https://www.w3.org/TR/CSP/#effective-directive-for-a-request
host_part_match 🔒: https://www.w3.org/TR/CSP/#match-hosts
origin_scheme_part_match 🔒
parse_subresource_integrity_metadata: https://www.w3.org/TR/SRI/#parse-metadata
path_part_match 🔒: https://www.w3.org/TR/CSP/#match-paths
port_part_match 🔒: https://www.w3.org/TR/CSP/#match-ports
request_is_script_like 🔒: https://fetch.spec.whatwg.org/#request-destination-script-like
scheme_is_httpx 🔒
scheme_is_network 🔒
scheme_part_match 🔒: https://www.w3.org/TR/CSP/#match-schemes
script_directives_postrequest_check 🔒: https://www.w3.org/TR/CSP/#script-post-request
script_directives_prerequest_check 🔒: https://www.w3.org/TR/CSP/#script-pre-request
should_fetch_directive_execute 🔒: https://www.w3.org/TR/CSP/#should-directive-execute
url_port 🔒

Crate content_security_policyCopy item path

§Example

Re-exports§

Modules§

Structs§

Enums§

Statics§

Functions§

Crate content_security_policy