<?php
class ContentSecurityPolicy {
const DEFAULT_SRC = 'default-src';
const SCRIPT_SRC = 'script-src';
const OBJECT_SRC = 'object-src';
const STYLE_SRC = 'style-src';
const IMG_SRC = 'img-src';
const MEDIA_SRC = 'media-src';
const FRAME_SRC = 'frame-src';
const FONT_SRC = 'font-src';
const CONNECT_SRC = 'connect-src';
const SOURCE_NONE = "'none'";
const SOURCE_SELF = "'self'";
const SOURCE_UNSAFE_INLINE = "'unsafe-inline'";
const SOURCE_UNSAFE_EVAL = "'unsafe-eval'";
private $policy;
public function __construct() {
$this->policy = array();
$this->policy[self::DEFAULT_SRC] = array();
$this->policy[self::SCRIPT_SRC] = array();
$this->policy[self::OBJECT_SRC] = array();
$this->policy[self::STYLE_SRC] = array();
$this->policy[self::IMG_SRC] = array();
$this->policy[self::MEDIA_SRC] = array();
$this->policy[self::FRAME_SRC] = array();
$this->policy[self::FONT_SRC] = array();
$this->policy[self::CONNECT_SRC] = array();
}
private function copy() {
$retval = new ContentSecurityPolicy();
foreach ($this->policy as $directive => $sources) {
foreach ($sources as $source) {
array_push($retval->policy[$directive], $source);
}
}
return $retval;
}
function addSource($directive, $source) {
if (!isset($this->policy[$directive])) {
throw new CSPException("Invalid directive");
}
$this->policy[$directive][] = $source;
return $this;
}
function toString() {
$retval = array();
foreach ($this->policy as $directive => $sources) {
if (sizeof($sources) > 0) {
$retval[] = join(' ', [$directive, join(' ', $sources)]);
}
}
return join('; ', $retval);
}
}
class CSPException extends \Exception {}
$CSP = new ContentSecurityPolicy();
$CSP->addSource(ContentSecurityPolicy::DEFAULT_SRC, ContentSecurityPolicy::SOURCE_SELF) ->addSource(CSP::SCRIPT_SRC, CSP::SOURCE_SELF)
->addSource(CSP::SCRIPT_SRC, 'http://code.jquery.com')
->addSource(CSP::STYLE_SRC, SOURCE_SELF)
->addSource(CSP::STYLE_SRC, 'https://bootstrapcdn.com')
->addSource(CSP::FONT_SRC, 'https://fonts.googleapis.com');
echo $CSP->toString();
exit("\nDone!\n");
- Output for git.master, git.master_jit, rfc.property-hooks
- Fatal error: Uncaught Error: Class "CSP" not found in /in/A4ADq:65
Stack trace:
#0 {main}
thrown in /in/A4ADq on line 65
Process exited with code 255.
This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.
Active branches
Archived branches
Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page
preferences:
49.95 ms | 401 KiB | 8 Q