@ 2013-12-30T20:00:13Z <?php
namespace owasp\csp;
class ContentSecurityPolicy {
const DEFAULT_SRC = 'default-src';
const SCRIPT_SRC = 'script-src';
const OBJECT_SRC = 'object-src';
const STYLE_SRC = 'style-src';
const IMG_SRC = 'img-src';
const MEDIA_SRC = 'media-src';
const FRAME_SRC = 'frame-src';
const FONT_SRC = 'font-src';
const CONNECT_SRC = 'connect-src';
const SOURCE_NONE = "'none'";
const SOURCE_SELF = "'self'";
const SOURCE_UNSAFE_INLINE = "'unsafe-inline'";
const SOURCE_UNSAFE_EVAL = "'unsafe-eval'";
private $policy;
public function __construct() {
$this->policy = array();
$this->setPolicySourceDirectives();
}
private function setPolicySourceDirectives(){
$refl = new ReflectionClass(__CLASS__);
$srcPattern = '/.+_SRC$/';
foreach ($refl->getConstants() as $constant => $value){
if (preg_match($srcPattern, $constant)){
$this->policy[constant(__CLASS__.'::'.$constant)] = array();
}
}
}
private function copy() {
$retval = new ContentSecurityPolicy();
foreach ($this->policy as $directive => $sources) {
foreach ($sources as $source) {
array_push($retval->policy[$directive], $source);
}
}
return $retval;
}
function addSource($directive, $source) {
if (!isset($this->policy[$directive])) {
throw new CSPException("Invalid directive");
}
$this->policy[$directive][] = $source;
return $this;
}
function toString() {
return $this->__toString();
}
public function __toString(){
$retval = array();
foreach ($this->policy as $directive => $sources) {
if (sizeof($sources) > 0) {
$retval[] = join(' ', array($directive, join(' ', $sources)));
}
}
return 'Content-Security-Policy: ' . join('; ', $retval);
}
}
class CSPException extends \Exception {}
use owasp\csp\ContentSecurityPolicy as CSP;
$csp = new CSP();
$csp->addSource(CSP::DEFAULT_SRC, CSP::SOURCE_SELF) ->addSource(CSP::SCRIPT_SRC, CSP::SOURCE_SELF)
->addSource(CSP::SCRIPT_SRC, 'http://code.jquery.com')
->addSource(CSP::STYLE_SRC, ContentSecurityPolicy::SOURCE_SELF)
->addSource(CSP::STYLE_SRC, 'https://bootstrapcdn.com')
->addSource(CSP::FONT_SRC, 'https://fonts.googleapis.com');
echo $csp->toString();
exit("\nDone!\n");
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 8.0.0 - 8.0.30 , 8.1.0 - 8.1.28 , 8.2.0 - 8.2.18 , 8.3.0 - 8.3.6 Fatal error: Uncaught Error: Class "owasp\csp\ReflectionClass" not found in /in/P3vGV:28
Stack trace:
#0 /in/P3vGV(23): owasp\csp\ContentSecurityPolicy->setPolicySourceDirectives()
#1 /in/P3vGV(75): owasp\csp\ContentSecurityPolicy->__construct()
#2 {main}
thrown in /in/P3vGV on line 28
Process exited with code 255 . Output for 7.0.0 - 7.0.20 , 7.1.0 - 7.1.33 , 7.2.0 - 7.2.33 , 7.3.0 - 7.3.33 , 7.4.0 - 7.4.33 Fatal error: Uncaught Error: Class 'owasp\csp\ReflectionClass' not found in /in/P3vGV:28
Stack trace:
#0 /in/P3vGV(23): owasp\csp\ContentSecurityPolicy->setPolicySourceDirectives()
#1 /in/P3vGV(75): owasp\csp\ContentSecurityPolicy->__construct()
#2 {main}
thrown in /in/P3vGV on line 28
Process exited with code 255 . Output for 5.3.0 - 5.3.29 , 5.4.0 - 5.4.45 , 5.5.0 - 5.5.37 , 5.6.0 - 5.6.28 Fatal error: Class 'owasp\csp\ReflectionClass' not found in /in/P3vGV on line 28
Process exited with code 255 . Output for 4.4.2 - 4.4.9 , 5.1.0 - 5.1.6 , 5.2.0 - 5.2.17 Parse error: syntax error, unexpected T_STRING in /in/P3vGV on line 2
Process exited with code 255 . Output for 4.3.0 - 4.3.1 , 4.3.5 - 4.3.11 , 4.4.0 - 4.4.1 , 5.0.0 - 5.0.5 Parse error: parse error, unexpected T_STRING in /in/P3vGV on line 2
Process exited with code 255 . Output for 4.3.2 - 4.3.4 Parse error: parse error in /in/P3vGV on line 2
Process exited with code 255 . preferences:dark mode live preview
194.4 ms | 401 KiB | 394 Q