Parse Content Security Policy

Parse csp.txt files to an AST

Parses content security policy text files to an abstract syntax tree.

Designed so that plugins can safely modify content security policy definitions.

• Install
• API
  • ParseCsp
    • See Also
    • .sources
  • CspAst
    • map
    • .getDeclaration
    • .parse
    • .get
    • .set
    • .add
      • Throws
    • .remove
  • CspParser
    • .parse
      • Throws
    • .serialize
• License

Install

yarn add makestatic-parse-csp

API

ParseCsp

Parses content security policy text files to abstract syntax trees.

See Also

• CSP Level 3
• CSP Reference & Examples

.sources

ParseCsp.prototype.sources(file, context)

Parses content security policy files to an abstract syntax tree.

Use this plugin during the parse phase.

This plugin configures a default test pattern that matches any file ending with csp.txt.

The parsed AST is assigned to file.ast.csp.

Parsed files are marked as transient so they are not written to disc.

• file Object the current file.
• context Object the processing context.

CspAst

Represents a parsed content security policy abstract syntax tree.

map

readonly Object map

The declaration map.

.getDeclaration

CspAst.prototype.getDeclaration(directive, policy)

Get a content security policy declaration.

Returns a content security policy declaration.

• directive String the directive name.
• policy Array list of policies for the directive.

.parse

CspAst.prototype.parse()

Parse a string value to a content security policy declaration.

Returns a content security policy declaration.

.get

CspAst.prototype.get(directive)

Get a declaration by directive name.

Returns the declaration if it exists.

• directive String the directive name.

.set

CspAst.prototype.set(declaration)

Update a content security policy declaration in the map.

• declaration CspDeclaration the policy declaration.

.add

CspAst.prototype.add(declaration)

Add a content security policy declaration to the map.

• declaration CspDeclaration the policy declaration.

Throws

• Error on duplicate directive.

.remove

CspAst.prototype.remove(declaration)

Remove a content security policy declaration from the map.

Returns the existing declaration if it exists.

• declaration CspDeclaration the policy declaration.

CspParser

Parse and serialize a content security policy text files.

.parse

CspParser.prototype.parse(content)

Parse a content security policy file.

Declarations are delimited by a semicolon and may span multiple lines.

This implementation removes comments starting with a '#', comments are not preserved in the AST.

Returns parsed abstract syntax tree.

• content String the file content.

Throws

• Error on unknown directive.
• Error on deprecated directive.
• Error on duplicate directive.

.serialize

CspParser.prototype.serialize(ast)

Serialize a content security policy AST.

Keywords are automatically quoted when necessary.

Returns string content security policy.

• ast Object the parsed abstract syntax tree.

License

MIT

Created by mkdoc on March 12, 2017