Changeset 203611 in webkit
- Timestamp:
- Jul 22, 2016 1:33:11 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 16 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r203610 r203611 1 2016-07-22 Daniel Bates <dabates@apple.com> 2 3 CSP: object-src and plugin-types directives are not respected for plugin replacements 4 https://bugs.webkit.org/show_bug.cgi?id=159761 5 <rdar://problem/27365724> 6 7 Reviewed by Brent Fulgham. 8 9 Add layout tests to ensure that we apply the CSP object-src and plugin-types directives to content 10 that loads with either the QuickTime plugin replacement or YouTube plugin replacement. 11 12 * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt: Added. 13 * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html: Added. 14 * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt: Added. 15 * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html: Added. 16 * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt: Added. 17 * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html: Added. 18 * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt: Added. 19 * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html: Added. 20 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt: Added. 21 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt: Added. 22 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html: Added. 23 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html: Added. 24 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt: Added. 25 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt: Added. 26 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html: Added. 27 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html: Added. 28 1 29 2016-07-22 Chris Dumez <cdumez@apple.com> 2 30 -
trunk/Source/WebCore/ChangeLog
r203610 r203611 1 2016-07-22 Daniel Bates <dabates@apple.com> 2 3 CSP: object-src and plugin-types directives are not respected for plugin replacements 4 https://bugs.webkit.org/show_bug.cgi?id=159761 5 <rdar://problem/27365724> 6 7 Reviewed by Brent Fulgham. 8 9 Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will 10 load with a plugin replacement. 11 12 Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html 13 security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html 14 security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html 15 security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html 16 security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html 17 security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html 18 security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html 19 security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html 20 21 * html/HTMLPlugInImageElement.cpp: 22 (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added. 23 (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we 24 are allowed to load such content. 25 * html/HTMLPlugInImageElement.h: 26 * loader/SubframeLoader.cpp: 27 (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP 28 earlier in HTMLPlugInImageElement::requestObject(). 29 (WebCore::SubframeLoader::requestPlugin): Ditto. 30 (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation 31 to HTMLPlugInImageElement::allowedToLoadPluginContent(). 32 (WebCore::SubframeLoader::requestObject): Deleted. 33 * loader/SubframeLoader.h: 34 * page/csp/ContentSecurityPolicy.cpp: 35 (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const 36 function to a const function since these functions do not modify |this|. 37 * page/csp/ContentSecurityPolicy.h: 38 1 39 2016-07-22 Chris Dumez <cdumez@apple.com> 2 40 -
trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp
r202105 r203611 24 24 #include "Chrome.h" 25 25 #include "ChromeClient.h" 26 #include "ContentSecurityPolicy.h" 26 27 #include "Event.h" 27 28 #include "EventHandler.h" … … 771 772 } 772 773 774 bool HTMLPlugInImageElement::allowedToLoadPluginContent(const String& url, const String& mimeType) const 775 { 776 URL completedURL; 777 if (!url.isEmpty()) 778 completedURL = document().completeURL(url); 779 780 ASSERT(document().contentSecurityPolicy()); 781 const ContentSecurityPolicy& contentSecurityPolicy = *document().contentSecurityPolicy(); 782 783 contentSecurityPolicy.upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load); 784 785 String declaredMimeType = document().isPluginDocument() && document().ownerElement() ? 786 document().ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : attributeWithoutSynchronization(HTMLNames::typeAttr); 787 bool isInUserAgentShadowTree = this->isInUserAgentShadowTree(); 788 return contentSecurityPolicy.allowObjectFromSource(completedURL, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL, isInUserAgentShadowTree); 789 } 790 773 791 bool HTMLPlugInImageElement::requestObject(const String& url, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues) 774 792 { 793 if (url.isEmpty() && mimeType.isEmpty()) 794 return false; 795 796 if (!allowedToLoadPluginContent(url, mimeType)) { 797 renderEmbeddedObject()->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy); 798 return false; 799 } 800 775 801 if (HTMLPlugInElement::requestObject(url, mimeType, paramNames, paramValues)) 776 802 return true; -
trunk/Source/WebCore/html/HTMLPlugInImageElement.h
r200041 r203611 112 112 bool isRestartedPlugin() const final { return m_isRestartedPlugin; } 113 113 114 bool allowedToLoadPluginContent(const String& url, const String& mimeType) const; 115 114 116 void finishParsingChildren() final; 115 117 void didAddUserAgentShadowRoot(ShadowRoot*) final; -
trunk/Source/WebCore/loader/SubframeLoader.cpp
r203324 r203611 109 109 } 110 110 111 bool SubframeLoader::isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType) const 112 { 113 if (!document()) 114 return true; 115 116 ASSERT(document()->contentSecurityPolicy()); 117 const ContentSecurityPolicy& contentSecurityPolicy = *document()->contentSecurityPolicy(); 118 119 String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ? 120 document()->ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : pluginElement.attributeWithoutSynchronization(HTMLNames::typeAttr); 121 bool isInUserAgentShadowTree = pluginElement.isInUserAgentShadowTree(); 122 return contentSecurityPolicy.allowObjectFromSource(url, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, url, isInUserAgentShadowTree); 123 } 124 125 bool SubframeLoader::pluginIsLoadable(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType) 111 bool SubframeLoader::pluginIsLoadable(const URL& url, const String& mimeType) 126 112 { 127 113 if (MIMETypeRegistry::isJavaAppletMIMEType(mimeType)) { … … 141 127 } 142 128 143 if (!isPluginContentAllowedByContentSecurityPolicy(pluginElement, url, mimeType)) {144 RenderEmbeddedObject* renderer = pluginElement.renderEmbeddedObject();145 renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);146 return false;147 }148 149 129 if (!m_frame.loader().mixedContentChecker().canRunInsecureContent(document()->securityOrigin(), url)) 150 130 return false; … … 162 142 return false; 163 143 164 if (!pluginIsLoadable( ownerElement,url, mimeType))144 if (!pluginIsLoadable(url, mimeType)) 165 145 return false; 166 146 … … 241 221 logPluginRequest(document()->page(), mimeType, completedURL, success); 242 222 return success; 243 }244 245 if (!isPluginContentAllowedByContentSecurityPolicy(ownerElement, completedURL, mimeType)) {246 RenderEmbeddedObject* renderer = ownerElement.renderEmbeddedObject();247 renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);248 return false;249 223 } 250 224 -
trunk/Source/WebCore/loader/SubframeLoader.h
r200799 r203611 78 78 bool loadPlugin(HTMLPlugInImageElement&, const URL&, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback); 79 79 80 bool isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement&, const URL&, const String& mimeType) const;81 82 80 bool shouldUsePlugin(const URL&, const String& mimeType, bool hasFallback, bool& useFallback); 83 bool pluginIsLoadable( HTMLPlugInImageElement&,const URL&, const String& mimeType);81 bool pluginIsLoadable(const URL&, const String& mimeType); 84 82 85 83 Document* document() const; -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
r203434 r203611 830 830 } 831 831 832 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType) 832 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType) const 833 833 { 834 834 URL url = request.url(); … … 837 837 } 838 838 839 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType) 839 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType) const 840 840 { 841 841 if (!url.protocolIs("http") && !url.protocolIs("ws")) -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h
r203434 r203611 156 156 bool upgradeInsecureRequests() const { return m_upgradeInsecureRequests; } 157 157 enum class InsecureRequestType { Load, FormSubmission, Navigation }; 158 void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType) ;159 void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) ;158 void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType) const; 159 void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) const; 160 160 161 161 HashSet<RefPtr<SecurityOrigin>>&& takeNavigationRequestsToUpgrade();
Note: See TracChangeset
for help on using the changeset viewer.