Changeset 207249 in webkit
- Timestamp:
- Oct 12, 2016 4:01:40 PM (8 years ago)
- Location:
- branches/safari-602.2.14.0-branch
- Files:
-
- 16 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/safari-602.2.14.0-branch/LayoutTests/ChangeLog
r207248 r207249 1 2016-10-11 Matthew Hanson <matthew_hanson@apple.com> 2 3 Merge r203611. rdar://problem/28476958 4 5 2016-07-22 Daniel Bates <dabates@apple.com> 6 7 CSP: object-src and plugin-types directives are not respected for plugin replacements 8 https://bugs.webkit.org/show_bug.cgi?id=159761 9 <rdar://problem/27365724> 10 11 Reviewed by Brent Fulgham. 12 13 Add layout tests to ensure that we apply the CSP object-src and plugin-types directives to content 14 that loads with either the QuickTime plugin replacement or YouTube plugin replacement. 15 16 * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt: Added. 17 * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html: Added. 18 * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt: Added. 19 * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html: Added. 20 * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt: Added. 21 * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html: Added. 22 * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt: Added. 23 * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html: Added. 24 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt: Added. 25 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt: Added. 26 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html: Added. 27 * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html: Added. 28 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt: Added. 29 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt: Added. 30 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html: Added. 31 * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html: Added. 32 1 33 2016-10-11 Matthew Hanson <matthew_hanson@apple.com> 2 34 -
branches/safari-602.2.14.0-branch/Source/WebCore/ChangeLog
r207248 r207249 1 2016-10-11 Matthew Hanson <matthew_hanson@apple.com> 2 3 Merge r203611. rdar://problem/28476958 4 5 2016-07-22 Daniel Bates <dabates@apple.com> 6 7 CSP: object-src and plugin-types directives are not respected for plugin replacements 8 https://bugs.webkit.org/show_bug.cgi?id=159761 9 <rdar://problem/27365724> 10 11 Reviewed by Brent Fulgham. 12 13 Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will 14 load with a plugin replacement. 15 16 Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html 17 security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html 18 security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html 19 security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html 20 security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html 21 security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html 22 security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html 23 security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html 24 25 * html/HTMLPlugInImageElement.cpp: 26 (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added. 27 (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we 28 are allowed to load such content. 29 * html/HTMLPlugInImageElement.h: 30 * loader/SubframeLoader.cpp: 31 (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP 32 earlier in HTMLPlugInImageElement::requestObject(). 33 (WebCore::SubframeLoader::requestPlugin): Ditto. 34 (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation 35 to HTMLPlugInImageElement::allowedToLoadPluginContent(). 36 (WebCore::SubframeLoader::requestObject): Deleted. 37 * loader/SubframeLoader.h: 38 * page/csp/ContentSecurityPolicy.cpp: 39 (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const 40 function to a const function since these functions do not modify |this|. 41 * page/csp/ContentSecurityPolicy.h: 42 1 43 2016-10-11 Matthew Hanson <matthew_hanson@apple.com> 2 44 -
branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.cpp
r202105 r207249 24 24 #include "Chrome.h" 25 25 #include "ChromeClient.h" 26 #include "ContentSecurityPolicy.h" 26 27 #include "Event.h" 27 28 #include "EventHandler.h" … … 771 772 } 772 773 774 bool HTMLPlugInImageElement::allowedToLoadPluginContent(const String& url, const String& mimeType) const 775 { 776 URL completedURL; 777 if (!url.isEmpty()) 778 completedURL = document().completeURL(url); 779 780 ASSERT(document().contentSecurityPolicy()); 781 const ContentSecurityPolicy& contentSecurityPolicy = *document().contentSecurityPolicy(); 782 783 contentSecurityPolicy.upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load); 784 785 String declaredMimeType = document().isPluginDocument() && document().ownerElement() ? 786 document().ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : attributeWithoutSynchronization(HTMLNames::typeAttr); 787 bool isInUserAgentShadowTree = this->isInUserAgentShadowTree(); 788 return contentSecurityPolicy.allowObjectFromSource(completedURL, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL, isInUserAgentShadowTree); 789 } 790 773 791 bool HTMLPlugInImageElement::requestObject(const String& url, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues) 774 792 { 793 if (url.isEmpty() && mimeType.isEmpty()) 794 return false; 795 796 if (!allowedToLoadPluginContent(url, mimeType)) { 797 renderEmbeddedObject()->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy); 798 return false; 799 } 800 775 801 if (HTMLPlugInElement::requestObject(url, mimeType, paramNames, paramValues)) 776 802 return true; -
branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.h
r200041 r207249 112 112 bool isRestartedPlugin() const final { return m_isRestartedPlugin; } 113 113 114 bool allowedToLoadPluginContent(const String& url, const String& mimeType) const; 115 114 116 void finishParsingChildren() final; 115 117 void didAddUserAgentShadowRoot(ShadowRoot*) final; -
branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.cpp
r203324 r207249 109 109 } 110 110 111 bool SubframeLoader::isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType) const 112 { 113 if (!document()) 114 return true; 115 116 ASSERT(document()->contentSecurityPolicy()); 117 const ContentSecurityPolicy& contentSecurityPolicy = *document()->contentSecurityPolicy(); 118 119 String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ? 120 document()->ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : pluginElement.attributeWithoutSynchronization(HTMLNames::typeAttr); 121 bool isInUserAgentShadowTree = pluginElement.isInUserAgentShadowTree(); 122 return contentSecurityPolicy.allowObjectFromSource(url, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, url, isInUserAgentShadowTree); 123 } 124 125 bool SubframeLoader::pluginIsLoadable(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType) 111 bool SubframeLoader::pluginIsLoadable(const URL& url, const String& mimeType) 126 112 { 127 113 if (MIMETypeRegistry::isJavaAppletMIMEType(mimeType)) { … … 141 127 } 142 128 143 if (!isPluginContentAllowedByContentSecurityPolicy(pluginElement, url, mimeType)) {144 RenderEmbeddedObject* renderer = pluginElement.renderEmbeddedObject();145 renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);146 return false;147 }148 149 129 if (!m_frame.loader().mixedContentChecker().canRunInsecureContent(document()->securityOrigin(), url)) 150 130 return false; … … 162 142 return false; 163 143 164 if (!pluginIsLoadable( ownerElement,url, mimeType))144 if (!pluginIsLoadable(url, mimeType)) 165 145 return false; 166 146 … … 241 221 logPluginRequest(document()->page(), mimeType, completedURL, success); 242 222 return success; 243 }244 245 if (!isPluginContentAllowedByContentSecurityPolicy(ownerElement, completedURL, mimeType)) {246 RenderEmbeddedObject* renderer = ownerElement.renderEmbeddedObject();247 renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);248 return false;249 223 } 250 224 -
branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.h
r200799 r207249 78 78 bool loadPlugin(HTMLPlugInImageElement&, const URL&, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback); 79 79 80 bool isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement&, const URL&, const String& mimeType) const;81 82 80 bool shouldUsePlugin(const URL&, const String& mimeType, bool hasFallback, bool& useFallback); 83 bool pluginIsLoadable( HTMLPlugInImageElement&,const URL&, const String& mimeType);81 bool pluginIsLoadable(const URL&, const String& mimeType); 84 82 85 83 Document* document() const; -
branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
r204888 r207249 766 766 } 767 767 768 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType) 768 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType) const 769 769 { 770 770 URL url = request.url(); … … 773 773 } 774 774 775 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType) 775 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType) const 776 776 { 777 777 if (!url.protocolIs("http") && !url.protocolIs("ws")) -
branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h
r204888 r207249 157 157 bool upgradeInsecureRequests() const { return m_upgradeInsecureRequests; } 158 158 enum class InsecureRequestType { Load, FormSubmission, Navigation }; 159 void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType) ;160 void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) ;159 void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType) const; 160 void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) const; 161 161 162 162 HashSet<RefPtr<SecurityOrigin>>&& takeNavigationRequestsToUpgrade();
Note: See TracChangeset
for help on using the changeset viewer.