Changeset 116066 in webkit
- Timestamp:
- May 3, 2012 8:45:06 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r116063 r116066 1 2012-05-03 Adam Barth <abarth@webkit.org> 2 3 CSP: Eval isn't blocked in about:blank subframes 4 https://bugs.webkit.org/show_bug.cgi?id=85553 5 6 Reviewed by Eric Seidel. 7 8 * http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe-expected.txt: Added. 9 * http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html: Added. 10 - New test for the eval issue. 11 * http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url-expected.txt: 12 * http/tests/security/contentSecurityPolicy/javascript-url-allowed-expected.txt: 13 * http/tests/security/contentSecurityPolicy/javascript-url-blocked-expected.txt: 14 * http/tests/security/contentSecurityPolicy/script-src-in-iframe-expected.txt: 15 - Now that we re-parse the CSP policy, we log parse errors to the 16 console more times. This isn't ideal and is something we might 17 change in the future. 18 * platform/chromium/http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe-expected.txt: Added. 19 - Add a Chromium-specific baseline for this test because the eval 20 error is slightly different between V8 and JSC. 21 1 22 2012-05-03 David Barr <davidbarr@chromium.org> 2 23 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url-expected.txt
r104803 r116066 1 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'options'. 2 3 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'options'. 4 1 5 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'options'. 2 6 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/javascript-url-allowed-expected.txt
r104803 r116066 1 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 2 3 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 4 1 5 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 2 6 3 7 ALERT: PASS 8 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 4 9 10 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 11 12 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/javascript-url-blocked-expected.txt
r104803 r116066 1 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 2 3 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 4 1 5 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 2 6 3 7 CONSOLE MESSAGE: Refused to execute JavaScript URL because of Content-Security-Policy. 4 8 9 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 5 10 11 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 12 13 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-in-iframe-expected.txt
r104803 r116066 1 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 2 1 3 CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'allow'. 2 4 -
trunk/Source/WebCore/ChangeLog
r116065 r116066 1 2012-05-03 Adam Barth <abarth@webkit.org> 2 3 CSP: Eval isn't blocked in about:blank subframes 4 https://bugs.webkit.org/show_bug.cgi?id=85553 5 6 Reviewed by Eric Seidel. 7 8 ContentSecurityPolicy has a back pointer to ScriptExecutionContext. 9 That means we shouldn't share a single ContentSecurityPolicy object 10 between multiple ScriptExecutionContexts. This patch copies the state 11 from one ScriptExecutionContext to another rather than sharing the 12 ContentSecurityPolicy object itself. 13 14 This resulted in a subtle but w.r.t. blocking eval. Because we block 15 eval by setting a bit in the JavaScript engine when enforcing the 16 policy, that bit wasn't copied along with the rest of the state when we 17 were sharing the ContentSecurityPolicy object. Now that we use the 18 more robust ContentSecurityPolicy::copyStateFrom function, we don't 19 have that bug. 20 21 Test: http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html 22 23 * dom/Document.cpp: 24 (WebCore::Document::initSecurityContext): 25 (WebCore): 26 (WebCore::Document::initContentSecurityPolicy): 27 * dom/Document.h: 28 (Document): 29 * dom/SecurityContext.cpp: 30 (WebCore::SecurityContext::setContentSecurityPolicy): 31 * dom/SecurityContext.h: 32 (SecurityContext): 33 * loader/FrameLoader.cpp: 34 (WebCore::FrameLoader::didBeginDocument): 35 * page/ContentSecurityPolicy.h: 36 (WebCore::ContentSecurityPolicy::create): 37 1 38 2012-05-03 Abhishek Arya <inferno@chromium.org> 2 39 -
trunk/Source/WebCore/dom/Document.cpp
r115819 r116066 4977 4977 // https://bugs.webkit.org/show_bug.cgi?id=15313 4978 4978 setSecurityOrigin(ownerFrame->document()->securityOrigin()); 4979 setContentSecurityPolicy(ownerFrame->document()->contentSecurityPolicy()); 4979 } 4980 4981 void Document::initContentSecurityPolicy() 4982 { 4983 if (!m_frame->tree()->parent() || !shouldInheritSecurityOriginFromOwner(m_url)) 4984 return; 4985 contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->document()->contentSecurityPolicy()); 4980 4986 } 4981 4987 -
trunk/Source/WebCore/dom/Document.h
r115819 r116066 1040 1040 1041 1041 void initSecurityContext(); 1042 void initContentSecurityPolicy(); 1042 1043 1043 1044 // Explicitly override the security origin for this document. -
trunk/Source/WebCore/dom/SecurityContext.cpp
r115773 r116066 51 51 } 52 52 53 void SecurityContext::setContentSecurityPolicy(Pass RefPtr<ContentSecurityPolicy> contentSecurityPolicy)53 void SecurityContext::setContentSecurityPolicy(PassOwnPtr<ContentSecurityPolicy> contentSecurityPolicy) 54 54 { 55 55 m_contentSecurityPolicy = contentSecurityPolicy; -
trunk/Source/WebCore/dom/SecurityContext.h
r115773 r116066 78 78 // that already contains content. 79 79 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); 80 void setContentSecurityPolicy(Pass RefPtr<ContentSecurityPolicy>);80 void setContentSecurityPolicy(PassOwnPtr<ContentSecurityPolicy>); 81 81 82 82 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } … … 91 91 SandboxFlags m_sandboxFlags; 92 92 RefPtr<SecurityOrigin> m_securityOrigin; 93 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;93 OwnPtr<ContentSecurityPolicy> m_contentSecurityPolicy; 94 94 }; 95 95 -
trunk/Source/WebCore/loader/FrameLoader.cpp
r115796 r116066 607 607 608 608 updateFirstPartyForCookies(); 609 m_frame->document()->initContentSecurityPolicy(); 609 610 610 611 Settings* settings = m_frame->document()->settings(); -
trunk/Source/WebCore/page/ContentSecurityPolicy.h
r109730 r116066 27 27 #define ContentSecurityPolicy_h 28 28 29 #include <wtf/PassOwnPtr.h> 29 30 #include <wtf/RefCounted.h> 30 31 #include <wtf/Vector.h> … … 37 38 class KURL; 38 39 39 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy>{40 class ContentSecurityPolicy { 40 41 public: 41 static Pass RefPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scriptExecutionContext)42 static PassOwnPtr<ContentSecurityPolicy> create(ScriptExecutionContext* scriptExecutionContext) 42 43 { 43 return adopt Ref(new ContentSecurityPolicy(scriptExecutionContext));44 return adoptPtr(new ContentSecurityPolicy(scriptExecutionContext)); 44 45 } 45 46 ~ContentSecurityPolicy();
Note: See TracChangeset
for help on using the changeset viewer.