Changeset 124371 in webkit
- Timestamp:
- Aug 1, 2012 2:34:13 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 5 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r124369 r124371 1 2012-08-01 Mike West <mkwst@chromium.org> 2 3 CSP should correctly block plugin resources rendered in PluginDocuments. 4 https://bugs.webkit.org/show_bug.cgi?id=92675 5 6 Reviewed by Adam Barth. 7 8 * http/tests/plugins/resources/mock-plugin.pl: Added. 9 This lovely perl script mocks a plugin by sending a 10 'Content-Type application/x-webkit-test-netscape' header. 11 * http/tests/security/contentSecurityPolicy/object-src-url-allowed-expected.txt: Added. 12 * http/tests/security/contentSecurityPolicy/object-src-url-allowed.html: Added. 13 * http/tests/security/contentSecurityPolicy/object-src-url-blocked-expected.txt: Added. 14 * http/tests/security/contentSecurityPolicy/object-src-url-blocked.html: Added. 15 Test that non-'data:' URLs that end up in PluginDocuments are also 16 dealt with correctly by CSP. 17 1 18 2012-08-01 Florin Malita <fmalita@chromium.org> 2 19 -
trunk/Source/WebCore/ChangeLog
r124369 r124371 1 2012-08-01 Mike West <mkwst@chromium.org> 2 3 CSP should correctly block plugin resources rendered in PluginDocuments. 4 https://bugs.webkit.org/show_bug.cgi?id=92675 5 6 Reviewed by Adam Barth. 7 8 In certain cases, plugins aren't loaded directly, but are stuffed into a 9 newly-created PluginDocument before rendering. While we were already 10 correctly populating information that allowed us to make decisions about 11 that document's security origin, and already dealing with sandbox 12 status by creating a 'SinkDocument' that ignored plugin data, we weren't 13 correctly inheriting the parent frame's Content Security Policy. This 14 patch ensures that PluginDocuments correctly inherit their parent's 15 Content Security Policy, meaning that the plugin is blocked or allowed 16 according to the policy of the protected resource in which the 17 PluginDocument is embedded. 18 19 Tests: http/tests/security/contentSecurityPolicy/object-src-url-allowed.html 20 http/tests/security/contentSecurityPolicy/object-src-url-blocked.html 21 22 * dom/Document.cpp: 23 (WebCore::Document::initContentSecurityPolicy): 24 Populate a created PluginDocument with its frame's parent's Content 25 Security Policy. 26 1 27 2012-08-01 Florin Malita <fmalita@chromium.org> 2 28 -
trunk/Source/WebCore/dom/Document.cpp
r124350 r124371 5062 5062 void Document::initContentSecurityPolicy() 5063 5063 { 5064 if (!m_frame->tree()->parent() || !shouldInheritSecurityOriginFromOwner(m_url)) 5065 return; 5064 if (!m_frame->tree()->parent() || (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument())) 5065 return; 5066 5066 5067 contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->document()->contentSecurityPolicy()); 5067 5068 }
Note: See TracChangeset
for help on using the changeset viewer.