Changeset 125983 in webkit
- Timestamp:
- Aug 19, 2012 3:39:54 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r125980 r125983 1 2012-08-19 Mike West <mkwst@chromium.org> 2 3 CSP 1.1: Add 'plugin-types' and 'form-action' DOM API. 4 https://bugs.webkit.org/show_bug.cgi?id=94415 5 6 Reviewed by Adam Barth. 7 8 * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt: Added. 9 * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html: Added. 10 * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt: Added. 11 * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html: Added. 12 1 13 2012-08-19 Pavel Feldman <pfeldman@chromium.org> 2 14 -
trunk/Source/WebCore/ChangeLog
r125980 r125983 1 2012-08-19 Mike West <mkwst@chromium.org> 2 3 CSP 1.1: Add 'plugin-types' and 'form-action' DOM API. 4 https://bugs.webkit.org/show_bug.cgi?id=94415 5 6 Reviewed by Adam Barth. 7 8 Experimental implementations of the new 'plugin-types' and 'form-action' 9 directives recently landed, but we neglected to add DOM API endpoints to 10 query their state. Those APIs have been added to the specification[1], 11 and this patch brings our implementation up to date. 12 13 Tests: http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html 14 http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html 15 16 * page/DOMSecurityPolicy.cpp: 17 (isAllowed): 18 As a drive-by, change a parameter from a KURL to a String to match 19 the actual template. There's no reason to stringify an empty URL 20 when we can just use an empty string instead. 21 (isAllowedWithType): 22 Call out to the ContentSecurityPolicy object to check the protected 23 resource's ability to load a given media type. 24 (WebCore::DOMSecurityPolicy::allowsFormAction): 25 Call out to the ContentSecurityPolicy object to check the protected 26 resource's ability to submit a form to the given URL. 27 (WebCore): 28 (WebCore::DOMSecurityPolicy::allowsPluginType): 29 Pipes the plugin type through 'isAllowedWithType' for resolution. 30 * page/DOMSecurityPolicy.h: 31 Add the 'allowsPluginType' and 'allowsFormAction' methods. 32 (DOMSecurityPolicy): 33 * page/DOMSecurityPolicy.idl: 34 Add the 'allowsPluginType' and 'allowsFormAction' methods. 35 1 36 2012-08-19 Pavel Feldman <pfeldman@chromium.org> 2 37 -
trunk/Source/WebCore/page/DOMSecurityPolicy.cpp
r125734 r125983 49 49 } 50 50 51 template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const KURL&, ContentSecurityPolicy::ReportingStatus) const> 52 bool isAllowedWithType(ScriptExecutionContext* context, const String& type) 53 { 54 if (!isPolicyActiveInContext(context)) 55 return true; 56 57 return (context->contentSecurityPolicy()->*allowWithType)(type, type, KURL(), ContentSecurityPolicy::SuppressReport); 58 } 59 51 60 template<bool (ContentSecurityPolicy::*allowWithURL)(const KURL&, ContentSecurityPolicy::ReportingStatus) const> 52 61 bool isAllowedWithURL(ScriptExecutionContext* context, const String& url) … … 68 77 return true; 69 78 70 return (context->contentSecurityPolicy()->*allowWithContext)( KURL(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport);79 return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport); 71 80 } 72 81 … … 126 135 } 127 136 137 bool DOMSecurityPolicy::allowsFormAction(const String& url) const 138 { 139 return isAllowedWithURL<&ContentSecurityPolicy::allowFormAction>(scriptExecutionContext(), url); 140 } 141 128 142 bool DOMSecurityPolicy::allowsFrameFrom(const String& url) const 129 143 { … … 146 160 } 147 161 162 bool DOMSecurityPolicy::allowsPluginType(const String& type) const 163 { 164 return isAllowedWithType<&ContentSecurityPolicy::allowPluginType>(scriptExecutionContext(), type); 165 } 166 148 167 bool DOMSecurityPolicy::allowsScriptFrom(const String& url) const 149 168 { -
trunk/Source/WebCore/page/DOMSecurityPolicy.h
r123722 r125983 56 56 bool allowsConnectionTo(const String& url) const; 57 57 bool allowsFontFrom(const String& url) const; 58 bool allowsFormAction(const String& url) const; 58 59 bool allowsFrameFrom(const String& url) const; 59 60 bool allowsImageFrom(const String& url) const; 60 61 bool allowsMediaFrom(const String& url) const; 61 62 bool allowsObjectFrom(const String& url) const; 63 bool allowsPluginType(const String& type) const; 62 64 bool allowsScriptFrom(const String& url) const; 63 65 bool allowsStyleFrom(const String& url) const; -
trunk/Source/WebCore/page/DOMSecurityPolicy.idl
r123722 r125983 36 36 boolean allowsConnectionTo(in DOMString url); 37 37 boolean allowsFontFrom(in DOMString url); 38 boolean allowsFormAction(in DOMString url); 38 39 boolean allowsFrameFrom(in DOMString url); 39 40 boolean allowsImageFrom(in DOMString url); 40 41 boolean allowsMediaFrom(in DOMString url); 41 42 boolean allowsObjectFrom(in DOMString url); 43 boolean allowsPluginType(in DOMString type); 42 44 boolean allowsScriptFrom(in DOMString url); 43 45 boolean allowsStyleFrom(in DOMString url);
Note: See TracChangeset
for help on using the changeset viewer.