Changeset 126194 in webkit
- Timestamp:
- Aug 21, 2012 3:23:00 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r126192 r126194 1 2012-08-21 Mike West <mkwst@chromium.org> 2 3 Blocking a resource via Content Security Policy should trigger an Error event. 4 https://bugs.webkit.org/show_bug.cgi?id=89440 5 6 Reviewed by Jochen Eisinger. 7 8 * http/tests/security/contentSecurityPolicy/image-blocked-expected.txt: 9 * http/tests/security/contentSecurityPolicy/image-blocked.html: 10 * http/tests/security/contentSecurityPolicy/register-bypassing-scheme-expected.txt: 11 * http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html: 12 Adjusting existing tests to use the error event, as opposed to 13 hacking around the fact that it wasn't triggered. 14 * platform/chromium/permissionclient/image-permissions-expected.txt: 15 * platform/chromium/permissionclient/image-permissions.html: 16 Error events are now also generated for images blocked by Chromium's 17 content settings. 18 1 19 2012-08-21 Sudarsana Nagineni <sudarsana.nagineni@linux.intel.com> 2 20 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-expected.txt
r117006 r126194 1 1 CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'". 2 2 3 This test passes if it doesn't alert fail. 3 ALERT: PASS 4 This test passes if it doesn't alert FAIL and does alert PASS. -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked.html
r120174 r126194 9 9 </head> 10 10 <body> 11 This test passes if it doesn't alert fail.12 <img src="../resources/abe.png" onload="alert('FAIL')" >11 This test passes if it doesn't alert FAIL and does alert PASS. 12 <img src="../resources/abe.png" onload="alert('FAIL')" onerror="alert('PASS')"> 13 13 </body> 14 14 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-expected.txt
r120684 r126194 1 1 CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src https:". 2 2 3 ALERT: PASS (1/3) 3 4 ALERT: PASS (2/3) 4 5 CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src https:". 5 6 7 ALERT: PASS (3/3) 6 8 This test ensures that registering a scheme as bypassing CSP actually bypasses CSP. This test passes if three PASSes are generated. -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html
r120684 r126194 11 11 function test1() { 12 12 var img = document.createElement('img'); 13 img.onload = function () { alert('FAIL'); }; 14 img.onerror = function () { alert('PASS (1/3)'); }; 15 try { 16 img.src = "../resources/abe.png"; 17 } catch (e) { 18 alert("PASS (1/3)"); 19 } 20 test2(); 13 img.onload = function () { 14 alert('FAIL (1/3)'); 15 test2(); 16 }; 17 img.onerror = function () { 18 alert('PASS (1/3)'); 19 test2(); 20 }; 21 img.src = "../resources/abe.png"; 21 22 } 22 23 … … 28 29 test3(); 29 30 }; 30 try { 31 img.src = "../resources/abe.png"; 32 } catch (e) { 33 alert('FAIL'); 31 img.onerror = function () { 32 alert('FAIL (2/3)'); 34 33 test3(); 35 } 34 }; 35 img.src = "../resources/abe.png"; 36 36 } 37 37 … … 39 39 internals.removeURLSchemeRegisteredAsBypassingContentSecurityPolicy('http'); 40 40 var img = document.createElement('img'); 41 img.onload = function () { alert('FAIL'); }; 42 img.onerror = function () { alert('PASS (2/3)'); }; 43 try { 44 img.src = "../resources/abe.png"; 45 } catch (e) { 46 alert("PASS (3/3)"); 47 } 48 finishTesting(); 41 img.onload = function () { 42 alert('FAIL (3/3)'); 43 finishTesting(); 44 }; 45 img.onerror = function () { 46 alert('PASS (3/3)'); 47 finishTesting(); 48 }; 49 img.src = "../resources/abe.png"; 49 50 } 50 51 -
trunk/LayoutTests/platform/chromium/permissionclient/image-permissions-expected.txt
r95369 r126194 6 6 7 7 PASS: first image loaded 8 PASS: error event for not cached image 9 PASS: error event for image from cache 8 10 -
trunk/LayoutTests/platform/chromium/permissionclient/image-permissions.html
r124692 r126194 22 22 // Load an image not in cache. 23 23 var img = document.createElement('img'); 24 img.onerror = function () { log(" FAIL: error event for not cached image"); }24 img.onerror = function () { log("PASS: error event for not cached image"); } 25 25 img.onload = function () { log("FAIL: not cached image loaded"); } 26 26 img.src = "resources/boston.gif?nocache"; … … 29 29 // Load an image from cache. 30 30 var imgFromCache = document.createElement('img'); 31 imgFromCache.onerror = function () { log(" FAIL: error event for image from cache"); }31 imgFromCache.onerror = function () { log("PASS: error event for image from cache"); } 32 32 imgFromCache.onload = function () { log("FAIL: image from cache loaded"); } 33 33 imgFromCache.src = "resources/boston.gif"; -
trunk/Source/WebCore/ChangeLog
r126193 r126194 1 2012-08-21 Mike West <mkwst@chromium.org> 2 3 Blocking a resource via Content Security Policy should trigger an Error event. 4 https://bugs.webkit.org/show_bug.cgi?id=89440 5 6 Reviewed by Jochen Eisinger. 7 8 If a CSP directive is violated, CachedResourceLoader will trigger a 9 console error, and return a null image. In that case, we now dispatch 10 an error on the relevant element. 11 12 Adjusted http/tests/security/contentSecurityPolicy/image-blocked.html 13 and http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html 14 to test the new behavior. 15 16 This has the side-effect of also generating errors for images blocked by 17 Chromium's content settings. Adjusted 18 platform/chromium/permissionclient/image-permissions.html to agree with 19 the new behavior. 20 21 * loader/ImageLoader.cpp: 22 (WebCore::ImageLoader::updateFromElement): 23 1 24 2012-08-21 Taiju Tsuiki <tzik@chromium.org> 2 25 -
trunk/Source/WebCore/loader/ImageLoader.cpp
r123121 r126194 198 198 199 199 // If we do not have an image here, it means that a cross-site 200 // violation occurred. 201 m_failedLoadURL = !newImage ? attr : AtomicString(); 200 // violation occurred, or that the image was blocked via Content 201 // Security Policy. Either way, trigger an error event. 202 if (!newImage) { 203 m_failedLoadURL = attr; 204 m_hasPendingErrorEvent = true; 205 errorEventSender().dispatchEventSoon(this); 206 } else 207 m_failedLoadURL = AtomicString(); 202 208 } else if (!attr.isNull()) { 203 209 // Fire an error event if the url is empty.
Note: See TracChangeset
for help on using the changeset viewer.