Changeset 136305 in webkit


Ignore:
Timestamp:
Nov 30, 2012 10:53:25 PM (11 years ago)
Author:
mkwst@chromium.org
Message:

CSP 1.1: Make the CSP_NEXT flag runtime enabled.
https://bugs.webkit.org/show_bug.cgi?id=103652

Reviewed by Adam Barth.

Source/WebCore:

Content Security Policy 1.1 continues to live behind the CSP_NEXT flag,
this patch adds another layer on top of that in order to enable runtime
decisions about whether it should be active.

  • bindings/generic/RuntimeEnabledFeatures.cpp:

(WebCore):

  • bindings/generic/RuntimeEnabledFeatures.h:

(RuntimeEnabledFeatures):
(WebCore::RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnabled):
(WebCore::RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled):

Adds methods in order to correctly handle enabling and disabling
CSP 1.1 features.

  • dom/Document.idl:

Gate the 'document.securityPolicy' object on the runtime flag.

  • page/ContentSecurityPolicy.cpp:

(WebCore::CSPDirectiveList::addDirective):

Check that experimental features are runtime enabled before
processing 1.1 directives.

(WebCore::ContentSecurityPolicy::experimentalFeaturesEnabled):
(WebCore):

  • page/ContentSecurityPolicy.h:

Adds a new method which checks against the runtime flag to determine
whether CSP 1.1 features are enabled.

Source/WebKit/chromium:

The CSP_NEXT flag continues to be enabled on the Chromium port, but this
patch now locks the features away behind the securityPolicy runtime
flag.

  • public/WebRuntimeFeatures.h:

(WebRuntimeFeatures):

  • src/WebRuntimeFeatures.cpp:

(WebKit::WebRuntimeFeatures::enableExperimentalContentSecurityPolicyFeatures):
(WebKit):
(WebKit::WebRuntimeFeatures::isExperimentalContentSecurityPolicyFeaturesEnabled):

Adds the feature to WebRuntimeFeatures so it can be toggled from
inside Chromium.

Tools:

Ensures that the new SecurityPolicy runtime flag is enabled for Chromium's tests.

  • DumpRenderTree/chromium/TestShell.cpp:

(TestShell::TestShell):

Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r136303 r136305  
     12012-11-30  Mike West  <mkwst@chromium.org>
     2
     3        CSP 1.1: Make the CSP_NEXT flag runtime enabled.
     4        https://bugs.webkit.org/show_bug.cgi?id=103652
     5
     6        Reviewed by Adam Barth.
     7
     8        Content Security Policy 1.1 continues to live behind the CSP_NEXT flag,
     9        this patch adds another layer on top of that in order to enable runtime
     10        decisions about whether it should be active.
     11
     12        * bindings/generic/RuntimeEnabledFeatures.cpp:
     13        (WebCore):
     14        * bindings/generic/RuntimeEnabledFeatures.h:
     15        (RuntimeEnabledFeatures):
     16        (WebCore::RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnabled):
     17        (WebCore::RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled):
     18            Adds methods in order to correctly handle enabling and disabling
     19            CSP 1.1 features.
     20        * dom/Document.idl:
     21            Gate the 'document.securityPolicy' object on the runtime flag.
     22        * page/ContentSecurityPolicy.cpp:
     23        (WebCore::CSPDirectiveList::addDirective):
     24            Check that experimental features are runtime enabled before
     25            processing 1.1 directives.
     26        (WebCore::ContentSecurityPolicy::experimentalFeaturesEnabled):
     27        (WebCore):
     28        * page/ContentSecurityPolicy.h:
     29            Adds a new method which checks against the runtime flag to determine
     30            whether CSP 1.1 features are enabled.
     31
    1322012-11-30  Simon Fraser  <simon.fraser@apple.com>
    233

  • trunk/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.cpp

    r136210 r136305  
    230230#endif
    231231
     232#if ENABLE(CSP_NEXT)
     233bool RuntimeEnabledFeatures::areExperimentalContentSecurityPolicyFeaturesEnabled = false;
     234#endif
     235
    232236} // namespace WebCore

  • trunk/Source/WebCore/bindings/generic/RuntimeEnabledFeatures.h

    r136210 r136305  
    256256#endif
    257257
     258#if ENABLE(CSP_NEXT)
     259    static bool experimentalContentSecurityPolicyFeaturesEnabled() { return areExperimentalContentSecurityPolicyFeaturesEnabled; }
     260    static void setExperimentalContentSecurityPolicyFeaturesEnabled(bool isEnabled) { areExperimentalContentSecurityPolicyFeaturesEnabled = isEnabled; }
     261#endif
     262
    258263    static bool langAttributeAwareFormControlUIEnabled() { return isLangAttributeAwareFormControlUIEnabled; }
    259264    // The lang attribute support is incomplete and should only be turned on for tests.
     
    366371    static bool isRequestAutocompleteEnabled;
    367372#endif
     373
     374#if ENABLE(CSP_NEXT)
     375    static bool areExperimentalContentSecurityPolicyFeaturesEnabled;
     376#endif
    368377};
    369378

  • trunk/Source/WebCore/dom/Document.idl

    r134557 r136305  
    367367
    368368    // Security Policy API: http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-interfaces
    369     [Conditional=CSP_NEXT] readonly attribute DOMSecurityPolicy securityPolicy;
     369    [Conditional=CSP_NEXT, V8EnabledAtRuntime=experimentalContentSecurityPolicyFeatures] readonly attribute DOMSecurityPolicy securityPolicy;
    370370
    371371};

  • trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

    r134766 r136305  
    3838#include "KURL.h"
    3939#include "PingLoader.h"
     40#include "RuntimeEnabledFeatures.h"
    4041#include "SchemeRegistry.h"
    4142#include "ScriptCallStack.h"
     
    13141315        parseReportURI(name, value);
    13151316#if ENABLE(CSP_NEXT)
    1316     else if (m_experimental) {
     1317    else if (m_experimental && m_policy->experimentalFeaturesEnabled()) {
    13171318        if (equalIgnoringCase(name, formAction))
    13181319            setCSPDirective<SourceListDirective>(name, value, m_formAction);
     
    17111712}
    17121713
    1713 }
     1714bool ContentSecurityPolicy::experimentalFeaturesEnabled() const
     1715{
     1716#if ENABLE(CSP_NEXT)
     1717    return RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnabled();
     1718#else
     1719    return false;
     1720#endif
     1721}
     1722
     1723}

  • trunk/Source/WebCore/page/ContentSecurityPolicy.h

    r134766 r136305  
    121121    String evalDisabledErrorMessage() const;
    122122
     123    bool experimentalFeaturesEnabled() const;
     124
    123125private:
    124126    explicit ContentSecurityPolicy(ScriptExecutionContext*);

  • trunk/Source/WebKit/chromium/ChangeLog

    r136271 r136305  
     12012-11-30  Mike West  <mkwst@chromium.org>
     2
     3        CSP 1.1: Make the CSP_NEXT flag runtime enabled.
     4        https://bugs.webkit.org/show_bug.cgi?id=103652
     5
     6        Reviewed by Adam Barth.
     7
     8        The CSP_NEXT flag continues to be enabled on the Chromium port, but this
     9        patch now locks the features away behind the securityPolicy runtime
     10        flag.
     11
     12        * public/WebRuntimeFeatures.h:
     13        (WebRuntimeFeatures):
     14        * src/WebRuntimeFeatures.cpp:
     15        (WebKit::WebRuntimeFeatures::enableExperimentalContentSecurityPolicyFeatures):
     16        (WebKit):
     17        (WebKit::WebRuntimeFeatures::isExperimentalContentSecurityPolicyFeaturesEnabled):
     18            Adds the feature to WebRuntimeFeatures so it can be toggled from
     19            inside Chromium.
     20
    1212012-11-30  Stephen White  <senorblanco@chromium.org>
    222

  • trunk/Source/WebKit/chromium/public/WebRuntimeFeatures.h

    r136210 r136305  
    161161    WEBKIT_EXPORT static bool isCSSRegionsEnabled();
    162162
     163    WEBKIT_EXPORT static void enableExperimentalContentSecurityPolicyFeatures(bool);
     164    WEBKIT_EXPORT static bool isExperimentalContentSecurityPolicyFeaturesEnabled();
    163165private:
    164166    WebRuntimeFeatures();

  • trunk/Source/WebKit/chromium/src/WebRuntimeFeatures.cpp

    r136210 r136305  
    612612}
    613613
     614void WebRuntimeFeatures::enableExperimentalContentSecurityPolicyFeatures(bool enable)
     615{
     616#if ENABLE(CSP_NEXT)
     617    RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(enable);
     618#else
     619    UNUSED_PARAM(enable);
     620#endif
     621}
     622
     623bool WebRuntimeFeatures::isExperimentalContentSecurityPolicyFeaturesEnabled()
     624{
     625#if ENABLE(CSP_NEXT)
     626    return RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnabled();
     627#else
     628    return false;
     629#endif
     630}
     631
    614632void WebRuntimeFeatures::enableCSSExclusions(bool enable)
    615633{

  • trunk/Tools/ChangeLog

    r136301 r136305  
     12012-11-30  Mike West  <mkwst@chromium.org>
     2
     3        CSP 1.1: Make the CSP_NEXT flag runtime enabled.
     4        https://bugs.webkit.org/show_bug.cgi?id=103652
     5
     6        Reviewed by Adam Barth.
     7
     8        Ensures that the new SecurityPolicy runtime flag is enabled for Chromium's tests.
     9
     10        * DumpRenderTree/chromium/TestShell.cpp:
     11        (TestShell::TestShell):
     12
    1132012-11-30  Roger Fong  <roger_fong@apple.com>
    214

  • trunk/Tools/DumpRenderTree/chromium/TestShell.cpp

    r135184 r136305  
    149149    WebRuntimeFeatures::enableScriptedSpeech(true);
    150150    WebRuntimeFeatures::enableRequestAutocomplete(true);
     151    WebRuntimeFeatures::enableExperimentalContentSecurityPolicyFeatures(true);
    151152
    152153    // 30 second is the same as the value in Mac DRT.
Note: See TracChangeset for help on using the changeset viewer.