Changeset 196653 in webkit

Timestamp:

Feb 16, 2016 1:16:18 PM (8 years ago)

Author:

dbates@webkit.org

Message:

CSP: Disallow an empty host in a host-source source expression
​https://bugs.webkit.org/show_bug.cgi?id=153168
<rdar://problem/24383366>

Reviewed by Brent Fulgham.

Source/WebCore:

Merged from Blink (patch by ​rob@robwu.nl):
<​https://src.chromium.org/viewvc/blink?revision=180407&view=revision>

• page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::parseSource):

LayoutTests:

Remove entry for test http/tests/security/contentSecurityPolicy/source-list-parsing-07.html
as it now passes.

• TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2016-02-16  Daniel Bates  <dabates@apple.com>
+
+        CSP: Disallow an empty host in a host-source source expression
+        https://bugs.webkit.org/show_bug.cgi?id=153168
+        <rdar://problem/24383366>
+
+        Reviewed by Brent Fulgham.
+
+        Remove entry for test http/tests/security/contentSecurityPolicy/source-list-parsing-07.html
+        as it now passes.
+
+        * TestExpectations:
+
 2016-02-16  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -834 +834 @@
 webkit.org/b/153166 webkit.org/b/153242 http/tests/security/contentSecurityPolicy/report-and-enforce.html [ Failure ]
 webkit.org/b/153166 webkit.org/b/153242 http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html [ Failure ]
-webkit.org/b/153168 http/tests/security/contentSecurityPolicy/source-list-parsing-07.html [ Failure ]
 webkit.org/b/153170 http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html [ Failure ]
 http/tests/security/contentSecurityPolicy/script-src-blocked-error-event.html [ Pass Failure ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-02-16  Daniel Bates  <dabates@apple.com>
+
+        CSP: Disallow an empty host in a host-source source expression
+        https://bugs.webkit.org/show_bug.cgi?id=153168
+        <rdar://problem/24383366>
+
+        Reviewed by Brent Fulgham.
+
+        Merged from Blink (patch by rob@robwu.nl):
+        <https://src.chromium.org/viewvc/blink?revision=180407&view=revision>
+
+        * page/csp/ContentSecurityPolicySourceList.cpp:
+        (WebCore::ContentSecurityPolicySourceList::parseSource):
+
 2016-02-16  Brady Eidson  <beidson@apple.com>
 

trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp

@@ -222 +222 @@
                 return false;
             if (position == end)
-                return true;
+                return false;
             beginHost = position;
             skipWhile<UChar, isNotColonOrSlash>(position, end);