Changeset 196655 in webkit
- Timestamp:
- Feb 16, 2016 1:18:19 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r196654 r196655 1 2016-02-16 Daniel Bates <dabates@apple.com> 2 3 CSP: Fix parsing of 'host/path' source expressions 4 https://bugs.webkit.org/show_bug.cgi?id=153170 5 <rdar://problem/24383407> 6 7 Reviewed by Brent Fulgham. 8 9 Remove entry for test http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html 10 as it now passes. 11 12 * TestExpectations: 13 1 14 2016-02-16 Joseph Pecoraro <pecoraro@apple.com> 2 15 -
trunk/LayoutTests/TestExpectations
r196653 r196655 834 834 webkit.org/b/153166 webkit.org/b/153242 http/tests/security/contentSecurityPolicy/report-and-enforce.html [ Failure ] 835 835 webkit.org/b/153166 webkit.org/b/153242 http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html [ Failure ] 836 webkit.org/b/153170 http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html [ Failure ]837 836 http/tests/security/contentSecurityPolicy/script-src-blocked-error-event.html [ Pass Failure ] 838 837 -
trunk/Source/WebCore/ChangeLog
r196653 r196655 1 2016-02-16 Daniel Bates <dabates@apple.com> 2 3 CSP: Fix parsing of 'host/path' source expressions 4 https://bugs.webkit.org/show_bug.cgi?id=153170 5 <rdar://problem/24383407> 6 7 Reviewed by Brent Fulgham. 8 9 Merged from Blink (patch by Mike West): 10 <https://src.chromium.org/viewvc/blink?revision=154875&view=revision> 11 12 Fixes an issue where a source of the form example.com/A/ was incorrectly considered 13 invalid and hence such a requested resource would be blocked. A source of this form 14 is valid by the definition of host-source in section Source List Syntax of the Content 15 Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>. 16 17 * page/csp/ContentSecurityPolicySourceList.cpp: 18 (WebCore::ContentSecurityPolicySourceList::parseSource): 19 1 20 2016-02-16 Daniel Bates <dabates@apple.com> 2 21 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp
r196653 r196655 199 199 // host/path || host/ || / 200 200 // ^ ^ ^ 201 if (!parseHost(beginHost, position, host, hostHasWildcard) 202 || !parsePath(position, end, path) 203 || position != end) 204 return false; 205 return true; 201 return parseHost(beginHost, position, host, hostHasWildcard) && parsePath(position, end, path); 206 202 } 207 203
Note: See TracChangeset
for help on using the changeset viewer.