Changeset 81425 in webkit
- Timestamp:
- Mar 17, 2011 6:58:18 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r81423 r81425 1 2011-03-17 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Update CSP directive parser to match spec 6 https://bugs.webkit.org/show_bug.cgi?id=56582 7 8 Test some error-handling cases. 9 10 * http/tests/security/contentSecurityPolicy/directive-parsing-expected.txt: Added. 11 * http/tests/security/contentSecurityPolicy/directive-parsing.html: Added. 12 1 13 2011-03-17 James Simonsen <simonjam@chromium.org> 2 14 -
trunk/Source/WebCore/ChangeLog
r81424 r81425 1 2011-03-17 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Update CSP directive parser to match spec 6 https://bugs.webkit.org/show_bug.cgi?id=56582 7 8 Brandon updated the CSP spec. I've updated our implementation to 9 match. In the process, I found a couple bugs in the spec, which I've 10 sent to the working group. This patch assumes that the bugs will be 11 fixed in the way I suggested. If they get fixed a different way, we 12 might need to update the parser again. 13 14 Test: http/tests/security/contentSecurityPolicy/directive-parsing.html 15 16 * page/ContentSecurityPolicy.cpp: 17 (WebCore::isDirectiveNameCharacter): 18 (WebCore::isDirectiveValueCharacter): 19 (WebCore::advanceUntil): 20 (WebCore::ContentSecurityPolicy::parse): 21 (WebCore::ContentSecurityPolicy::parseDirective): 22 * page/ContentSecurityPolicy.h: 23 1 24 2011-03-17 Adam Barth <abarth@webkit.org> 2 25 -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r79547 r81425 29 29 30 30 namespace WebCore { 31 32 static bool isDirectiveNameCharacter(UChar c) 33 { 34 return isASCIIAlpha(c) || isASCIIDigit(c) || c == '-'; 35 } 36 37 static bool isDirectiveValueCharacter(UChar c) 38 { 39 return isASCIISpace(c) || (c >= 0x21 && c <= 0x7e); // Whitespace + VCHAR 40 } 41 42 static void advanceUntil(const UChar*& pos, const UChar* end, UChar delimiter) 43 { 44 while (pos < end) { 45 if (*pos++ == delimiter) 46 return; 47 } 48 } 31 49 32 50 class CSPDirective { … … 88 106 Vector<UChar, 64> value; 89 107 90 parseDirective(pos, end, name, value); 108 if (!parseDirective(pos, end, name, value)) 109 continue; 91 110 if (name.isEmpty()) 92 111 continue; … … 99 118 } 100 119 101 voidContentSecurityPolicy::parseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value)120 bool ContentSecurityPolicy::parseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value) 102 121 { 103 122 ASSERT(pos < end); … … 105 124 ASSERT(value.isEmpty()); 106 125 107 enum { 108 BeforeDirectiveName, 109 DirectiveName, 110 AfterDirectiveName, 111 DirectiveValue, 112 } state = BeforeDirectiveName; 126 while (pos < end && isASCIISpace(*pos)) 127 pos++; 113 128 114 129 while (pos < end) { 115 UChar currentCharacter = *pos++; 116 switch (state) { 117 case BeforeDirectiveName: 118 if (isASCIISpace(currentCharacter)) 119 continue; 120 state = DirectiveName; 121 // Fall through. 122 case DirectiveName: 123 if (!isASCIISpace(currentCharacter)) { 124 name.append(currentCharacter); 125 continue; 126 } 127 state = AfterDirectiveName; 128 // Fall through. 129 case AfterDirectiveName: 130 if (isASCIISpace(currentCharacter)) 131 continue; 132 state = DirectiveValue; 133 // Fall through. 134 case DirectiveValue: 135 if (currentCharacter != ';') { 136 value.append(currentCharacter); 137 continue; 138 } 139 return; 130 UChar currentCharacter = *pos; 131 if (currentCharacter == ';') 132 break; 133 if (isASCIISpace(currentCharacter)) 134 break; 135 if (!isDirectiveNameCharacter(currentCharacter)) { 136 advanceUntil(pos, end, ';'); 137 return false; 140 138 } 139 name.append(currentCharacter); 140 pos++; 141 141 } 142 143 while (pos < end && isASCIISpace(*pos)) 144 pos++; 145 146 if (pos < end && *pos == ';') { 147 pos++; 148 return true; 149 } 150 151 while (pos < end) { 152 UChar currentCharacter = *pos; 153 if (currentCharacter == ';') 154 break; 155 if (!isDirectiveValueCharacter(currentCharacter)) { 156 advanceUntil(pos, end, ';'); 157 return false; 158 } 159 value.append(currentCharacter); 160 pos++; 161 } 162 163 if (pos < end && *pos == ';') { 164 pos++; 165 return true; 166 } 167 168 return true; 142 169 } 143 170 -
trunk/Source/WebCore/page/ContentSecurityPolicy.h
r79547 r81425 49 49 50 50 void parse(const String&); 51 voidparseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value);51 bool parseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value); 52 52 void emitDirective(const String& name, const String& value); 53 53
Note: See TracChangeset
for help on using the changeset viewer.