Changeset 82085 in webkit


Ignore:
Timestamp:
Mar 27, 2011 10:15:38 PM (13 years ago)
Author:
abarth@webkit.org
Message:

2011-03-27 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Fix script-src redirect handling
https://bugs.webkit.org/show_bug.cgi?id=57196

Test both allow => disallow and disallow => allow redirect cases.
Previously, we had incorrect expectations for one of the redirect
cases. Also, I've updated the policy syntax to match the default-src
syntax.

  • http/tests/security/contentSecurityPolicy/script-src-redirect-expected.txt:
  • http/tests/security/contentSecurityPolicy/script-src-redirect.html:

2011-03-27 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Fix script-src redirect handling
https://bugs.webkit.org/show_bug.cgi?id=57196

Resource-loading requirements in CSP apply to each hop in the redirect
chain. To make that work properly, we need to move enforcement into
the loader. Fortunately, we already have a choke-point in the loader
for enforcing this kind of policy.

  • dom/ScriptElement.cpp: (WebCore::ScriptElement::requestScript):
  • html/parser/HTMLDocumentParser.cpp:
  • html/parser/HTMLDocumentParser.h:
  • html/parser/HTMLScriptRunnerHost.h:
  • loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::canRequest):
  • page/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::allowScriptFromSource):
  • page/ContentSecurityPolicy.h:
Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r82068 r82085  
     12011-03-27  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Fix script-src redirect handling
     6        https://bugs.webkit.org/show_bug.cgi?id=57196
     7
     8        Test both allow => disallow and disallow => allow redirect cases.
     9        Previously, we had incorrect expectations for one of the redirect
     10        cases.  Also, I've updated the policy syntax to match the default-src
     11        syntax.
     12
     13        * http/tests/security/contentSecurityPolicy/script-src-redirect-expected.txt:
     14        * http/tests/security/contentSecurityPolicy/script-src-redirect.html:
     15
    1162011-03-27  Yuta Kitamura  <yutak@chromium.org>
    217
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-redirect-expected.txt

    r78058 r82085  
    11Loads an iframe which in turns tries to load an external script. The request for the script is redirected to 'localhost'. The iframe has a content security policy disabling external scripts from hosts other than 'localhost'. So the script should be allowed to run.
    22
    3 
     3 
    44
    55--------
    66Frame: '<!--framePath //<!--frame0-->-->'
    77--------
    8 FAIL
     8PASS
     9
     10--------
     11Frame: '<!--framePath //<!--frame1-->-->'
     12--------
     13PASS
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-redirect.html

    r78569 r82085  
    1313    Loads an iframe which in turns tries to load an external script. The request for the script is redirected to 'localhost'. The iframe has a content security policy disabling external scripts from hosts other than 'localhost'. So the script should be allowed to run.
    1414  </p>
    15   <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&csp=allow%20*%3B%20script-src%20'localhost'&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php%3furl=http://localhost:8000/security/contentSecurityPolicy/resources/script.js"></iframe>
     15  <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&csp=%20script-src%20localhost&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php%3furl=http://localhost:8000/security/contentSecurityPolicy/resources/script.js"></iframe>
     16  <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&csp=%20script-src%20127.0.0.1&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php%3furl=http://localhost:8000/security/contentSecurityPolicy/resources/script.js"></iframe>
    1617</body>
    1718</html>
  • trunk/Source/WebCore/ChangeLog

    r82084 r82085  
     12011-03-27  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Fix script-src redirect handling
     6        https://bugs.webkit.org/show_bug.cgi?id=57196
     7
     8        Resource-loading requirements in CSP apply to each hop in the redirect
     9        chain.  To make that work properly, we need to move enforcement into
     10        the loader.  Fortunately, we already have a choke-point in the loader
     11        for enforcing this kind of policy.
     12
     13        * dom/ScriptElement.cpp:
     14        (WebCore::ScriptElement::requestScript):
     15        * html/parser/HTMLDocumentParser.cpp:
     16        * html/parser/HTMLDocumentParser.h:
     17        * html/parser/HTMLScriptRunnerHost.h:
     18        * loader/cache/CachedResourceLoader.cpp:
     19        (WebCore::CachedResourceLoader::canRequest):
     20        * page/ContentSecurityPolicy.cpp:
     21        (WebCore::ContentSecurityPolicy::allowScriptFromSource):
     22        * page/ContentSecurityPolicy.h:
     23
    1242011-03-27  Jer Noble  <jer.noble@apple.com>
    225
  • trunk/Source/WebCore/dom/ScriptElement.cpp

    r82028 r82085  
    233233bool ScriptElement::requestScript(const String& sourceUrl)
    234234{
    235     if (!m_element->document()->contentSecurityPolicy()->canLoadExternalScriptFromSrc(sourceUrl))
    236         return false;
    237 
    238235    RefPtr<Document> originalDocument = m_element->document();
    239236    if (!m_element->dispatchBeforeLoadEvent(sourceUrl))
  • trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp

    r82028 r82085  
    479479}
    480480
    481 bool HTMLDocumentParser::shouldLoadExternalScriptFromSrc(const AtomicString& srcValue)
    482 {
    483     return document()->contentSecurityPolicy()->canLoadExternalScriptFromSrc(srcValue);
    484 }
    485 
    486481void HTMLDocumentParser::notifyFinished(CachedResource* cachedResource)
    487482{
  • trunk/Source/WebCore/html/parser/HTMLDocumentParser.h

    r79772 r82085  
    109109    virtual void watchForLoad(CachedResource*);
    110110    virtual void stopWatchingForLoad(CachedResource*);
    111     virtual bool shouldLoadExternalScriptFromSrc(const AtomicString&);
    112111    virtual HTMLInputStream& inputStream() { return m_input; }
    113112
  • trunk/Source/WebCore/html/parser/HTMLScriptRunnerHost.h

    r66277 r82085  
    4545    virtual void stopWatchingForLoad(CachedResource*) = 0;
    4646
    47     // Implementors can block certain script loads (for XSSAuditor, etc.)
    48     virtual bool shouldLoadExternalScriptFromSrc(const AtomicString&) = 0;
    4947    virtual HTMLInputStream& inputStream() = 0;
    5048};
  • trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

    r80695 r82085  
    3535#include "CachedXSLStyleSheet.h"
    3636#include "Console.h"
     37#include "ContentSecurityPolicy.h"
    3738#include "DOMWindow.h"
    3839#include "Document.h"
     
    218219        break;
    219220#endif
    220     default:
    221         ASSERT_NOT_REACHED();
    222         break;
    223221    }
    224222
     
    254252        break;
    255253#endif
    256     default:
    257         ASSERT_NOT_REACHED();
    258         break;
    259254    }
    260255    // FIXME: Consider letting the embedder block mixed content loads.
     256
     257    if (type == CachedResource::Script && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
     258        return false;
     259
    261260    return true;
    262261}
  • trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

    r82028 r82085  
    431431}
    432432
    433 bool ContentSecurityPolicy::canLoadExternalScriptFromSrc(const String& url) const
    434 {
    435     return !m_scriptSrc || m_scriptSrc->allows(KURL(ParsedURLString, url));
     433bool ContentSecurityPolicy::allowScriptFromSource(const KURL& url) const
     434{
     435    return !m_scriptSrc || m_scriptSrc->allows(url);
    436436}
    437437
  • trunk/Source/WebCore/page/ContentSecurityPolicy.h

    r82028 r82085  
    3333
    3434class CSPDirective;
     35class KURL;
    3536class SecurityOrigin;
    3637
     
    4647
    4748    bool allowJavaScriptURLs() const;
    48     // FIXME: Rename canLoadExternalScriptFromSrc to allowScriptFromURL.
    49     bool canLoadExternalScriptFromSrc(const String& url) const;
     49    bool allowScriptFromSource(const KURL&) const;
    5050
    5151private:
Note: See TracChangeset for help on using the changeset viewer.