Changeset 83141 in webkit
- Timestamp:
- Apr 6, 2011 9:43:50 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r83140 r83141 1 2011-04-06 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 CSP object-src should block plugin loads 6 https://bugs.webkit.org/show_bug.cgi?id=57283 7 8 * http/tests/security/contentSecurityPolicy/object-src-none-expected.txt: Added. 9 * http/tests/security/contentSecurityPolicy/object-src-none.html: Added. 10 * http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl: Added. 11 1 12 2011-04-06 Beth Dakin <bdakin@apple.com> 2 13 -
trunk/Source/WebCore/ChangeLog
r83140 r83141 1 2011-04-06 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 CSP object-src should block plugin loads 6 https://bugs.webkit.org/show_bug.cgi?id=57283 7 8 This change is pretty straight-forward. It's slighly unclear to me 9 whether this patch is correct w.r.t. the code in DocumentWriter. I've 10 added a FIXME comment, and I'll investigate that case more in the future. 11 12 Test: http/tests/security/contentSecurityPolicy/object-src-none.html 13 14 * loader/DocumentWriter.cpp: 15 (WebCore::DocumentWriter::begin): 16 * loader/SubframeLoader.cpp: 17 (WebCore::SubframeLoader::requestPlugin): 18 * page/ContentSecurityPolicy.cpp: 19 (WebCore::ContentSecurityPolicy::allowObjectFromSource): 20 (WebCore::ContentSecurityPolicy::addDirective): 21 * page/ContentSecurityPolicy.h: 22 1 23 2011-04-06 Beth Dakin <bdakin@apple.com> 2 24 -
trunk/Source/WebCore/loader/DocumentWriter.cpp
r78342 r83141 121 121 if (document->isPluginDocument() && m_frame->loader()->isSandboxed(SandboxPlugins)) 122 122 document = SinkDocument::create(m_frame, url); 123 124 // FIXME: Do we need to consult the content security policy here about blocked plug-ins? 123 125 124 126 bool resetScripting = !(m_frame->loader()->stateMachine()->isDisplayingInitialEmptyDocument() && m_frame->document()->securityOrigin()->isSecureTransitionTo(url)); -
trunk/Source/WebCore/loader/SubframeLoader.cpp
r82001 r83141 34 34 #include "SubframeLoader.h" 35 35 36 #include "ContentSecurityPolicy.h" 36 37 #include "Frame.h" 37 38 #include "FrameLoaderClient.h" … … 110 111 return false; 111 112 112 if (m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(SandboxPlugins)) 113 return false; 113 if (m_frame->document()) { 114 if (m_frame->document()->securityOrigin()->isSandboxed(SandboxPlugins)) 115 return false; 116 if (!m_frame->document()->contentSecurityPolicy()->allowObjectFromSource(url)) 117 return false; 118 } 114 119 115 120 ASSERT(ownerElement->hasTagName(objectTag) || ownerElement->hasTagName(embedTag)); -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r82147 r83141 441 441 } 442 442 443 bool ContentSecurityPolicy::allowObjectFromSource(const KURL& url) const 444 { 445 return !m_objectSrc || m_objectSrc->allows(url); 446 } 447 443 448 // policy = directive-list 444 449 // directive-list = [ directive *( ";" [ directive ] ) ] … … 515 520 { 516 521 DEFINE_STATIC_LOCAL(String, scriptSrc, ("script-src")); 522 DEFINE_STATIC_LOCAL(String, objectSrc, ("object-src")); 517 523 518 524 ASSERT(!name.isEmpty()); … … 520 526 if (!m_scriptSrc && equalIgnoringCase(name, scriptSrc)) 521 527 m_scriptSrc = adoptPtr(new CSPDirective(value, m_origin.get())); 522 } 523 524 } 528 else if (!m_objectSrc && equalIgnoringCase(name, objectSrc)) 529 m_objectSrc = adoptPtr(new CSPDirective(value, m_origin.get())); 530 } 531 532 } -
trunk/Source/WebCore/page/ContentSecurityPolicy.h
r82147 r83141 49 49 bool allowInlineEventHandlers() const; 50 50 bool allowScriptFromSource(const KURL&) const; 51 bool allowObjectFromSource(const KURL&) const; 51 52 52 53 private: … … 60 61 RefPtr<SecurityOrigin> m_origin; 61 62 OwnPtr<CSPDirective> m_scriptSrc; 63 OwnPtr<CSPDirective> m_objectSrc; 62 64 }; 63 65
Note: See TracChangeset
for help on using the changeset viewer.