Changeset 85453 in webkit

Timestamp:

May 1, 2011 6:55:17 PM (13 years ago)

Author:

abarth@webkit.org

Message:

2011-05-01 Adam Barth <​abarth@webkit.org>

Reviewed by Eric Seidel.

Polish CSP host and port matching
​https://bugs.webkit.org/show_bug.cgi?id=59899

Test two host wildcard cases.

• http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html: Added.
• http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html: Added.

2011-05-01 Adam Barth <​abarth@webkit.org>

Reviewed by Eric Seidel.

Polish CSP host and port matching
​https://bugs.webkit.org/show_bug.cgi?id=59899

Finish last two details of host and port matching. I don't think the
default port handling is testable with our current testing
infrastructure.

Tests: http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html

http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html

• page/ContentSecurityPolicy.cpp: (WebCore::CSPSource::hostMatches): (WebCore::CSPSource::portMatches):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed-expected.txt (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed-expected.txt (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/page/ContentSecurityPolicy.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-05-01  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Polish CSP host and port matching
+        https://bugs.webkit.org/show_bug.cgi?id=59899
+
+        Test two host wildcard cases.
+
+        * http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html: Added.
+        * http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html: Added.
+
 2011-05-01  Adam Barth  <abarth@webkit.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-05-01  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Polish CSP host and port matching
+        https://bugs.webkit.org/show_bug.cgi?id=59899
+
+        Finish last two details of host and port matching.  I don't think the
+        default port handling is testable with our current testing
+        infrastructure.
+
+        Tests: http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html
+               http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html
+
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::CSPSource::hostMatches):
+        (WebCore::CSPSource::portMatches):
+
 2011-05-01  Adam Barth  <abarth@webkit.org>
 

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

@@ -32 +32 @@
 #include "FormDataList.h"
 #include "Frame.h"
-#include "NotImplemented.h"
 #include "PingLoader.h"
 #include "SecurityOrigin.h"
@@ -137 +136 @@
     bool hostMatches(const KURL& url) const
     {
-        if (m_hostHasWildcard)
-            notImplemented();
-
-        return equalIgnoringCase(url.host(), m_host);
+        const String& host = url.host();
+        if (equalIgnoringCase(host, m_host))
+            return true;
+        return m_hostHasWildcard && host.endsWith("." + m_host, false);
+
     }
 
@@ -147 +147 @@
         if (m_portHasWildcard)
             return true;
-
-        // FIXME: Handle explicit default ports correctly.
-        return url.port() == m_port;
+        int port = url.port();
+        return port ? port == m_port : isDefaultPortForProtocol(m_port, url.protocol());
     }