Changeset 86586 in webkit
- Timestamp:
- May 16, 2011 10:32:04 AM (13 years ago)
- Location:
- trunk
- Files:
-
- 2 deleted
- 4 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/http/tests/security/contentSecurityPolicy/javascript-urls-blocked-expected.txt (deleted)
-
LayoutTests/http/tests/security/contentSecurityPolicy/javascript-urls-blocked.html (deleted)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/page/ContentSecurityPolicy.cpp (modified) (4 diffs)
-
Source/WebCore/page/ContentSecurityPolicy.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r86583 r86586 1 2011-05-16 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Remove disable-javascript-urls CSP directive 6 https://bugs.webkit.org/show_bug.cgi?id=60874 7 8 No need to test a feature that doesn't exist. 9 10 * http/tests/security/contentSecurityPolicy/javascript-urls-blocked-expected.txt: Removed. 11 * http/tests/security/contentSecurityPolicy/javascript-urls-blocked.html: Removed. 12 1 13 2011-05-16 Leandro Gracia Gil <leandrogracia@chromium.org> 2 14 -
trunk/Source/WebCore/ChangeLog
r86584 r86586 1 2011-05-16 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Remove disable-javascript-urls CSP directive 6 https://bugs.webkit.org/show_bug.cgi?id=60874 7 8 After talking this out with various folks in the CSP working group, we 9 decided that this syntax isn't the right way to approach this issue. 10 If we want to address the use case of enabling JavaScript URLs 11 separately from inline script, we'll probably just make 12 13 script-src javascript: 14 15 work that way. 16 17 * page/ContentSecurityPolicy.cpp: 18 (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): 19 (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): 20 (WebCore::ContentSecurityPolicy::addDirective): 21 * page/ContentSecurityPolicy.h: 22 1 23 2011-05-16 Jon Lee <jonlee@apple.com> 2 24 -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r86542 r86586 457 457 , m_document(document) 458 458 , m_reportOnly(false) 459 , m_disableJavaScriptURLs(false)460 459 { 461 460 } … … 558 557 { 559 558 DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute JavaScript URL because of Content-Security-Policy.\n")); 560 if (m_disableJavaScriptURLs) {561 reportViolation(String(), consoleMessage);562 return denyIfEnforcingPolicy();563 }564 559 return checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage); 565 560 } … … 736 731 DEFINE_STATIC_LOCAL(String, mediaSrc, ("media-src")); 737 732 DEFINE_STATIC_LOCAL(String, reportURI, ("report-uri")); 738 DEFINE_STATIC_LOCAL(String, disableJavaScriptURLs, ("disable-javascript-urls"));739 733 740 734 ASSERT(!name.isEmpty()); … … 758 752 else if (m_reportURLs.isEmpty() && equalIgnoringCase(name, reportURI)) 759 753 parseReportURI(value); 760 else if (equalIgnoringCase(name, disableJavaScriptURLs)) 761 m_disableJavaScriptURLs = true; 762 } 763 764 } 754 } 755 756 } -
trunk/Source/WebCore/page/ContentSecurityPolicy.h
r85993 r86586 97 97 OwnPtr<CSPDirective> m_fontSrc; 98 98 OwnPtr<CSPDirective> m_mediaSrc; 99 100 // This directive is an experiment and not part of the W3C spec.101 // FIXME: Remove this feature when we rename from X-WebKit-CSP to102 // Content-Security-Policy if we don't convince the working group to adopt103 // the feature.104 bool m_disableJavaScriptURLs;105 106 99 Vector<KURL> m_reportURLs; 107 100 };
Note: See TracChangeset
for help on using the changeset viewer.
