-
abarth@webkit.org authored
Reviewed by Eric Seidel. CSP should block Function constructor https://bugs.webkit.org/show_bug.cgi?id=60240 Test that the function constructor is properly blocked. * http/tests/security/contentSecurityPolicy/function-constructor-allowed-expected.txt: Added. * http/tests/security/contentSecurityPolicy/function-constructor-allowed.html: Added. * http/tests/security/contentSecurityPolicy/function-constructor-blocked-expected.txt: Added. * http/tests/security/contentSecurityPolicy/function-constructor-blocked.html: Added. * platform/chromium/test_expectations.txt: 2011-05-09 Adam Barth <abarth@webkit.org> Reviewed by Eric Seidel. CSP should block Function constructor https://bugs.webkit.org/show_bug.cgi?id=60240 When eval is disabled, we need to block the use of the function constructor. However, the WebCore JSC bindings call the function constructor directly to create inline event listeners. To support that use, this patch adds an entrypoint that bypasses the check for whether eval is enabled. * JavaScriptCore.exp: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * runtime/FunctionConstructor.cpp: (JSC::constructFunction): (JSC::constructFunctionSkippingEvalEnabledCheck): * runtime/FunctionConstructor.h: 2011-05-09 Adam Barth <abarth@webkit.org> Reviewed by Eric Seidel. CSP should block Function constructor https://bugs.webkit.org/show_bug.cgi?id=60240 Tests: http/tests/security/contentSecurityPolicy/function-constructor-allowed.html http/tests/security/contentSecurityPolicy/function-constructor-blocked.html * bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::initializeJSFunction): - Update call site to the new entrypoint. * bindings/v8/V8LazyEventListener.cpp: (WebCore::V8LazyEventListener::prepareListenerObject): - Add some comments about the rediculousness of this implementation. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86100 268f45cc-cd09-0410-ab3c-d52691b4dbfc
19733325