Skip to content
  • abarth@webkit.org's avatar
    2011-04-07 Adam Barth <abarth@webkit.org> · 75a72fe0
    abarth@webkit.org authored
            Reviewed by Eric Seidel.
    
            Implement img-src style-src and font-src
            https://bugs.webkit.org/show_bug.cgi?id=58018
    
            Test a bunch of allow/block tests for these new directives.
    
            * http/tests/security/contentSecurityPolicy/image-allowed-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/image-allowed.html: Added.
            * http/tests/security/contentSecurityPolicy/image-blocked-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/image-blocked.html: Added.
            * http/tests/security/contentSecurityPolicy/resources/blue.css: Added.
            * http/tests/security/contentSecurityPolicy/resources/style.xsl: Added.
            * http/tests/security/contentSecurityPolicy/style-allowed-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/style-allowed.html: Added.
            * http/tests/security/contentSecurityPolicy/style-blocked-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/style-blocked.html: Added.
            * http/tests/security/contentSecurityPolicy/xsl-allowed.php: Added.
            * http/tests/security/contentSecurityPolicy/xsl-blocked-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/xsl-blocked.php: Added.
    2011-04-07  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Eric Seidel.
    
            Implement img-src style-src and font-src
            https://bugs.webkit.org/show_bug.cgi?id=58018
    
            These are pretty straight forward given the rest of the infrastructure
            we've built so far.
    
            Tests: http/tests/security/contentSecurityPolicy/image-allowed.html
                   http/tests/security/contentSecurityPolicy/image-blocked.html
                   http/tests/security/contentSecurityPolicy/style-allowed.html
                   http/tests/security/contentSecurityPolicy/style-blocked.html
                   http/tests/security/contentSecurityPolicy/xsl-allowed.php
                   http/tests/security/contentSecurityPolicy/xsl-blocked.php
    
            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::canRequest):
            * page/ContentSecurityPolicy.cpp:
            (WebCore::ContentSecurityPolicy::allowImageFromSource):
            (WebCore::ContentSecurityPolicy::allowStyleFromSource):
            (WebCore::ContentSecurityPolicy::allowFontFromSource):
            (WebCore::ContentSecurityPolicy::addDirective):
            * page/ContentSecurityPolicy.h:
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83235 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    75a72fe0