-
abarth@webkit.org authored
Reviewed by Eric Seidel. Implement CSP's options directive https://bugs.webkit.org/show_bug.cgi?id=58014 * http/tests/security/contentSecurityPolicy/inline-script-allowed-expected.txt: Added. * http/tests/security/contentSecurityPolicy/inline-script-allowed.html: Added. * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy-expected.txt: Added. * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html: Added. 2011-04-07 Adam Barth <abarth@webkit.org> Reviewed by Eric Seidel. Implement CSP's options directive https://bugs.webkit.org/show_bug.cgi?id=58014 This patch contains the full options parser, but we only have enough of CSP implemented to see the effects of disable-xss-protection. Will need to do some more work before we can see eval-script in action. Tests: http/tests/security/contentSecurityPolicy/inline-script-allowed.html http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html * page/ContentSecurityPolicy.cpp: (WebCore::CSPOptions::CSPOptions): (WebCore::CSPOptions::disableXSSProtection): (WebCore::CSPOptions::evalScript): (WebCore::CSPOptions::parse): (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): (WebCore::ContentSecurityPolicy::allowInlineScript): (WebCore::ContentSecurityPolicy::addDirective): * page/ContentSecurityPolicy.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83205 268f45cc-cd09-0410-ab3c-d52691b4dbfc
a3a60470