Skip to content
  • abarth@webkit.org's avatar
    2011-04-07 Adam Barth <abarth@webkit.org> · a3a60470
    abarth@webkit.org authored
            Reviewed by Eric Seidel.
    
            Implement CSP's options directive
            https://bugs.webkit.org/show_bug.cgi?id=58014
    
            * http/tests/security/contentSecurityPolicy/inline-script-allowed-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/inline-script-allowed.html: Added.
            * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html: Added.
    2011-04-07  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Eric Seidel.
    
            Implement CSP's options directive
            https://bugs.webkit.org/show_bug.cgi?id=58014
    
            This patch contains the full options parser, but we only have enough of
            CSP implemented to see the effects of disable-xss-protection.  Will
            need to do some more work before we can see eval-script in action.
    
            Tests: http/tests/security/contentSecurityPolicy/inline-script-allowed.html
                   http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html
    
            * page/ContentSecurityPolicy.cpp:
            (WebCore::CSPOptions::CSPOptions):
            (WebCore::CSPOptions::disableXSSProtection):
            (WebCore::CSPOptions::evalScript):
            (WebCore::CSPOptions::parse):
            (WebCore::ContentSecurityPolicy::allowJavaScriptURLs):
            (WebCore::ContentSecurityPolicy::allowInlineEventHandlers):
            (WebCore::ContentSecurityPolicy::allowInlineScript):
            (WebCore::ContentSecurityPolicy::addDirective):
            * page/ContentSecurityPolicy.h:
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83205 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    a3a60470