Skip to content
  • abarth@webkit.org's avatar
    2011-02-15 Adam Barth <abarth@webkit.org> · b7a83d5a
    abarth@webkit.org authored
            Reviewed by Eric Seidel.
    
            Sketch script-src for Content Security Policy
            https://bugs.webkit.org/show_bug.cgi?id=54381
    
            * http/tests/security/contentSecurityPolicy/script-loads-with-img-src-expected.txt: Added.
            * http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html: Added.
                - Test that we don't block scripts when the policy is just img-src.
            * http/tests/security/contentSecurityPolicy/script-src-in-iframe.html:
            * http/tests/security/contentSecurityPolicy/script-src-none.html:
            * http/tests/security/contentSecurityPolicy/script-src-redirect.html:
                - Turns out we need to escape the ; character in order for it to be
                  echoed back correctly in the header.
    2011-02-15  Adam Barth  <abarth@webkit.org>
    
            Reviewed by Eric Seidel.
    
            Sketch script-src for Content Security Policy
            https://bugs.webkit.org/show_bug.cgi?id=54381
    
            This patch provides a sketch of the script-src directive.  We still do
            not parse the value of the directive, and the wiring into the rest of
            WebCore is incorrect, but those are things we can fix in future
            patches.  For the momemnt, this patch lets us test what we're doing.
    
            Test: http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html
    
            * page/ContentSecurityPolicy.cpp:
            (WebCore::CSPDirective::CSPDirective):
            (WebCore::CSPDirective::allows):
            (WebCore::ContentSecurityPolicy::didReceiveHeader):
            (WebCore::ContentSecurityPolicy::canLoadExternalScriptFromSrc):
            (WebCore::ContentSecurityPolicy::parse):
            (WebCore::ContentSecurityPolicy::emitDirective):
            * page/ContentSecurityPolicy.h:
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78569 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    b7a83d5a