-
abarth@webkit.org authored
Reviewed by Eric Seidel. Sketch script-src for Content Security Policy https://bugs.webkit.org/show_bug.cgi?id=54381 * http/tests/security/contentSecurityPolicy/script-loads-with-img-src-expected.txt: Added. * http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html: Added. - Test that we don't block scripts when the policy is just img-src. * http/tests/security/contentSecurityPolicy/script-src-in-iframe.html: * http/tests/security/contentSecurityPolicy/script-src-none.html: * http/tests/security/contentSecurityPolicy/script-src-redirect.html: - Turns out we need to escape the ; character in order for it to be echoed back correctly in the header. 2011-02-15 Adam Barth <abarth@webkit.org> Reviewed by Eric Seidel. Sketch script-src for Content Security Policy https://bugs.webkit.org/show_bug.cgi?id=54381 This patch provides a sketch of the script-src directive. We still do not parse the value of the directive, and the wiring into the rest of WebCore is incorrect, but those are things we can fix in future patches. For the momemnt, this patch lets us test what we're doing. Test: http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html * page/ContentSecurityPolicy.cpp: (WebCore::CSPDirective::CSPDirective): (WebCore::CSPDirective::allows): (WebCore::ContentSecurityPolicy::didReceiveHeader): (WebCore::ContentSecurityPolicy::canLoadExternalScriptFromSrc): (WebCore::ContentSecurityPolicy::parse): (WebCore::ContentSecurityPolicy::emitDirective): * page/ContentSecurityPolicy.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78569 268f45cc-cd09-0410-ab3c-d52691b4dbfc
b7a83d5a