-
commit-queue@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=93783 Patch by Mike West <mkwst@chromium.org> on 2012-08-14 Reviewed by Adam Barth. Source/WebCore: Currently we're accepting any non-whitespace character. This patch limits the valid characters to VCHAR minus ',' and ';', and pulls the validity check out into a named function for clarity. Test: http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html * page/ContentSecurityPolicy.cpp: (WebCore::CSPDirectiveList::parseScriptNonce): LayoutTests: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed-expected.txt: Added. * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125614 268f45cc-cd09-0410-ab3c-d52691b4dbfc
e021aae9
