• commit-queue@webkit.org's avatar
    CSP 1.1: Add 'plugin-types' and 'form-action' DOM API. · 72a83682
    commit-queue@webkit.org authored
    https://bugs.webkit.org/show_bug.cgi?id=94415
    
    Patch by Mike West <mkwst@chromium.org> on 2012-08-19
    Reviewed by Adam Barth.
    
    Source/WebCore:
    
    Experimental implementations of the new 'plugin-types' and 'form-action'
    directives recently landed, but we neglected to add DOM API endpoints to
    query their state. Those APIs have been added to the specification[1],
    and this patch brings our implementation up to date.
    
    Tests: http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html
           http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html
    
    * page/DOMSecurityPolicy.cpp:
    (isAllowed):
        As a drive-by, change a parameter from a KURL to a String to match
        the actual template. There's no reason to stringify an empty URL
        when we can just use an empty string instead.
    (isAllowedWithType):
        Call out to the ContentSecurityPolicy object to check the protected
        resource's ability to load a given media type.
    (WebCore::DOMSecurityPolicy::allowsFormAction):
        Call out to the ContentSecurityPolicy object to check the protected
        resource's ability to submit a form to the given URL.
    (WebCore):
    (WebCore::DOMSecurityPolicy::allowsPluginType):
        Pipes the plugin type through 'isAllowedWithType' for resolution.
    * page/DOMSecurityPolicy.h:
        Add the 'allowsPluginType' and 'allowsFormAction' methods.
    (DOMSecurityPolicy):
    * page/DOMSecurityPolicy.idl:
        Add the 'allowsPluginType' and 'allowsFormAction' methods.
    
    LayoutTests:
    
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt: Added.
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html: Added.
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt: Added.
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125983 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    72a83682