• commit-queue@webkit.org's avatar
    CSP 1.1: Add 'plugin-types' and 'form-action' DOM API. · 72a83682
    commit-queue@webkit.org authored
    Patch by Mike West <mkwst@chromium.org> on 2012-08-19
    Reviewed by Adam Barth.
    Experimental implementations of the new 'plugin-types' and 'form-action'
    directives recently landed, but we neglected to add DOM API endpoints to
    query their state. Those APIs have been added to the specification[1],
    and this patch brings our implementation up to date.
    Tests: http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html
    * page/DOMSecurityPolicy.cpp:
        As a drive-by, change a parameter from a KURL to a String to match
        the actual template. There's no reason to stringify an empty URL
        when we can just use an empty string instead.
        Call out to the ContentSecurityPolicy object to check the protected
        resource's ability to load a given media type.
        Call out to the ContentSecurityPolicy object to check the protected
        resource's ability to submit a form to the given URL.
        Pipes the plugin type through 'isAllowedWithType' for resolution.
    * page/DOMSecurityPolicy.h:
        Add the 'allowsPluginType' and 'allowsFormAction' methods.
    * page/DOMSecurityPolicy.idl:
        Add the 'allowsPluginType' and 'allowsFormAction' methods.
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt: Added.
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html: Added.
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt: Added.
    * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html: Added.
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125983 268f45cc-cd09-0410-ab3c-d52691b4dbfc