156086 2016-03-31 15:16:39 -0700 CSP: Define explicitly datatype for nonce 2016-05-27 12:35:31 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Local Build All All NEW P2 Normal --- 1 dbates webkit-unassigned bfulgham oldest_to_newest 1179614 0 dbates 2016-03-31 15:16:39 -0700 Currently in the Content Security Policy code we represent nonces as String objects and have overloaded functions that take either a URL or a nonce. Notice that a URL object can be implicitly converted to a String object because the URL class defines a String conversion operator. This makes passing a nonce to an overloaded functions with default arguments that accepts either a URL or String in the same argument position error prone because the compiler may chose to implicitly convert a URL to a String and call the overloaded function for a nonce. One example of fragile function because of the implicit conversion of URL to String is the static non-member function checkFrameAncestors() (defined in file ContentSecurityPolicyDirectiveList.cpp): <http://trac.webkit.org/browser/trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp?rev=198920#L79>. Care must be taken to update this call site should ContentSecurityPolicySourceListDirective ::allow(const URL&), <http://trac.webkit.org/browser/trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceListDirective.h?rev=198920#L41>, be changed to take a default argument as its second argument. Otherwise, the compiler will implicitly convert the result of "current->document()->url()" in checkFrameAncestors() from a URL object to a String object and generate code to invoke ContentSecurityPolicySourceListDirective ::allow(const String&), which is the overloaded function for checking a nonce.