60384 2011-05-06 10:45:44 -0700 Wire up CSP's eval blocking to V8's new API 2011-05-06 13:14:00 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 53572 1 abarth abarth commit-queue eric oldest_to_newest 399631 0 abarth 2011-05-06 10:45:44 -0700 Wire up CSP's eval blocking to V8's new API 399634 1 92605 abarth 2011-05-06 10:47:58 -0700 Created attachment 92605 Patch 399692 2 92605 eric 2011-05-06 12:05:17 -0700 Comment on attachment 92605 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92605&action=review Does this need a DEPs update? > Source/WebCore/bindings/v8/ScriptController.cpp:310 > + m_proxy->windowShell()->initContextIfNeeded(); I wonder how many places might be missing this call. :) > Source/WebCore/bindings/v8/ScriptController.cpp:317 > + v8Context->AllowCodeGenerationFromStrings(false); I wonder how many other things this may unintentionally break? Doesn't chrome/v8 execute js strings internally all over the place? 399708 3 abarth 2011-05-06 12:13:39 -0700 (In reply to comment #2) > (From update of attachment 92605 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=92605&action=review > > Does this need a DEPs update? Nope. That already happened. > > Source/WebCore/bindings/v8/ScriptController.cpp:310 > > + m_proxy->windowShell()->initContextIfNeeded(); > > I wonder how many places might be missing this call. :) Good question. Much of this code is crap and needs a re-working. > > Source/WebCore/bindings/v8/ScriptController.cpp:317 > > + v8Context->AllowCodeGenerationFromStrings(false); > > I wonder how many other things this may unintentionally break? Doesn't chrome/v8 execute js strings internally all over the place? This API was created expressly for our needs. It's supposed to do exactly what we want. 399758 4 92605 commit-queue 2011-05-06 13:13:55 -0700 Comment on attachment 92605 Patch Clearing flags on attachment: 92605 Committed r85972: <http://trac.webkit.org/changeset/85972> 399759 5 commit-queue 2011-05-06 13:14:00 -0700 All reviewed patches have been landed. Closing bug. 92605 2011-05-06 10:47:58 -0700 2011-05-06 13:13:55 -0700 Patch bug-60384-20110506104756.patch text/plain 3591 abarth SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDg1OTU5KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTEtMDUtMDYgIEFkYW0gQmFy dGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBXaXJlIHVwIENTUCdzIGV2YWwgYmxvY2tpbmcgdG8gVjgncyBuZXcg QVBJCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD02MDM4 NAorCisgICAgICAgICogYmluZGluZ3MvdjgvU2NyaXB0Q29udHJvbGxlci5jcHA6CisgICAgICAg IChXZWJDb3JlOjpTY3JpcHRDb250cm9sbGVyOjpkaXNhYmxlRXZhbCk6CisKIDIwMTEtMDUtMDQg IEFkcmllbm5lIFdhbGtlciAgPGVubmVAZ29vZ2xlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBi eSBKYW1lcyBSb2JpbnNvbi4KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2JpbmRpbmdzL3Y4L1Njcmlw dENvbnRyb2xsZXIuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2JpbmRpbmdzL3Y4 L1NjcmlwdENvbnRyb2xsZXIuY3BwCShyZXZpc2lvbiA4NTk1MSkKKysrIFNvdXJjZS9XZWJDb3Jl L2JpbmRpbmdzL3Y4L1NjcmlwdENvbnRyb2xsZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0zMDcs OCArMzA3LDE0IEBAIGJvb2wgU2NyaXB0Q29udHJvbGxlcjo6aGF2ZUludGVycHJldGVyKCkKIAog dm9pZCBTY3JpcHRDb250cm9sbGVyOjpkaXNhYmxlRXZhbCgpCiB7Ci0gICAgLy8gRklYTUU6IFdl IG5lZWQgaGVscCBmcm9tIFY4IHRvIGltcGxlbWVudCB0aGlzIGZ1bmN0aW9uOgotICAgIC8vIGh0 dHA6Ly9jb2RlLmdvb2dsZS5jb20vcC92OC9pc3N1ZXMvZGV0YWlsP2lkPTEyNTgKKyAgICBtX3By b3h5LT53aW5kb3dTaGVsbCgpLT5pbml0Q29udGV4dElmTmVlZGVkKCk7CisKKyAgICB2ODo6SGFu ZGxlU2NvcGUgaGFuZGxlU2NvcGU7CisgICAgdjg6OkhhbmRsZTx2ODo6Q29udGV4dD4gdjhDb250 ZXh0ID0gVjhQcm94eTo6bWFpbldvcmxkQ29udGV4dChtX2ZyYW1lKTsKKyAgICBpZiAodjhDb250 ZXh0LklzRW1wdHkoKSkKKyAgICAgICAgcmV0dXJuOworCisgICAgdjhDb250ZXh0LT5BbGxvd0Nv ZGVHZW5lcmF0aW9uRnJvbVN0cmluZ3MoZmFsc2UpOwogfQogCiBQYXNzU2NyaXB0SW5zdGFuY2Ug U2NyaXB0Q29udHJvbGxlcjo6Y3JlYXRlU2NyaXB0SW5zdGFuY2VGb3JXaWRnZXQoV2lkZ2V0KiB3 aWRnZXQpCkluZGV4OiBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0 VGVzdHMvQ2hhbmdlTG9nCShyZXZpc2lvbiA4NTk1OSkKKysrIExheW91dFRlc3RzL0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDExLTA1LTA2ICBBZGFtIEJhcnRo ICA8YWJhcnRoQHdlYmtpdC5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgV2lyZSB1cCBDU1AncyBldmFsIGJsb2NraW5nIHRvIFY4J3MgbmV3IEFQ SQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NjAzODQK KworICAgICAgICAqIHBsYXRmb3JtL2Nocm9taXVtL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVu dFNlY3VyaXR5UG9saWN5L2V2YWwtYmxvY2tlZC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAg ICAgICAgLSBCb28gZGlmZmVyZW50IGVycm9yIG1lc3NhZ2VzLgorICAgICAgICAqIHBsYXRmb3Jt L2Nocm9taXVtL3Rlc3RfZXhwZWN0YXRpb25zLnR4dDoKKyAgICAgICAgICAgIC0gVGVzdCBwcm9n cmVzc2lvbi4KKwogMjAxMS0wNS0wNCAgQWRyaWVubmUgV2Fsa2VyICA8ZW5uZUBnb29nbGUuY29t PgogCiAgICAgICAgIFJldmlld2VkIGJ5IEphbWVzIFJvYmluc29uLgpJbmRleDogTGF5b3V0VGVz dHMvcGxhdGZvcm0vY2hyb21pdW0vdGVzdF9leHBlY3RhdGlvbnMudHh0Cj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IExheW91dFRlc3RzL3BsYXRmb3JtL2Nocm9taXVtL3Rlc3RfZXhwZWN0YXRpb25zLnR4dAkocmV2 aXNpb24gODU5NTEpCisrKyBMYXlvdXRUZXN0cy9wbGF0Zm9ybS9jaHJvbWl1bS90ZXN0X2V4cGVj dGF0aW9ucy50eHQJKHdvcmtpbmcgY29weSkKQEAgLTMzMDIsMTAgKzMzMDIsNiBAQCBCVUdYWFgg R1BVIFNOT1dMRU9QQVJEIDogY29tcG9zaXRpbmcvc2VsCiAvLyBDaHJvbWUgZG9lc24ndCBsb2Fk IGZhdmljb25zIGluIERSVCB0ZXN0cy4KIEJVR1dLNTcyNTkgOiBodHRwL3Rlc3RzL21pc2MvbGlu ay1yZWwtaWNvbi1iZWZvcmVsb2FkLmh0bWwgPSBGQUlMIFBBU1MKIAotLy8gV2UgbmVlZCBoZWxw IGZyb20gVjggdG8gaW1wbGVtZW50IHRoaXMgZmVhdHVyZS4KLS8vIGh0dHA6Ly9jb2RlLmdvb2ds ZS5jb20vcC92OC9pc3N1ZXMvZGV0YWlsP2lkPTEyNTgKLUJVR1Y4OiBodHRwL3Rlc3RzL3NlY3Vy aXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9ldmFsLWJsb2NrZWQuaHRtbCA9IFRFWFQKLQogLy8g VGhlc2UgdGVzdHMgYXBwZWFycyB0byB0aW1lb3V0IGV2ZXJ5IDEwIG9yIDIwIHJ1bnMuCiBCVUdX SzYwMDk0IDogZmFzdC9lbmNvZGluZy9wYXJzZXItdGVzdHMuaHRtbCA9IFRJTUVPVVQgUEFTUwog QlVHV0s2MDA5NCA6IGZhc3QvZW5jb2RpbmcvcGFyc2VyLXRlc3RzLTEwLmh0bWwgPSBUSU1FT1VU IFBBU1MKSW5kZXg6IExheW91dFRlc3RzL3BsYXRmb3JtL2Nocm9taXVtL2h0dHAvdGVzdHMvc2Vj dXJpdHkvY29udGVudFNlY3VyaXR5UG9saWN5L2V2YWwtYmxvY2tlZC1leHBlY3RlZC50eHQKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gTGF5b3V0VGVzdHMvcGxhdGZvcm0vY2hyb21pdW0vaHR0cC90ZXN0cy9zZWN1 cml0eS9jb250ZW50U2VjdXJpdHlQb2xpY3kvZXZhbC1ibG9ja2VkLWV4cGVjdGVkLnR4dAkocmV2 aXNpb24gMCkKKysrIExheW91dFRlc3RzL3BsYXRmb3JtL2Nocm9taXVtL2h0dHAvdGVzdHMvc2Vj dXJpdHkvY29udGVudFNlY3VyaXR5UG9saWN5L2V2YWwtYmxvY2tlZC1leHBlY3RlZC50eHQJKHJl dmlzaW9uIDApCkBAIC0wLDAgKzEsMyBAQAorQ09OU09MRSBNRVNTQUdFOiBsaW5lIDEyOiBVbmNh dWdodCBFcnJvcjogQ29kZSBnZW5lcmF0aW9uIGZyb20gc3RyaW5ncyBkaXNhbGxvd2VkIGZvciB0 aGlzIGNvbnRleHQKK0NPTlNPTEUgTUVTU0FHRTogbGluZSAxNTogVW5jYXVnaHQgRXJyb3I6IENv ZGUgZ2VuZXJhdGlvbiBmcm9tIHN0cmluZ3MgZGlzYWxsb3dlZCBmb3IgdGhpcyBjb250ZXh0CisK