70011 2011-10-13 02:40:47 -0700 script-src * should allow all URLs 2011-10-17 10:35:45 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 70245 53572 1 abarth abarth eric sam webkit.review.bot oldest_to_newest 483081 0 abarth 2011-10-13 02:40:47 -0700 script-src * should allow all URLs 483083 1 110816 abarth 2011-10-13 02:50:44 -0700 Created attachment 110816 Patch 483085 2 110816 eric 2011-10-13 02:53:17 -0700 Comment on attachment 110816 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=110816&action=review OK. > Source/WebCore/page/ContentSecurityPolicy.cpp:273 > + if (end - begin == 1 && *begin == '*') { It seems like you should have a local length = end - begin? Or do you move begin? 483086 3 110816 abarth 2011-10-13 02:54:24 -0700 Comment on attachment 110816 Patch Yeah, begin and end get moved around a lot in this function. I'd prefer not to have a length variable because I'd worry it would get out of sync. 483089 4 110816 webkit.review.bot 2011-10-13 03:15:48 -0700 Comment on attachment 110816 Patch Clearing flags on attachment: 110816 Committed r97360: <http://trac.webkit.org/changeset/97360> 483090 5 webkit.review.bot 2011-10-13 03:15:52 -0700 All reviewed patches have been landed. Closing bug. 110816 2011-10-13 02:50:44 -0700 2011-10-13 03:15:48 -0700 Patch bug-70011-20111013025043.patch text/plain 4973 abarth SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDk3MzU3KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjMgQEAKKzIwMTEtMTAtMTMgIEFkYW0gQmFy dGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBzY3JpcHQtc3JjICogc2hvdWxkIGFs bG93IGFsbCBVUkxzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD03MDAxMQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAg ICAgIFRoaXMgcGF0Y2ggZ2V0cyB1cyBzbGlnaHRseSBhaGVhZCBvZiB0aGUgc3BlYy4gIFRlY2hu aWNhbGx5LCBzY3JpcHQtc3JjCisgICAgICAgIG1lYW5zICJhbnkgaG9zdCIgYW5kIGluaGVyaXRz IHRoZSBjdXJyZW50IHNjaGVtZS4gIEhvd2V2ZXIsIHRoYXQncyBub3QKKyAgICAgICAgd2hhdCBk ZXZlbG9wZXJzIGV4cGVjdCBhbmQgaXQncyBldmVuIGNvbnRyYWRpY3RlZCBieSBleGFtcGxlcyBp biB0aGUKKyAgICAgICAgc3BlYyBpdHNlbGYuICBBZnRlciB0aGlzIHBhdGNoLCAqIG1hdGNoZXMg YWxsIFVSTHMuCisKKyAgICAgICAgVGVzdDogaHR0cC90ZXN0cy9zZWN1cml0eS9jb250ZW50U2Vj dXJpdHlQb2xpY3kvc2NyaXB0LXNyYy1zdGFyLWNyb3NzLXNjaGVtZS5odG1sCisKKyAgICAgICAg KiBwYWdlL0NvbnRlbnRTZWN1cml0eVBvbGljeS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpDU1BT b3VyY2VMaXN0OjpDU1BTb3VyY2VMaXN0KToKKyAgICAgICAgKFdlYkNvcmU6OkNTUFNvdXJjZUxp c3Q6Om1hdGNoZXMpOgorICAgICAgICAoV2ViQ29yZTo6Q1NQU291cmNlTGlzdDo6cGFyc2VTb3Vy Y2UpOgorICAgICAgICAoV2ViQ29yZTo6Q1NQU291cmNlTGlzdDo6YWRkU291cmNlU3Rhcik6CisK IDIwMTEtMTAtMTMgIEtlbnRhcm8gSGFyYSAgPGhhcmFrZW5AY2hyb21pdW0ub3JnPgogCiAgICAg ICAgIEltcGxlbWVudCBhbiBPdmVyZmxvd0V2ZW50IGNvbnN0cnVjdG9yIGZvciBKU0MKSW5kZXg6 IFNvdXJjZS9XZWJDb3JlL3BhZ2UvQ29udGVudFNlY3VyaXR5UG9saWN5LmNwcAo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBTb3VyY2UvV2ViQ29yZS9wYWdlL0NvbnRlbnRTZWN1cml0eVBvbGljeS5jcHAJKHJldmlz aW9uIDk3MzUyKQorKysgU291cmNlL1dlYkNvcmUvcGFnZS9Db250ZW50U2VjdXJpdHlQb2xpY3ku Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xOTAsMTcgKzE5MCwyMCBAQCBwcml2YXRlOgogICAgIGJv b2wgcGFyc2VQb3J0KGNvbnN0IFVDaGFyKiBiZWdpbiwgY29uc3QgVUNoYXIqIGVuZCwgaW50JiBw b3J0LCBib29sJiBwb3J0SGFzV2lsZGNhcmQpOwogCiAgICAgdm9pZCBhZGRTb3VyY2VTZWxmKCk7 CisgICAgdm9pZCBhZGRTb3VyY2VTdGFyKCk7CiAgICAgdm9pZCBhZGRTb3VyY2VVbnNhZmVJbmxp bmUoKTsKICAgICB2b2lkIGFkZFNvdXJjZVVuc2FmZUV2YWwoKTsKIAogICAgIFNlY3VyaXR5T3Jp Z2luKiBtX29yaWdpbjsKICAgICBWZWN0b3I8Q1NQU291cmNlPiBtX2xpc3Q7CisgICAgYm9vbCBt X2FsbG93U3RhcjsKICAgICBib29sIG1fYWxsb3dJbmxpbmU7CiAgICAgYm9vbCBtX2FsbG93RXZh bDsKIH07CiAKIENTUFNvdXJjZUxpc3Q6OkNTUFNvdXJjZUxpc3QoU2VjdXJpdHlPcmlnaW4qIG9y aWdpbikKICAgICA6IG1fb3JpZ2luKG9yaWdpbikKKyAgICAsIG1fYWxsb3dTdGFyKGZhbHNlKQog ICAgICwgbV9hbGxvd0lubGluZShmYWxzZSkKICAgICAsIG1fYWxsb3dFdmFsKGZhbHNlKQogewpA QCAtMjEzLDEwICsyMTYsMTQgQEAgdm9pZCBDU1BTb3VyY2VMaXN0OjpwYXJzZShjb25zdCBTdHJp bmcmIAogCiBib29sIENTUFNvdXJjZUxpc3Q6Om1hdGNoZXMoY29uc3QgS1VSTCYgdXJsKQogewor ICAgIGlmIChtX2FsbG93U3RhcikKKyAgICAgICAgcmV0dXJuIHRydWU7CisKICAgICBmb3IgKHNp emVfdCBpID0gMDsgaSA8IG1fbGlzdC5zaXplKCk7ICsraSkgewogICAgICAgICBpZiAobV9saXN0 W2ldLm1hdGNoZXModXJsKSkKICAgICAgICAgICAgIHJldHVybiB0cnVlOwogICAgIH0KKwogICAg IHJldHVybiBmYWxzZTsKIH0KIApAQCAtMjYzLDYgKzI3MCwxMSBAQCBib29sIENTUFNvdXJjZUxp c3Q6OnBhcnNlU291cmNlKGNvbnN0IFVDCiAgICAgaWYgKGJlZ2luID09IGVuZCkKICAgICAgICAg cmV0dXJuIGZhbHNlOwogCisgICAgaWYgKGVuZCAtIGJlZ2luID09IDEgJiYgKmJlZ2luID09ICcq JykgeworICAgICAgICBhZGRTb3VyY2VTdGFyKCk7CisgICAgICAgIHJldHVybiBmYWxzZTsKKyAg ICB9CisKICAgICBpZiAoZXF1YWxJZ25vcmluZ0Nhc2UoIidzZWxmJyIsIGJlZ2luLCBlbmQgLSBi ZWdpbikpIHsKICAgICAgICAgYWRkU291cmNlU2VsZigpOwogICAgICAgICByZXR1cm4gZmFsc2U7 CkBAIC00MjksNiArNDQxLDExIEBAIHZvaWQgQ1NQU291cmNlTGlzdDo6YWRkU291cmNlU2VsZigp CiAgICAgbV9saXN0LmFwcGVuZChDU1BTb3VyY2UobV9vcmlnaW4tPnByb3RvY29sKCksIG1fb3Jp Z2luLT5ob3N0KCksIG1fb3JpZ2luLT5wb3J0KCksIGZhbHNlLCBmYWxzZSkpOwogfQogCit2b2lk IENTUFNvdXJjZUxpc3Q6OmFkZFNvdXJjZVN0YXIoKQoreworICAgIG1fYWxsb3dTdGFyID0gdHJ1 ZTsKK30KKwogdm9pZCBDU1BTb3VyY2VMaXN0OjphZGRTb3VyY2VVbnNhZmVJbmxpbmUoKQogewog ICAgIG1fYWxsb3dJbmxpbmUgPSB0cnVlOwpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gOTczNTcpCisrKyBM YXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxNSBAQAorMjAx MS0xMC0xMyAgQWRhbSBCYXJ0aCAgPGFiYXJ0aEB3ZWJraXQub3JnPgorCisgICAgICAgIHNjcmlw dC1zcmMgKiBzaG91bGQgYWxsb3cgYWxsIFVSTHMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTcwMDExCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgVGVzdCB0aGF0IHVzaW5nICogaW4gc2NyaXB0LXNyYyBtYXRj aGVzIFVSTHMgd2l0aCBvdGhlciBzY2hlbWVzLgorCisgICAgICAgICogaHR0cC90ZXN0cy9zZWN1 cml0eS9jb250ZW50U2VjdXJpdHlQb2xpY3kvc2NyaXB0LXNyYy1zdGFyLWNyb3NzLXNjaGVtZS1l eHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGh0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVu dFNlY3VyaXR5UG9saWN5L3NjcmlwdC1zcmMtc3Rhci1jcm9zcy1zY2hlbWUuaHRtbDogQWRkZWQu CisKIDIwMTEtMTAtMTMgIEtlbnQgVGFtdXJhICA8dGtlbnRAY2hyb21pdW0ub3JnPgogCiAgICAg ICAgIFVwZGF0ZSBleHBlY3RhdGlvbiBvZiB4c3MtREVOSUVELWNvbnRlbnRXaW5kb3ctZXZhbC5o dG1sIGZvciByOTczNTMKSW5kZXg6IExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29u dGVudFNlY3VyaXR5UG9saWN5L3NjcmlwdC1zcmMtc3Rhci1jcm9zcy1zY2hlbWUtZXhwZWN0ZWQu dHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVu dFNlY3VyaXR5UG9saWN5L3NjcmlwdC1zcmMtc3Rhci1jcm9zcy1zY2hlbWUtZXhwZWN0ZWQudHh0 CShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jb250ZW50 U2VjdXJpdHlQb2xpY3kvc2NyaXB0LXNyYy1zdGFyLWNyb3NzLXNjaGVtZS1leHBlY3RlZC50eHQJ KHJldmlzaW9uIDApCkBAIC0wLDAgKzEsNiBAQAorCisKKy0tLS0tLS0tCitGcmFtZTogJzwhLS1m cmFtZVBhdGggLy88IS0tZnJhbWUwLS0+LS0+JworLS0tLS0tLS0KK1BBU1MKSW5kZXg6IExheW91 dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVudFNlY3VyaXR5UG9saWN5L3NjcmlwdC1z cmMtc3Rhci1jcm9zcy1zY2hlbWUuaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9odHRw L3Rlc3RzL3NlY3VyaXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9zY3JpcHQtc3JjLXN0YXItY3Jv c3Mtc2NoZW1lLmh0bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3Nl Y3VyaXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9zY3JpcHQtc3JjLXN0YXItY3Jvc3Mtc2NoZW1l Lmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTQgQEAKKzwhRE9DVFlQRSBodG1sPgorPGh0 bWw+Cis8aGVhZD4KKzxzY3JpcHQ+CitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7 CisgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQoKTsKKyAgbGF5b3V0VGVzdENvbnRy b2xsZXIuZHVtcENoaWxkRnJhbWVzQXNUZXh0KCk7Cit9Cis8L3NjcmlwdD4KKzwvaGVhZD4KKzxi b2R5PgorICA8aWZyYW1lIHNyYz0iaHR0cDovLzEyNy4wLjAuMTo4MDAwL3NlY3VyaXR5L2NvbnRl bnRTZWN1cml0eVBvbGljeS9yZXNvdXJjZXMvZWNoby1zY3JpcHQtc3JjLnBsP3Nob3VsZF9ydW49 eWVzJnE9aHR0cHM6Ly8xMjcuMC4wLjE6ODQ0My9zZWN1cml0eS9jb250ZW50U2VjdXJpdHlQb2xp Y3kvcmVzb3VyY2VzL3NjcmlwdC5qcyZjc3A9c2NyaXB0LXNyYyUyMCoiPjwvaWZyYW1lPgorPC9i b2R5PgorPC9odG1sPgo=