Bug 111869

Summary: CSP: Blocking 'eval()' is currently unreportable.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: NEW    
Severity: Normal CC: abarth, bfulgham, commit-queue, dbates, jfbastien, katherine_cheney, masch, pgriffis, webkit-bug-importer
Priority: P2 Keywords: BlinkMergeCandidate, InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=173892
Bug Depends on: 111867    
Bug Blocks:    
Attachments:
Description Flags
proposed fix none

Mike West
Reported 2013-03-08 10:13:06 PST
See bug 111867 for a bit of context. TL;DR: We don't have a mechanism of explaining to JSC or V8 that we'd like to get reports about usage of eval(), but that we don't actually want to block it. It's all or nothing: we either block and throw an exception, or do nothing useful.
Attachments
proposed fix (11.47 KB, patch)
2014-11-06 20:54 PST, Alexey Proskuryakov 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2014-11-06 20:54:49 PST
Created attachment 241159 [details] proposed fix
WebKit Commit Bot
Comment 2 2014-11-06 20:56:22 PST
Attachment 241159 [details] did not pass style-queue: ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1015: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1023: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1031: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1038: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1045: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1054: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1063: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1070: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1077: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1084: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1091: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1098: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1111: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1118: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] Total errors found: 14 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Alexey Proskuryakov
Comment 3 2014-11-06 20:58:12 PST
Comment on attachment 241159 [details] proposed fix Wrong bug.
Daniel Bates
Comment 4 2015-12-10 17:20:42 PST
*** Bug 117286 has been marked as a duplicate of this bug. ***
Daniel Bates
Comment 5 2016-01-15 14:13:21 PST
Blink Issue: <http://code.google.com/p/chromium/issues/detail?id=248257>
Radar WebKit Bug Importer
Comment 6 2016-01-27 20:13:52 PST
<rdar://problem/24383030>
JF Bastien
Comment 7 2017-06-28 22:11:33 PDT
Same thing for WebAssembly. I'm adding some tests here: https://bugs.webkit.org/show_bug.cgi?id=173892
Daniel Bates
Comment 8 2018-06-13 21:55:53 PDT
*** Bug 153148 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.