Bug 111869

Summary: CSP: Blocking 'eval()' is currently unreportable.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: NEW ---    
Severity: Normal CC: abarth, bfulgham, commit-queue, dbates, jfbastien, katherine_cheney, masch, pgriffis, webkit-bug-importer
Priority: P2 Keywords: BlinkMergeCandidate, InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=173892
Bug Depends on: 111867    
Bug Blocks:    
Attachments:
Description Flags
proposed fix none

Description Mike West 2013-03-08 10:13:06 PST 
See bug 111867 for a bit of context.

TL;DR: We don't have a mechanism of explaining to JSC or V8 that we'd like to get reports about usage of eval(), but that we don't actually want to block it. It's all or nothing: we either block and throw an exception, or do nothing useful.
Comment 1 Alexey Proskuryakov 2014-11-06 20:54:49 PST 
Created attachment 241159 [details]
proposed fix
Comment 2 WebKit Commit Bot 2014-11-06 20:56:22 PST 
Attachment 241159 [details] did not pass style-queue:


ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1015:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1023:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1031:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1038:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1045:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1054:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1063:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1070:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1077:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1084:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1091:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1098:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1111:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1118:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
Total errors found: 14 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Alexey Proskuryakov 2014-11-06 20:58:12 PST 
Comment on attachment 241159 [details]
proposed fix

Wrong bug.
Comment 4 Daniel Bates 2015-12-10 17:20:42 PST 
*** Bug 117286 has been marked as a duplicate of this bug. ***
Comment 5 Daniel Bates 2016-01-15 14:13:21 PST 
Blink Issue: <http://code.google.com/p/chromium/issues/detail?id=248257>
Comment 6 Radar WebKit Bug Importer 2016-01-27 20:13:52 PST 
<rdar://problem/24383030>
Comment 7 JF Bastien 2017-06-28 22:11:33 PDT 
Same thing for WebAssembly. I'm adding some tests here:
https://bugs.webkit.org/show_bug.cgi?id=173892
Comment 8 Daniel Bates 2018-06-13 21:55:53 PDT 
*** Bug 153148 has been marked as a duplicate of this bug. ***