Summary: | CSP: Implement child-src directive | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||
Component: | WebCore Misc. | Assignee: | Daniel Bates <dbates> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | aestes, bfulgham, cdumez, commit-queue, japhet, mjs, mkwst, sam, webkit-bug-importer | ||||
Priority: | P2 | Keywords: | InRadar, WebExposed | ||||
Version: | WebKit Local Build | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Bug Depends on: | 153157 | ||||||
Bug Blocks: | 85558, 153158 | ||||||
Attachments: |
|
Description
Daniel Bates
2016-01-27 14:54:54 PST
Created attachment 271061 [details]
Patch and Layout Tests
Comment on attachment 271061 [details] Patch and Layout Tests View in context: https://bugs.webkit.org/attachment.cgi?id=271061&action=review Nice work! I had a question about the test skips you added with the comment "Needs expected file". Otherwise this looks good. r=me. > LayoutTests/TestExpectations:799 > +http/tests/security/contentSecurityPolicy/1.1/stylehash-default-src.html # Needs expected file. Why can't we generate these three test expectations? Do we need later patches to complete these tests? (In reply to comment #3) > [...] > > LayoutTests/TestExpectations:799 > > +http/tests/security/contentSecurityPolicy/1.1/stylehash-default-src.html # Needs expected file. > > Why can't we generate these three test expectations? Notice that we neither support resources hashes nor directive frame-ancestors at the time of writing and Blink did not commit expected results for these tests (*). We can generate them though it will require that we reason about the expected result of the test and may require understanding how results are formatted by the scripts LayoutTests/resources/testharness.js/LayoutTests/resources/testharnessreport.js so as to predict how the expected result will look on success once we implement these features. I hope you do not mind that I defer landing expected results for these tests until we implement resource hashes and the directive frame-ancestors as it will be straightforward to reason about the expected result (since we will already be in the mindset to reason about these features given we are implementing them). > Do we need later patches to complete these tests? As aforementioned above, I would prefer to land expected results for these tests when we implement support for resource hashes and the directive frame-ancestors. (*) I suspect Blink's test driver machinery knows how to determine success/failure for these tests (I haven't read the code, yet). Filed bug #154203 to add expected results for tests http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-overrides-xfo.html, http/tests/security/contentSecurityPolicy/1.1/{script, style}hash-default-src.html. Will update patch so that LayoutTests/TestExpectations references this bug for these tests before landing. Committed r196526: <http://trac.webkit.org/changeset/196526> |