Bug 154522

Summary: CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, buildbot, cdumez, commit-queue, esprehn+autocc, kangil.han, kondapallykalyan, mkwst, rniwa, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar, WebExposed
Version: WebKit Local Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch and Layout Test
none
Archive of layout-test-results from ews100 for mac-yosemite
none
Archive of layout-test-results from ews104 for mac-yosemite-wk2
none
Archive of layout-test-results from ews115 for mac-yosemite
none
Patch and Layout Tests bfulgham: review+

Daniel Bates
Reported 2016-02-21 15:50:00 PST
Update the SecurityPolicyViolationEvent attributes to more closely conform to the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>. Additionally, we should enable (by default) dispatching of a SecurityPolicyViolationEvent when a CSP violation occurs as support for this event is enabled by default in Google Chrome. Currently the code for SecurityPolicyViolationEvent is not compiled because it is guarded by the ENABLE(CSP_NEXT) macro, which is disabled by default.
Attachments
Patch and Layout Test (34.57 KB, patch)
2016-02-24 10:44 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews100 for mac-yosemite (803.75 KB, application/zip)
2016-02-24 11:37 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews104 for mac-yosemite-wk2 (994.88 KB, application/zip)
2016-02-24 11:41 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews115 for mac-yosemite (862.10 KB, application/zip)
2016-02-24 11:52 PST, Build Bot 		no flags
Details
Patch and Layout Tests (42.88 KB, patch)
2016-02-24 15:45 PST, Daniel Bates 		bfulgham: review+
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-02-21 15:50:15 PST
<rdar://problem/24762078>
Daniel Bates
Comment 2 2016-02-24 09:56:31 PST
The attribute statusCode in the definition of SecurityPolicyViolationEvent was changed from DOMString to unsigned short and this attribute was added to the definition of SecurityPolicyViolationEventInit in section Violation DOM Events of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (24 February 2016).
Daniel Bates
Comment 3 2016-02-24 10:44:01 PST
Created attachment 272119 [details] Patch and Layout Test
Build Bot
Comment 4 2016-02-24 11:36:55 PST
Comment on attachment 272119 [details] Patch and Layout Test Attachment 272119 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/878332 New failing tests: js/dom/global-constructors-attributes.html
Build Bot
Comment 5 2016-02-24 11:37:00 PST
Created attachment 272128 [details] Archive of layout-test-results from ews100 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 6 2016-02-24 11:40:58 PST
Comment on attachment 272119 [details] Patch and Layout Test Attachment 272119 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/878334 New failing tests: js/dom/global-constructors-attributes.html
Build Bot
Comment 7 2016-02-24 11:41:03 PST
Created attachment 272129 [details] Archive of layout-test-results from ews104 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Build Bot
Comment 8 2016-02-24 11:52:13 PST
Comment on attachment 272119 [details] Patch and Layout Test Attachment 272119 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/878335 New failing tests: js/dom/global-constructors-attributes.html
Build Bot
Comment 9 2016-02-24 11:52:18 PST
Created attachment 272131 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Daniel Bates
Comment 10 2016-02-24 15:45:40 PST
Created attachment 272155 [details] Patch and Layout Tests Update expected result for test js/dom/global-constructors-attributes.html
Brent Fulgham
Comment 11 2016-02-24 22:56:12 PST
Comment on attachment 272155 [details] Patch and Layout Tests View in context: https://bugs.webkit.org/attachment.cgi?id=272155&action=review r=me. > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:364 > + columnNumber = 0; Consider 0-initializing when declared, and avoid this 'else' clause. I suppose there is a possible (small) performance hit but it's probably negligible.
Daniel Bates
Comment 12 2016-02-25 08:19:06 PST
(In reply to comment #11) > [...] > > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:364 > > + columnNumber = 0; > > Consider 0-initializing when declared, and avoid this 'else' clause. I > suppose there is a possible (small) performance hit but it's probably > negligible. Will initialize lineNumber and columnNumber to 0 at the site of their declaration (line 354 and line 355, respectively) before landing.
Daniel Bates
Comment 13 2016-02-25 08:21:38 PST
Committed r197118: <http://trac.webkit.org/changeset/197118>
Note You need to log in before you can comment on or make changes to this bug.