Bug 154555

Summary: REGRESSION (r196892): No longer emit error message when CSP form-action directive is used as a source expression
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, commit-queue, mkwst, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: All   
OS: All   
URL: data:text/html,<!DOCTYPE html><html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self' form-action 'self'"></head></html>
Bug Depends on: 154520    
Bug Blocks:    
Attachments:
Description Flags
Patch and Layout Test none

Description Daniel Bates 2016-02-22 13:44:31 PST 
Suppose a page has the following HTML meta element with malformed Content Security Policy:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' form-action 'self'">

Then we show a console error of the form:

[Error] The Content Security Policy directive 'script-src' contains 'form-action' as a source expression. Did you mean 'script-src ...; form-action...' (note the semicolon)?

But we no longer emit this console error following <http://trac.webkit.org/changeset/196892> (bug #154520).
Comment 1 Radar WebKit Bug Importer 2016-02-22 13:45:00 PST 
<rdar://problem/24776777>
Comment 2 Daniel Bates 2016-02-22 13:54:35 PST 
Created attachment 271953 [details]
Patch and Layout Test
Comment 3 Daniel Bates 2016-02-23 13:32:49 PST 
Comment on attachment 271953 [details]
Patch and Layout Test

Clearing flags on attachment: 271953

Committed r196992: <http://trac.webkit.org/changeset/196992>
Comment 4 Daniel Bates 2016-02-23 13:32:52 PST 
All reviewed patches have been landed.  Closing bug.