Bug 156086

Summary: CSP: Define explicitly datatype for nonce
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bfulgham
Priority: P2    
Version: WebKit Local Build   
Hardware: All   
OS: All   

Description Daniel Bates 2016-03-31 15:16:39 PDT
Currently in the Content Security Policy code we represent nonces as String objects and have overloaded functions that take either a URL or a nonce. Notice that a URL object can be implicitly converted to a String object because the URL class defines a String conversion operator. This makes passing a nonce to an overloaded functions with default arguments that accepts either a URL or String in the same argument position error prone because the compiler may chose to implicitly convert a URL to a String and call the overloaded function for a nonce. One example of fragile function because of the implicit conversion of URL to String is the static non-member function checkFrameAncestors() (defined in file ContentSecurityPolicyDirectiveList.cpp): <http://trac.webkit.org/browser/trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp?rev=198920#L79>. Care must be taken to update this call site should ContentSecurityPolicySourceListDirective ::allow(const URL&), <http://trac.webkit.org/browser/trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceListDirective.h?rev=198920#L41>, be changed to take a default argument as its second argument. Otherwise, the compiler will implicitly convert the result of "current->document()->url()" in checkFrameAncestors() from a URL object to a String object and generate code to invoke ContentSecurityPolicySourceListDirective ::allow(const String&), which is the overloaded function for checking a nonce.