Bug 156554

Summary:

CSP: Remove experimental directive reflected-xss

Product:

WebKit

Reporter:

Daniel Bates <dbates>

Component:

WebCore Misc.

Assignee:

Daniel Bates <dbates>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aestes, bfulgham, buildbot, cdumez, commit-queue, esprehn+autocc, gyuyoung.kim, mkwst, rniwa, wilander

Priority:

Version:

WebKit Nightly Build

Hardware:

All

OS:

All

See Also:

https://bugs.webkit.org/show_bug.cgi?id=104479

Attachments:

Description	Flags
Patch	bfulgham: review+, buildbot: commit-queue-
Archive of layout-test-results from ews101 for mac-yosemite	none
Archive of layout-test-results from ews104 for mac-yosemite-wk2	none
Archive of layout-test-results from ews122 for ios-simulator-wk2	none
Archive of layout-test-results from ews113 for mac-yosemite	none

Daniel Bates

Reported 2016-04-13 14:01:09 PDT

The Content Security Policy directive reflected-xss was removed from the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015). This directive was considered experimental and was guarded by a run-time flag that was never enabled by default. For completeness, the directive reflected-xss appeared in the Content Security Policy 1.1 spec, <http://www.w3.org/TR/2013/WD-CSP11-20130604/>, was mentioned as "at-risk, and may be dropped during the CR period" in an early revision of the Content Security Policy Level 2 spec., <https://www.w3.org/TR/2014/WD-CSP2-20140703/>, and was subsequently removed in <https://www.w3.org/TR/2015/CR-CSP2-20150219/>.

Attachments
Patch (346.09 KB, patch) 2016-04-13 14:05 PDT, Daniel Bates	bfulgham: review+ buildbot: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews101 for mac-yosemite (775.90 KB, application/zip) 2016-04-13 14:50 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews104 for mac-yosemite-wk2 (924.69 KB, application/zip) 2016-04-13 14:54 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (610.22 KB, application/zip) 2016-04-13 15:09 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews113 for mac-yosemite (843.53 KB, application/zip) 2016-04-13 17:05 PDT, Build Bot	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-04-13 14:05:22 PDT

Created attachment 276350 [details] Patch

Daniel Bates

Comment 2 2016-04-13 14:08:24 PDT

(In reply to comment #1) > Created attachment 276350 [details] > Patch This patch represents a revert of the patch for bug #104479.

Brent Fulgham

Comment 3 2016-04-13 14:35:17 PDT

Comment on attachment 276350 [details] Patch r=me.

Build Bot

Comment 4 2016-04-13 14:50:23 PDT

Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/1150247 New failing tests: fast/frames/xss-auditor-handles-file-urls.html

Build Bot

Comment 5 2016-04-13 14:50:28 PDT

Created attachment 276357 [details] Archive of layout-test-results from ews101 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-yosemite Platform: Mac OS X 10.10.5

Build Bot

Comment 6 2016-04-13 14:54:52 PDT

Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/1150253 New failing tests: fast/frames/xss-auditor-handles-file-urls.html

Build Bot

Comment 7 2016-04-13 14:54:55 PDT

Created attachment 276358 [details] Archive of layout-test-results from ews104 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5

Brent Fulgham

Comment 8 2016-04-13 14:56:27 PDT

It looks like a few tests were missed in your cleanup. Please correct them before landing!

Build Bot

Comment 9 2016-04-13 15:08:57 PDT

Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/1150267 New failing tests: fast/frames/xss-auditor-handles-file-urls.html

Build Bot

Comment 10 2016-04-13 15:09:02 PDT

Created attachment 276360 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.10.5

Build Bot

Comment 11 2016-04-13 17:05:21 PDT

Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/1150737 New failing tests: fast/frames/xss-auditor-handles-file-urls.html

Build Bot

Comment 12 2016-04-13 17:05:24 PDT

Created attachment 276367 [details] Archive of layout-test-results from ews113 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-yosemite Platform: Mac OS X 10.10.5

Daniel Bates

Comment 13 2016-04-13 19:29:51 PDT

Committed r199525: <http://trac.webkit.org/changeset/199525>

Note You need to log in before you can comment on or make changes to this bug.