Bug 60240

Summary: CSP should block Function constructor
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, eric, ggaren, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 53572    
Attachments:
Description Flags
Patch
none
Patch for landing none

Description Adam Barth 2011-05-04 19:42:42 PDT 
CSP should block Function constructor
Comment 1 Adam Barth 2011-05-04 20:35:41 PDT 
Created attachment 92368 [details]
Patch
Comment 2 Eric Seidel (no email) 2011-05-06 12:11:06 PDT 
Comment on attachment 92368 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92368&action=review

OK.

> Source/JavaScriptCore/runtime/FunctionConstructor.cpp:75
>  JSObject* constructFunction(ExecState* exec, JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const UString& sourceURL, int lineNumber)

One could also just have added an enum argument to this call.
Comment 3 Adam Barth 2011-05-06 12:53:41 PDT 
Thoughts from ggaren and/or sam would be useful.  I'll leave this patch up here for a bit in case they'd like to comment.
Comment 4 Geoffrey Garen 2011-05-09 13:48:10 PDT 
LGTM.
Comment 5 Adam Barth 2011-05-09 13:51:28 PDT 
(In reply to comment #4)
> LGTM.

Thanks for taking a look.
Comment 6 Adam Barth 2011-05-09 15:21:21 PDT 
Created attachment 92863 [details]
Patch for landing
Comment 7 WebKit Commit Bot 2011-05-09 16:06:10 PDT 
Comment on attachment 92863 [details]
Patch for landing

Clearing flags on attachment: 92863

Committed r86100: <http://trac.webkit.org/changeset/86100>
Comment 8 WebKit Commit Bot 2011-05-09 16:06:14 PDT 
All reviewed patches have been landed.  Closing bug.