Bug 60384

Summary: Wire up CSP's eval blocking to V8's new API
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 53572    
Attachments:
Description Flags
Patch none

Description Adam Barth 2011-05-06 10:45:44 PDT
Wire up CSP's eval blocking to V8's new API
Comment 1 Adam Barth 2011-05-06 10:47:58 PDT
Created attachment 92605 [details]
Patch
Comment 2 Eric Seidel (no email) 2011-05-06 12:05:17 PDT
Comment on attachment 92605 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92605&action=review

Does this need a DEPs update?

> Source/WebCore/bindings/v8/ScriptController.cpp:310
> +    m_proxy->windowShell()->initContextIfNeeded();

I wonder how many places might be missing this call. :)

> Source/WebCore/bindings/v8/ScriptController.cpp:317
> +    v8Context->AllowCodeGenerationFromStrings(false);

I wonder how many other things this may unintentionally break?  Doesn't chrome/v8 execute js strings internally all over the place?
Comment 3 Adam Barth 2011-05-06 12:13:39 PDT
(In reply to comment #2)
> (From update of attachment 92605 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=92605&action=review
> 
> Does this need a DEPs update?

Nope.  That already happened.

> > Source/WebCore/bindings/v8/ScriptController.cpp:310
> > +    m_proxy->windowShell()->initContextIfNeeded();
> 
> I wonder how many places might be missing this call. :)

Good question.  Much of this code is crap and needs a re-working.

> > Source/WebCore/bindings/v8/ScriptController.cpp:317
> > +    v8Context->AllowCodeGenerationFromStrings(false);
> 
> I wonder how many other things this may unintentionally break?  Doesn't chrome/v8 execute js strings internally all over the place?

This API was created expressly for our needs.  It's supposed to do exactly what we want.
Comment 4 WebKit Commit Bot 2011-05-06 13:13:55 PDT
Comment on attachment 92605 [details]
Patch

Clearing flags on attachment: 92605

Committed r85972: <http://trac.webkit.org/changeset/85972>
Comment 5 WebKit Commit Bot 2011-05-06 13:14:00 PDT
All reviewed patches have been landed.  Closing bug.