Summary: | CSP paths: Ignore invalid path components, rather than dropping the source completely. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mike West <mkwst> | ||||||
Component: | WebCore Misc. | Assignee: | Mike West <mkwst> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | abarth, webkit.review.bot | ||||||
Priority: | P2 | Keywords: | WebExposed | ||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Bug Depends on: | |||||||||
Bug Blocks: | 85558 | ||||||||
Attachments: |
|
Description
Mike West
2012-09-25 01:43:48 PDT
Created attachment 165557 [details]
Patch
Comment on attachment 165557 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=165557&action=review > Source/WebCore/page/ContentSecurityPolicy.cpp:1579 > +{ Can you ASSERT that invalidChar is either '#' or '?' I know you have that assert above, but it's good to have it in this function because the correctness of this function depends on that fact. Comment on attachment 165557 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=165557&action=review >> Source/WebCore/page/ContentSecurityPolicy.cpp:1579 >> +{ > > Can you ASSERT that invalidChar is either '#' or '?' > > I know you have that assert above, but it's good to have it in this function because the correctness of this function depends on that fact. Sure. I'll spin a new patch in a moment, thanks! Created attachment 165629 [details]
Patch
Comment on attachment 165629 [details]
Patch
CQ?, assuming the bots don't mind the extra ASSERT? :)
> CQ?, assuming the bots don't mind the extra ASSERT? :)
The bots test in release, so they're not going to complain. ;)
Comment on attachment 165629 [details] Patch Clearing flags on attachment: 165629 Committed r129525: <http://trac.webkit.org/changeset/129525> All reviewed patches have been landed. Closing bug. |