Bug 111869 - CSP: Blocking 'eval()' is currently unreportable.
Summary: CSP: Blocking 'eval()' is currently unreportable.
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Daniel Bates
URL:
Keywords: BlinkMergeCandidate, InRadar
: 117286 153148 (view as bug list)
Depends on: 111867
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-08 10:13 PST by Mike West
Modified: 2018-06-13 21:55 PDT (History)
7 users (show)

See Also:


Attachments
proposed fix (11.47 KB, patch)
2014-11-06 20:54 PST, Alexey Proskuryakov
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mike West 2013-03-08 10:13:06 PST
See bug 111867 for a bit of context.

TL;DR: We don't have a mechanism of explaining to JSC or V8 that we'd like to get reports about usage of eval(), but that we don't actually want to block it. It's all or nothing: we either block and throw an exception, or do nothing useful.
Comment 1 Alexey Proskuryakov 2014-11-06 20:54:49 PST
Created attachment 241159 [details]
proposed fix
Comment 2 WebKit Commit Bot 2014-11-06 20:56:22 PST
Attachment 241159 [details] did not pass style-queue:


ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1015:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1023:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1031:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1038:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1045:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1054:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1063:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1070:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1077:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1084:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1091:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1098:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1111:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/WebCore/page/ContentSecurityPolicy.cpp:1118:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
Total errors found: 14 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Alexey Proskuryakov 2014-11-06 20:58:12 PST
Comment on attachment 241159 [details]
proposed fix

Wrong bug.
Comment 4 Daniel Bates 2015-12-10 17:20:42 PST
*** Bug 117286 has been marked as a duplicate of this bug. ***
Comment 5 Daniel Bates 2016-01-15 14:13:21 PST
Blink Issue: <http://code.google.com/p/chromium/issues/detail?id=248257>
Comment 6 Radar WebKit Bug Importer 2016-01-27 20:13:52 PST
<rdar://problem/24383030>
Comment 7 JF Bastien 2017-06-28 22:11:33 PDT
Same thing for WebAssembly. I'm adding some tests here:
https://bugs.webkit.org/show_bug.cgi?id=173892
Comment 8 Daniel Bates 2018-06-13 21:55:53 PDT
*** Bug 153148 has been marked as a duplicate of this bug. ***