Bug 113307 - CSP 1.1: Experiment with 'base-uri' directive.
Summary: CSP 1.1: Experiment with 'base-uri' directive.
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mike West
Depends on: 99318
Blocks: 85558
  Show dependency treegraph
Reported: 2013-03-26 06:58 PDT by Mike West
Modified: 2013-03-26 08:25 PDT (History)
9 users (show)

See Also:

Patch (13.75 KB, patch)
2013-03-26 07:07 PDT, Mike West
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mike West 2013-03-26 06:58:59 PDT
https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#base-uri defines a 'base-uri' directive which restricts the valid URIs which can be used to set the document's base URI. In order to feed implementation experience back into the working group, and to get a feel for how the API would work (and whether it addresses the use cases we care about), we should put together an experimental implementation behind the CSP_NEXT flag.

Spec: https://dvcs.w3.org/hg/content-security-policy/rev/4b89c246ea16
Thread: http://lists.w3.org/Archives/Public/public-webappsec/2013Feb/0074.html
Comment 1 Mike West 2013-03-26 07:07:06 PDT
Created attachment 195079 [details]
Comment 2 Mike West 2013-03-26 07:11:40 PDT
Hey Jochen, I'm not sure if you're interested in reviewing CSP patches while Adam's out. If you are, would you mind taking a look at this one? If not, I'll poke Eric later.

This isn't at all high-priority, so no rush. Thanks!
Comment 3 jochen 2013-03-26 07:20:19 PDT
Comment on attachment 195079 [details]

Comment 4 Mike West 2013-03-26 07:30:19 PDT
Cool. Once the CSP_NEXT bots are happy, I'll CQ the patch.
Comment 5 WebKit Review Bot 2013-03-26 08:25:14 PDT
Comment on attachment 195079 [details]

Clearing flags on attachment: 195079

Committed r146886: <http://trac.webkit.org/changeset/146886>
Comment 6 WebKit Review Bot 2013-03-26 08:25:17 PDT
All reviewed patches have been landed.  Closing bug.