Bug 153153 - CSP: object-src directive should prohibit creation of nested browsing context
Summary: CSP: object-src directive should prohibit creation of nested browsing context
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
Keywords: BlinkMergeCandidate, InRadar
Depends on:
Reported: 2016-01-15 15:01 PST by Daniel Bates
Modified: 2016-03-07 12:21 PST (History)
7 users (show)

See Also:

Patch and Layout Tests (26.36 KB, patch)
2016-03-04 17:15 PST, Daniel Bates
bfulgham: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-01-15 15:01:10 PST
We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=164952>.

CSP: Check <param> element values against the document's CSP before loading.

We ought to take account of the 'param' element parsing behavior that happens in
'HTMLObjectElement'. This patch moves the pluginIsLoadable check to make that

To avoid 'setTimeout' in the test, and to align with the spec[1], this patch also
starts dispatching an 'error' event on load failure for 'object' elements.

[1]: #4.6 ("If the load failed...") of http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#the-object-element
Comment 1 Radar WebKit Bug Importer 2016-01-27 20:37:33 PST
Comment 2 Daniel Bates 2016-03-04 17:15:54 PST
Created attachment 273059 [details]
Patch and Layout Tests
Comment 3 Brent Fulgham 2016-03-04 21:37:28 PST
Comment on attachment 273059 [details]
Patch and Layout Tests

View in context: https://bugs.webkit.org/attachment.cgi?id=273059&action=review

Very nice! r=me.

> LayoutTests/TestExpectations:-851
> -webkit.org/b/153153 http/tests/security/contentSecurityPolicy/object-src-param-url-blocked.html

Comment 4 Daniel Bates 2016-03-07 12:21:10 PST
Committed r197697: <http://trac.webkit.org/changeset/197697>