Bug 156079 - REGRESSION (r196012): <object>/<embed> with no URL does not match source *
Summary: REGRESSION (r196012): <object>/<embed> with no URL does not match source *
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
URL:
Keywords: InRadar, Regression
Depends on: 153748
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-31 12:45 PDT by Daniel Bates
Modified: 2016-04-01 11:12 PDT (History)
5 users (show)

See Also:


Attachments
Example (367 bytes, text/html)
2016-03-31 12:53 PDT, Daniel Bates
no flags Details
Patch and Layout Tests (20.26 KB, patch)
2016-03-31 15:24 PDT, Daniel Bates
bfulgham: review+
buildbot: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews121 for ios-simulator-wk2 (651.63 KB, application/zip)
2016-03-31 16:15 PDT, Build Bot
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-03-31 12:45:26 PDT
Suppose a NPAPI plugin X is installed that support MIME type application/X. Consider a web page with the following markup:

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="object-src *">
</head>
<body>
<object type="application/X"></object>
</body>
</html>

Then plugin X should load. But it does not following <http://trac.webkit.org/changeset/197724> (bug #154122).
Comment 1 Radar WebKit Bug Importer 2016-03-31 12:45:49 PDT
<rdar://problem/25470805>
Comment 2 Daniel Bates 2016-03-31 12:53:04 PDT
Created attachment 275312 [details]
Example

An example web page that demonstrates the issue. There should be no console warnings when you view the page.
Comment 3 Daniel Bates 2016-03-31 15:24:32 PDT
Created attachment 275338 [details]
Patch and Layout Tests
Comment 4 Daniel Bates 2016-03-31 16:15:37 PDT
From the iOS Sim EWS:

> Regressions: Unexpected text-only failures (4)
>  http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html [ Failure ]
>  http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html [ Failure ]
>  http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html [ Failure ]
>  http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html [ Failure ]

These tests are expected to fail on iOS because we do not support plugins. Will add these tests to the file LayoutTests/platform/ios-simulator/TestExpectations so that they are skipped when running tests in the iOS simulator.
Comment 5 Build Bot 2016-03-31 16:15:48 PDT
Comment on attachment 275338 [details]
Patch and Layout Tests

Attachment 275338 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/1077512

New failing tests:
http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html
http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html
http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html
http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html
Comment 6 Build Bot 2016-03-31 16:15:51 PDT
Created attachment 275349 [details]
Archive of layout-test-results from ews121 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews121  Port: ios-simulator-wk2  Platform: Mac OS X 10.10.5
Comment 7 Daniel Bates 2016-03-31 16:16:50 PDT
(In reply to comment #4)
> From the iOS Sim EWS:
> 
> > Regressions: Unexpected text-only failures (4)
> >  http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html [ Failure ]
> >  http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html [ Failure ]
> >  http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html [ Failure ]
> >  http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html [ Failure ]
> 
> These tests are expected to fail on iOS because we do not support plugins.
> Will add these tests to the file
> LayoutTests/platform/ios-simulator/TestExpectations so that they are skipped
> when running tests in the iOS simulator.

I meant to add that I will update LayoutTests/platform/ios-simulator/TestExpectations before I land this patch.
Comment 8 Brent Fulgham 2016-03-31 17:24:32 PDT
Comment on attachment 275338 [details]
Patch and Layout Tests

View in context: https://bugs.webkit.org/attachment.cgi?id=275338&action=review

r=me

> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:388
> +    // As per section object-src of the Content Security Policy Level 3 spec., <http://w3c.github.io/webappsec-csp> (Editorâs Draft, 29 February 2016),

Looks like a smart apostrophe got added here (Editor's Draft)
Comment 9 Daniel Bates 2016-03-31 18:45:40 PDT
(In reply to comment #8)
> > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:388
> > +    // As per section object-src of the Content Security Policy Level 3 spec., <http://w3c.github.io/webappsec-csp> (Editorâs Draft, 29 February 2016),
> 
> Looks like a smart apostrophe got added here (Editor's Draft)

Will fix before landing.
Comment 10 Daniel Bates 2016-03-31 18:54:52 PDT
Committed r198936: <http://trac.webkit.org/changeset/198936>
Comment 11 Daniel Bates 2016-04-01 11:12:49 PDT
(In reply to comment #0)
> But it does not following <http://trac.webkit.org/changeset/197724> (bug #154122).

I meant to write:

But it does not following <http://trac.webkit.org/changeset/196012> (bug #153748).