Suppose a NPAPI plugin X is installed that support MIME type application/X. Consider a web page with the following markup: <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Security-Policy" content="object-src *"> </head> <body> <object type="application/X"></object> </body> </html> Then plugin X should load. But it does not following <http://trac.webkit.org/changeset/197724> (bug #154122).
<rdar://problem/25470805>
Created attachment 275312 [details] Example An example web page that demonstrates the issue. There should be no console warnings when you view the page.
Created attachment 275338 [details] Patch and Layout Tests
From the iOS Sim EWS: > Regressions: Unexpected text-only failures (4) > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html [ Failure ] > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html [ Failure ] > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html [ Failure ] > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html [ Failure ] These tests are expected to fail on iOS because we do not support plugins. Will add these tests to the file LayoutTests/platform/ios-simulator/TestExpectations so that they are skipped when running tests in the iOS simulator.
Comment on attachment 275338 [details] Patch and Layout Tests Attachment 275338 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/1077512 New failing tests: http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html
Created attachment 275349 [details] Archive of layout-test-results from ews121 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews121 Port: ios-simulator-wk2 Platform: Mac OS X 10.10.5
(In reply to comment #4) > From the iOS Sim EWS: > > > Regressions: Unexpected text-only failures (4) > > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html [ Failure ] > > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html [ Failure ] > > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html [ Failure ] > > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html [ Failure ] > > These tests are expected to fail on iOS because we do not support plugins. > Will add these tests to the file > LayoutTests/platform/ios-simulator/TestExpectations so that they are skipped > when running tests in the iOS simulator. I meant to add that I will update LayoutTests/platform/ios-simulator/TestExpectations before I land this patch.
Comment on attachment 275338 [details] Patch and Layout Tests View in context: https://bugs.webkit.org/attachment.cgi?id=275338&action=review r=me > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:388 > + // As per section object-src of the Content Security Policy Level 3 spec., <http://w3c.github.io/webappsec-csp> (Editorâs Draft, 29 February 2016), Looks like a smart apostrophe got added here (Editor's Draft)
(In reply to comment #8) > > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:388 > > + // As per section object-src of the Content Security Policy Level 3 spec., <http://w3c.github.io/webappsec-csp> (Editorâs Draft, 29 February 2016), > > Looks like a smart apostrophe got added here (Editor's Draft) Will fix before landing.
Committed r198936: <http://trac.webkit.org/changeset/198936>
(In reply to comment #0) > But it does not following <http://trac.webkit.org/changeset/197724> (bug #154122). I meant to write: But it does not following <http://trac.webkit.org/changeset/196012> (bug #153748).