RESOLVED FIXED 156079
REGRESSION (r196012): <object>/<embed> with no URL does not match source * 
https://bugs.webkit.org/show_bug.cgi?id=156079
Summary REGRESSION (r196012): <object>/<embed> with no URL does not match source *
Daniel Bates
Reported 2016-03-31 12:45:26 PDT
Suppose a NPAPI plugin X is installed that support MIME type application/X. Consider a web page with the following markup: <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Security-Policy" content="object-src *"> </head> <body> <object type="application/X"></object> </body> </html> Then plugin X should load. But it does not following <http://trac.webkit.org/changeset/197724> (bug #154122).
Attachments
Example (367 bytes, text/html)
2016-03-31 12:53 PDT, Daniel Bates 		no flags
Details
Patch and Layout Tests (20.26 KB, patch)
2016-03-31 15:24 PDT, Daniel Bates 		bfulgham: review+
buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews121 for ios-simulator-wk2 (651.63 KB, application/zip)
2016-03-31 16:15 PDT, Build Bot 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-03-31 12:45:49 PDT
<rdar://problem/25470805>
Daniel Bates
Comment 2 2016-03-31 12:53:04 PDT
Created attachment 275312 [details] Example An example web page that demonstrates the issue. There should be no console warnings when you view the page.
Daniel Bates
Comment 3 2016-03-31 15:24:32 PDT
Created attachment 275338 [details] Patch and Layout Tests
Daniel Bates
Comment 4 2016-03-31 16:15:37 PDT
From the iOS Sim EWS: > Regressions: Unexpected text-only failures (4) > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html [ Failure ] > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html [ Failure ] > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html [ Failure ] > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html [ Failure ] These tests are expected to fail on iOS because we do not support plugins. Will add these tests to the file LayoutTests/platform/ios-simulator/TestExpectations so that they are skipped when running tests in the iOS simulator.
Build Bot
Comment 5 2016-03-31 16:15:48 PDT
Comment on attachment 275338 [details] Patch and Layout Tests Attachment 275338 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/1077512 New failing tests: http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html
Build Bot
Comment 6 2016-03-31 16:15:51 PDT
Created attachment 275349 [details] Archive of layout-test-results from ews121 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews121 Port: ios-simulator-wk2 Platform: Mac OS X 10.10.5
Daniel Bates
Comment 7 2016-03-31 16:16:50 PDT
(In reply to comment #4) > From the iOS Sim EWS: > > > Regressions: Unexpected text-only failures (4) > > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html [ Failure ] > > http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html [ Failure ] > > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-default-src-star.html [ Failure ] > > http/tests/security/contentSecurityPolicy/object-with-no-url-allowed-by-star.html [ Failure ] > > These tests are expected to fail on iOS because we do not support plugins. > Will add these tests to the file > LayoutTests/platform/ios-simulator/TestExpectations so that they are skipped > when running tests in the iOS simulator. I meant to add that I will update LayoutTests/platform/ios-simulator/TestExpectations before I land this patch.
Brent Fulgham
Comment 8 2016-03-31 17:24:32 PDT
Comment on attachment 275338 [details] Patch and Layout Tests View in context: https://bugs.webkit.org/attachment.cgi?id=275338&action=review r=me > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:388 > + // As per section object-src of the Content Security Policy Level 3 spec., <http://w3c.github.io/webappsec-csp> (Editorâs Draft, 29 February 2016), Looks like a smart apostrophe got added here (Editor's Draft)
Daniel Bates
Comment 9 2016-03-31 18:45:40 PDT
(In reply to comment #8) > > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:388 > > + // As per section object-src of the Content Security Policy Level 3 spec., <http://w3c.github.io/webappsec-csp> (Editorâs Draft, 29 February 2016), > > Looks like a smart apostrophe got added here (Editor's Draft) Will fix before landing.
Daniel Bates
Comment 10 2016-03-31 18:54:52 PDT
Committed r198936: <http://trac.webkit.org/changeset/198936>
Daniel Bates
Comment 11 2016-04-01 11:12:49 PDT
(In reply to comment #0) > But it does not following <http://trac.webkit.org/changeset/197724> (bug #154122). I meant to write: But it does not following <http://trac.webkit.org/changeset/196012> (bug #153748).
Note You need to log in before you can comment on or make changes to this bug.