Bug 156086 - CSP: Define explicitly datatype for nonce
Summary: CSP: Define explicitly datatype for nonce
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2016-03-31 15:16 PDT by Daniel Bates
Modified: 2016-05-27 12:35 PDT (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-03-31 15:16:39 PDT
Currently in the Content Security Policy code we represent nonces as String objects and have overloaded functions that take either a URL or a nonce. Notice that a URL object can be implicitly converted to a String object because the URL class defines a String conversion operator. This makes passing a nonce to an overloaded functions with default arguments that accepts either a URL or String in the same argument position error prone because the compiler may chose to implicitly convert a URL to a String and call the overloaded function for a nonce. One example of fragile function because of the implicit conversion of URL to String is the static non-member function checkFrameAncestors() (defined in file ContentSecurityPolicyDirectiveList.cpp): <http://trac.webkit.org/browser/trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp?rev=198920#L79>. Care must be taken to update this call site should ContentSecurityPolicySourceListDirective ::allow(const URL&), <http://trac.webkit.org/browser/trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceListDirective.h?rev=198920#L41>, be changed to take a default argument as its second argument. Otherwise, the compiler will implicitly convert the result of "current->document()->url()" in checkFrameAncestors() from a URL object to a String object and generate code to invoke ContentSecurityPolicySourceListDirective ::allow(const String&), which is the overloaded function for checking a nonce.