Bug 156554 - CSP: Remove experimental directive reflected-xss
Summary: CSP: Remove experimental directive reflected-xss
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-13 14:01 PDT by Daniel Bates
Modified: 2016-04-13 19:29 PDT (History)
10 users (show)

See Also:

Attachments
Patch (346.09 KB, patch)
2016-04-13 14:05 PDT, Daniel Bates 		bfulgham: review+
buildbot: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews101 for mac-yosemite (775.90 KB, application/zip)
2016-04-13 14:50 PDT, Build Bot 		no flags Details
Archive of layout-test-results from ews104 for mac-yosemite-wk2 (924.69 KB, application/zip)
2016-04-13 14:54 PDT, Build Bot 		no flags Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (610.22 KB, application/zip)
2016-04-13 15:09 PDT, Build Bot 		no flags Details
Archive of layout-test-results from ews113 for mac-yosemite (843.53 KB, application/zip)
2016-04-13 17:05 PDT, Build Bot 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-04-13 14:01:09 PDT 
The Content Security Policy directive reflected-xss was removed from the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015). This directive was considered experimental and was guarded by a run-time flag that was never enabled by default.

For completeness, the directive reflected-xss appeared in the Content Security Policy 1.1 spec, <http://www.w3.org/TR/2013/WD-CSP11-20130604/>, was mentioned as "at-risk, and may be dropped during the CR period" in an early revision of the Content Security Policy Level 2 spec., <https://www.w3.org/TR/2014/WD-CSP2-20140703/>, and was subsequently removed in <https://www.w3.org/TR/2015/CR-CSP2-20150219/>.
Comment 1 Daniel Bates 2016-04-13 14:05:22 PDT 
Created attachment 276350 [details]
Patch
Comment 2 Daniel Bates 2016-04-13 14:08:24 PDT 
(In reply to comment #1)
> Created attachment 276350 [details]
> Patch

This patch represents a revert of the patch for bug #104479.
Comment 3 Brent Fulgham 2016-04-13 14:35:17 PDT 
Comment on attachment 276350 [details]
Patch

r=me.
Comment 4 Build Bot 2016-04-13 14:50:23 PDT 
Comment on attachment 276350 [details]
Patch

Attachment 276350 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/1150247

New failing tests:
fast/frames/xss-auditor-handles-file-urls.html
Comment 5 Build Bot 2016-04-13 14:50:28 PDT 
Created attachment 276357 [details]
Archive of layout-test-results from ews101 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 6 Build Bot 2016-04-13 14:54:52 PDT 
Comment on attachment 276350 [details]
Patch

Attachment 276350 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/1150253

New failing tests:
fast/frames/xss-auditor-handles-file-urls.html
Comment 7 Build Bot 2016-04-13 14:54:55 PDT 
Created attachment 276358 [details]
Archive of layout-test-results from ews104 for mac-yosemite-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews104  Port: mac-yosemite-wk2  Platform: Mac OS X 10.10.5
Comment 8 Brent Fulgham 2016-04-13 14:56:27 PDT 
It looks like a few tests were missed in your cleanup. Please correct them before landing!
Comment 9 Build Bot 2016-04-13 15:08:57 PDT 
Comment on attachment 276350 [details]
Patch

Attachment 276350 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/1150267

New failing tests:
fast/frames/xss-auditor-handles-file-urls.html
Comment 10 Build Bot 2016-04-13 15:09:02 PDT 
Created attachment 276360 [details]
Archive of layout-test-results from ews122 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews122  Port: ios-simulator-wk2  Platform: Mac OS X 10.10.5
Comment 11 Build Bot 2016-04-13 17:05:21 PDT 
Comment on attachment 276350 [details]
Patch

Attachment 276350 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/1150737

New failing tests:
fast/frames/xss-auditor-handles-file-urls.html
Comment 12 Build Bot 2016-04-13 17:05:24 PDT 
Created attachment 276367 [details]
Archive of layout-test-results from ews113 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews113  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 13 Daniel Bates 2016-04-13 19:29:51 PDT 
Committed r199525: <http://trac.webkit.org/changeset/199525>