RESOLVED FIXED 156554
CSP: Remove experimental directive reflected-xss 
https://bugs.webkit.org/show_bug.cgi?id=156554
Summary CSP: Remove experimental directive reflected-xss
Daniel Bates
Reported 2016-04-13 14:01:09 PDT
The Content Security Policy directive reflected-xss was removed from the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015). This directive was considered experimental and was guarded by a run-time flag that was never enabled by default. For completeness, the directive reflected-xss appeared in the Content Security Policy 1.1 spec, <http://www.w3.org/TR/2013/WD-CSP11-20130604/>, was mentioned as "at-risk, and may be dropped during the CR period" in an early revision of the Content Security Policy Level 2 spec., <https://www.w3.org/TR/2014/WD-CSP2-20140703/>, and was subsequently removed in <https://www.w3.org/TR/2015/CR-CSP2-20150219/>.
Attachments
Patch (346.09 KB, patch)
2016-04-13 14:05 PDT, Daniel Bates 		bfulgham: review+
buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews101 for mac-yosemite (775.90 KB, application/zip)
2016-04-13 14:50 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews104 for mac-yosemite-wk2 (924.69 KB, application/zip)
2016-04-13 14:54 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (610.22 KB, application/zip)
2016-04-13 15:09 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews113 for mac-yosemite (843.53 KB, application/zip)
2016-04-13 17:05 PDT, Build Bot 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2016-04-13 14:05:22 PDT
Created attachment 276350 [details] Patch
Daniel Bates
Comment 2 2016-04-13 14:08:24 PDT
(In reply to comment #1) > Created attachment 276350 [details] > Patch This patch represents a revert of the patch for bug #104479.
Brent Fulgham
Comment 3 2016-04-13 14:35:17 PDT
Comment on attachment 276350 [details] Patch r=me.
Build Bot
Comment 4 2016-04-13 14:50:23 PDT
Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/1150247 New failing tests: fast/frames/xss-auditor-handles-file-urls.html
Build Bot
Comment 5 2016-04-13 14:50:28 PDT
Created attachment 276357 [details] Archive of layout-test-results from ews101 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 6 2016-04-13 14:54:52 PDT
Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/1150253 New failing tests: fast/frames/xss-auditor-handles-file-urls.html
Build Bot
Comment 7 2016-04-13 14:54:55 PDT
Created attachment 276358 [details] Archive of layout-test-results from ews104 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Brent Fulgham
Comment 8 2016-04-13 14:56:27 PDT
It looks like a few tests were missed in your cleanup. Please correct them before landing!
Build Bot
Comment 9 2016-04-13 15:08:57 PDT
Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/1150267 New failing tests: fast/frames/xss-auditor-handles-file-urls.html
Build Bot
Comment 10 2016-04-13 15:09:02 PDT
Created attachment 276360 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.10.5
Build Bot
Comment 11 2016-04-13 17:05:21 PDT
Comment on attachment 276350 [details] Patch Attachment 276350 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/1150737 New failing tests: fast/frames/xss-auditor-handles-file-urls.html
Build Bot
Comment 12 2016-04-13 17:05:24 PDT
Created attachment 276367 [details] Archive of layout-test-results from ews113 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-yosemite Platform: Mac OS X 10.10.5
Daniel Bates
Comment 13 2016-04-13 19:29:51 PDT
Committed r199525: <http://trac.webkit.org/changeset/199525>
Note You need to log in before you can comment on or make changes to this bug.