Bug 54787 - CSP's script-src should block JavaScript URLs
Summary: CSP's script-src should block JavaScript URLs
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks: 53572
  Show dependency treegraph
 
Reported: 2011-02-18 18:00 PST by Adam Barth
Modified: 2011-02-24 05:24 PST (History)
3 users (show)

See Also:


Attachments
Patch (10.21 KB, patch)
2011-02-18 18:05 PST, Adam Barth
no flags Details | Formatted Diff | Diff
Needs tests (16.24 KB, patch)
2011-02-19 00:12 PST, Adam Barth
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2011-02-18 18:00:34 PST
CSP's script-src should block JavaScript URLs
Comment 1 Adam Barth 2011-02-18 18:05:15 PST
Created attachment 83041 [details]
Patch
Comment 2 Adam Barth 2011-02-19 00:12:24 PST
Created attachment 83063 [details]
Needs tests
Comment 3 Adam Barth 2011-02-19 00:13:13 PST
Comment on attachment 83063 [details]
Needs tests

Oops.  Wrong bug.
Comment 4 Eric Seidel (no email) 2011-02-24 00:57:33 PST
Comment on attachment 83041 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=83041&action=review

> Source/WebCore/dom/Document.h:1416
> +    RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;

No longer needs to be included from Document.h now I bet. :)
Comment 5 WebKit Commit Bot 2011-02-24 04:50:34 PST
The commit-queue encountered the following flaky tests while processing attachment 83041 [details]:

media/invalid-media-url-crash.html bug 51138 (author: inferno@chromium.org)
The commit-queue is continuing to process your patch.
Comment 6 WebKit Commit Bot 2011-02-24 04:52:46 PST
Comment on attachment 83041 [details]
Patch

Clearing flags on attachment: 83041

Committed r79547: <http://trac.webkit.org/changeset/79547>
Comment 7 WebKit Commit Bot 2011-02-24 04:52:51 PST
All reviewed patches have been landed.  Closing bug.
Comment 8 WebKit Commit Bot 2011-02-24 05:24:31 PST
The commit-queue encountered the following flaky tests while processing attachment 83041 [details]:

http/tests/xmlhttprequest/basic-auth.html bug 51613 (author: ap@webkit.org)
The commit-queue is continuing to process your patch.