RESOLVED FIXED 54787
CSP's script-src should block JavaScript URLs 
https://bugs.webkit.org/show_bug.cgi?id=54787
Summary CSP's script-src should block JavaScript URLs
Adam Barth
Reported 2011-02-18 18:00:34 PST
CSP's script-src should block JavaScript URLs
Attachments
Patch (10.21 KB, patch)
2011-02-18 18:05 PST, Adam Barth 		no flags
DetailsFormatted DiffDiff
Needs tests (16.24 KB, patch)
2011-02-19 00:12 PST, Adam Barth 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2011-02-18 18:05:15 PST
Created attachment 83041 [details] Patch
Adam Barth
Comment 2 2011-02-19 00:12:24 PST
Created attachment 83063 [details] Needs tests
Adam Barth
Comment 3 2011-02-19 00:13:13 PST
Comment on attachment 83063 [details] Needs tests Oops. Wrong bug.
Eric Seidel (no email)
Comment 4 2011-02-24 00:57:33 PST
Comment on attachment 83041 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=83041&action=review > Source/WebCore/dom/Document.h:1416 > + RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; No longer needs to be included from Document.h now I bet. :)
WebKit Commit Bot
Comment 5 2011-02-24 04:50:34 PST
The commit-queue encountered the following flaky tests while processing attachment 83041 [details]: media/invalid-media-url-crash.html bug 51138 (author: inferno@chromium.org) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 6 2011-02-24 04:52:46 PST
Comment on attachment 83041 [details] Patch Clearing flags on attachment: 83041 Committed r79547: <http://trac.webkit.org/changeset/79547>
WebKit Commit Bot
Comment 7 2011-02-24 04:52:51 PST
All reviewed patches have been landed. Closing bug.
WebKit Commit Bot
Comment 8 2011-02-24 05:24:31 PST
The commit-queue encountered the following flaky tests while processing attachment 83041 [details]: http/tests/xmlhttprequest/basic-auth.html bug 51613 (author: ap@webkit.org) The commit-queue is continuing to process your patch.
Note You need to log in before you can comment on or make changes to this bug.