Bug 57283 - CSP object-src should block plugin loads
: CSP object-src should block plugin loads
Status: RESOLVED FIXED
Product: WebKit
Classification: Unclassified
Component: New Bugs
: 528+ (Nightly build)
: Other Mac OS X 10.5
: P2 Normal
Assigned To: Adam Barth
:
Depends on:
Blocks: 53572
  Show dependency treegraph
 
Reported: 2011-03-28 16:13 PDT by Adam Barth
Modified: 2011-04-06 21:44 PDT (History)
2 users (show)

See Also:


Attachments
Work in progress (4.73 KB, patch)
2011-03-28 16:14 PDT, Adam Barth
no flags Details | Formatted Diff | Diff
Patch (8.38 KB, patch)
2011-04-05 00:46 PDT, Adam Barth
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2011-03-28 16:13:02 PDT
CSP object-src should block plugin loads
Comment 1 Adam Barth 2011-03-28 16:14:06 PDT
Created attachment 87235 [details]
Work in progress
Comment 2 Adam Barth 2011-03-28 16:14:32 PDT
I need to figure out how to test this patch.
Comment 3 Adam Barth 2011-04-05 00:46:44 PDT
Created attachment 88188 [details]
Patch
Comment 4 Eric Seidel 2011-04-06 10:13:23 PDT
Comment on attachment 88188 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=88188&action=review

Seems reasonable.  THank you.

> Source/WebCore/loader/DocumentWriter.cpp:124
> +    // FIXME: Do we need to consult the content security policy here about blocked plug-ins?

How might we hit this case?
Comment 5 Adam Barth 2011-04-06 10:24:18 PDT
(In reply to comment #4)
> (From update of attachment 88188 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=88188&action=review
> 
> Seems reasonable.  THank you.
> 
> > Source/WebCore/loader/DocumentWriter.cpp:124
> > +    // FIXME: Do we need to consult the content security policy here about blocked plug-ins?
> 
> How might we hit this case?

I think:

<iframe src="... plugin ..." >

I need to study it more.
Comment 6 WebKit Commit Bot 2011-04-06 11:14:08 PDT
Comment on attachment 88188 [details]
Patch

Rejecting attachment 88188 [details] from commit-queue.

Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'land-a..." exit_code: 2

Last 500 characters of output:
rocess/InjectedBundle/API/c/WKBundle.cpp
	M	Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
	M	Tools/WebKitTestRunner/InjectedBundle/Bindings/LayoutTestController.idl
	M	Tools/WebKitTestRunner/InjectedBundle/LayoutTestController.cpp
	M	Tools/WebKitTestRunner/InjectedBundle/LayoutTestController.h
	M	Tools/ChangeLog
r83071 = 1c223216c59c4d4ca60248eb86830155cbe81c37 (refs/remotes/trunk)
First, rewinding head to replay your work on top of it...
Fast-forwarded master to refs/remotes/trunk.

Full output: http://queues.webkit.org/results/8347285
Comment 7 Adam Barth 2011-04-06 21:43:54 PDT
Comment on attachment 88188 [details]
Patch

Clearing flags on attachment: 88188

Committed r83141: <http://trac.webkit.org/changeset/83141>
Comment 8 Adam Barth 2011-04-06 21:44:00 PDT
All reviewed patches have been landed.  Closing bug.