Bug 57283 - CSP object-src should block plugin loads
Summary: CSP object-src should block plugin loads
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks: 53572
  Show dependency treegraph
 
Reported: 2011-03-28 16:13 PDT by Adam Barth
Modified: 2011-04-06 21:44 PDT (History)
2 users (show)

See Also:

Attachments
Work in progress (4.73 KB, patch)
2011-03-28 16:14 PDT, Adam Barth 		no flags Details | Formatted Diff | Diff
Patch (8.38 KB, patch)
2011-04-05 00:46 PDT, Adam Barth 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2011-03-28 16:13:02 PDT 
CSP object-src should block plugin loads
Comment 1 Adam Barth 2011-03-28 16:14:06 PDT 
Created attachment 87235 [details]
Work in progress
Comment 2 Adam Barth 2011-03-28 16:14:32 PDT 
I need to figure out how to test this patch.
Comment 3 Adam Barth 2011-04-05 00:46:44 PDT 
Created attachment 88188 [details]
Patch
Comment 4 Eric Seidel (no email) 2011-04-06 10:13:23 PDT 
Comment on attachment 88188 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=88188&action=review

Seems reasonable.  THank you.

> Source/WebCore/loader/DocumentWriter.cpp:124
> +    // FIXME: Do we need to consult the content security policy here about blocked plug-ins?

How might we hit this case?
Comment 5 Adam Barth 2011-04-06 10:24:18 PDT 
(In reply to comment #4)
> (From update of attachment 88188 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=88188&action=review
> 
> Seems reasonable.  THank you.
> 
> > Source/WebCore/loader/DocumentWriter.cpp:124
> > +    // FIXME: Do we need to consult the content security policy here about blocked plug-ins?
> 
> How might we hit this case?

I think:

<iframe src="... plugin ..." >

I need to study it more.
Comment 6 WebKit Commit Bot 2011-04-06 11:14:08 PDT 
Comment on attachment 88188 [details]
Patch

Rejecting attachment 88188 [details] from commit-queue.

Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'land-a..." exit_code: 2

Last 500 characters of output:
rocess/InjectedBundle/API/c/WKBundle.cpp
	M	Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
	M	Tools/WebKitTestRunner/InjectedBundle/Bindings/LayoutTestController.idl
	M	Tools/WebKitTestRunner/InjectedBundle/LayoutTestController.cpp
	M	Tools/WebKitTestRunner/InjectedBundle/LayoutTestController.h
	M	Tools/ChangeLog
r83071 = 1c223216c59c4d4ca60248eb86830155cbe81c37 (refs/remotes/trunk)
First, rewinding head to replay your work on top of it...
Fast-forwarded master to refs/remotes/trunk.

Full output: http://queues.webkit.org/results/8347285
Comment 7 Adam Barth 2011-04-06 21:43:54 PDT 
Comment on attachment 88188 [details]
Patch

Clearing flags on attachment: 88188

Committed r83141: <http://trac.webkit.org/changeset/83141>
Comment 8 Adam Barth 2011-04-06 21:44:00 PDT 
All reviewed patches have been landed.  Closing bug.