WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
57283
CSP object-src should block plugin loads
https://bugs.webkit.org/show_bug.cgi?id=57283
Summary
CSP object-src should block plugin loads
Adam Barth
Reported
2011-03-28 16:13:02 PDT
CSP object-src should block plugin loads
Attachments
Work in progress
(4.73 KB, patch)
2011-03-28 16:14 PDT
,
Adam Barth
no flags
Details
Formatted Diff
Diff
Patch
(8.38 KB, patch)
2011-04-05 00:46 PDT
,
Adam Barth
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Adam Barth
Comment 1
2011-03-28 16:14:06 PDT
Created
attachment 87235
[details]
Work in progress
Adam Barth
Comment 2
2011-03-28 16:14:32 PDT
I need to figure out how to test this patch.
Adam Barth
Comment 3
2011-04-05 00:46:44 PDT
Created
attachment 88188
[details]
Patch
Eric Seidel (no email)
Comment 4
2011-04-06 10:13:23 PDT
Comment on
attachment 88188
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=88188&action=review
Seems reasonable. THank you.
> Source/WebCore/loader/DocumentWriter.cpp:124 > + // FIXME: Do we need to consult the content security policy here about blocked plug-ins?
How might we hit this case?
Adam Barth
Comment 5
2011-04-06 10:24:18 PDT
(In reply to
comment #4
)
> (From update of
attachment 88188
[details]
) > View in context:
https://bugs.webkit.org/attachment.cgi?id=88188&action=review
> > Seems reasonable. THank you. > > > Source/WebCore/loader/DocumentWriter.cpp:124 > > + // FIXME: Do we need to consult the content security policy here about blocked plug-ins? > > How might we hit this case?
I think: <iframe src="... plugin ..." > I need to study it more.
WebKit Commit Bot
Comment 6
2011-04-06 11:14:08 PDT
Comment on
attachment 88188
[details]
Patch Rejecting
attachment 88188
[details]
from commit-queue. Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'land-a..." exit_code: 2 Last 500 characters of output: rocess/InjectedBundle/API/c/WKBundle.cpp M Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h M Tools/WebKitTestRunner/InjectedBundle/Bindings/LayoutTestController.idl M Tools/WebKitTestRunner/InjectedBundle/LayoutTestController.cpp M Tools/WebKitTestRunner/InjectedBundle/LayoutTestController.h M Tools/ChangeLog
r83071
= 1c223216c59c4d4ca60248eb86830155cbe81c37 (refs/remotes/trunk) First, rewinding head to replay your work on top of it... Fast-forwarded master to refs/remotes/trunk. Full output:
http://queues.webkit.org/results/8347285
Adam Barth
Comment 7
2011-04-06 21:43:54 PDT
Comment on
attachment 88188
[details]
Patch Clearing flags on attachment: 88188 Committed
r83141
: <
http://trac.webkit.org/changeset/83141
>
Adam Barth
Comment 8
2011-04-06 21:44:00 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug