CSP script-src should block eval
Created attachment 91773 [details] Patch
Here's the related V8 bug: http://code.google.com/p/v8/issues/detail?id=1258
Comment on attachment 91773 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=91773&action=review > LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked.html:11 > +This test passes if it doesn't alert fail. This is confusing. > Source/JavaScriptCore/runtime/Executable.cpp:106 > + return throwError(exec, createEvalError(exec, "Eval is disabled")); Is this the right text? > Source/JavaScriptCore/runtime/JSGlobalObject.h:115 > + bool m_isEvalEnabled : 1; Do we worry about the size of this object?
Attachment 91773 [details] did not build on chromium: Build output: http://queues.webkit.org/results/8517974
> > LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked.html:11 > > +This test passes if it doesn't alert fail. > > This is confusing. Maybe: This test passes if it doesn't alert "fail." ? > > Source/JavaScriptCore/runtime/Executable.cpp:106 > > + return throwError(exec, createEvalError(exec, "Eval is disabled")); > > Is this the right text? There's no spec for JavaScript errors. > > Source/JavaScriptCore/runtime/JSGlobalObject.h:115 > > + bool m_isEvalEnabled : 1; > > Do we worry about the size of this object? Dunno. The object is very large. I could remove the ": 1".
Created attachment 91775 [details] Patch
Created attachment 91783 [details] Patch
The commit-queue encountered the following flaky tests while processing attachment 91783 [details]: http/tests/xmlhttprequest/failed-auth.html bug 51835 (author: ap@webkit.org) The commit-queue is continuing to process your patch.
Comment on attachment 91783 [details] Patch Clearing flags on attachment: 91783 Committed r85388: <http://trac.webkit.org/changeset/85388>
All reviewed patches have been landed. Closing bug.
The commit-queue encountered the following flaky tests while processing attachment 91783 [details]: http/tests/xmlhttprequest/cross-origin-authorization.html bug 52398 (author: ap@webkit.org) The commit-queue is continuing to process your patch.