60301 – Add disable-javascript-urls CSP directive

Bug 60301 - Add disable-javascript-urls CSP directive

Summary: Add disable-javascript-urls CSP directive

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Adam Barth

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-05-05 14:33 PDT by Adam Barth
Modified:	2011-05-06 14:04 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Patch (4.95 KB, patch) 2011-05-05 14:35 PDT, Adam Barth	no flags	Details \| Formatted Diff \| Diff
Patch for landing (5.18 KB, patch) 2011-05-06 13:09 PDT, Adam Barth	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Barth 2011-05-05 14:33:08 PDT

Add disable-javascript-urls CSP directive

Comment 1 Adam Barth 2011-05-05 14:35:09 PDT

Created attachment 92471 [details]
Patch

Comment 2 Eric Seidel (no email) 2011-05-06 12:08:08 PDT

Comment on attachment 92471 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92471&action=review

> Source/WebCore/page/ContentSecurityPolicy.h:91
> +    bool m_disableJavaScriptURLs;

Should we note here that it's not in the spec?

Comment 3 Adam Barth 2011-05-06 13:09:17 PDT

Created attachment 92631 [details]
Patch for landing

Comment 4 Adam Barth 2011-05-06 13:09:44 PDT

I added a note about this being an experimental feature that should be removed if not adopted by the working group.

Comment 5 WebKit Commit Bot 2011-05-06 14:04:09 PDT

Comment on attachment 92631 [details]
Patch for landing

Clearing flags on attachment: 92631

Committed r85975: <http://trac.webkit.org/changeset/85975>

Comment 6 WebKit Commit Bot 2011-05-06 14:04:13 PDT

All reviewed patches have been landed.  Closing bug.