Bug 70011 - script-src * should allow all URLs
: script-src * should allow all URLs
Status: RESOLVED FIXED
: WebKit
New Bugs
: 528+ (Nightly build)
: Unspecified Unspecified
: P2 Normal
Assigned To:
:
:
: 70245
: 53572
  Show dependency treegraph
 
Reported: 2011-10-13 02:40 PST by
Modified: 2011-10-17 10:35 PST (History)


Attachments
Patch (4.86 KB, patch)
2011-10-13 02:50 PST, Adam Barth
no flags Review Patch | Details | Formatted Diff | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2011-10-13 02:40:47 PST
script-src * should allow all URLs
------- Comment #1 From 2011-10-13 02:50:44 PST -------
Created an attachment (id=110816) [details]
Patch
------- Comment #2 From 2011-10-13 02:53:17 PST -------
(From update of attachment 110816 [details])
View in context: https://bugs.webkit.org/attachment.cgi?id=110816&action=review

OK.

> Source/WebCore/page/ContentSecurityPolicy.cpp:273
> +    if (end - begin == 1 && *begin == '*') {

It seems like you should have a local length = end - begin?  Or do you move begin?
------- Comment #3 From 2011-10-13 02:54:24 PST -------
(From update of attachment 110816 [details])
Yeah, begin and end get moved around a lot in this function.  I'd prefer not to have a length variable because I'd worry it would get out of sync.
------- Comment #4 From 2011-10-13 03:15:48 PST -------
(From update of attachment 110816 [details])
Clearing flags on attachment: 110816

Committed r97360: <http://trac.webkit.org/changeset/97360>
------- Comment #5 From 2011-10-13 03:15:52 PST -------
All reviewed patches have been landed.  Closing bug.