70011 – script-src * should allow all URLs

Bug 70011 - script-src * should allow all URLs

Summary: script-src * should allow all URLs

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Adam Barth

URL:
Keywords:

Depends on:	70245
Blocks:	53572
	Show dependency tree / graph

Reported:	2011-10-13 02:40 PDT by Adam Barth
Modified:	2011-10-17 10:35 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (4.86 KB, patch) 2011-10-13 02:50 PDT, Adam Barth	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Barth 2011-10-13 02:40:47 PDT

script-src * should allow all URLs

Comment 1 Adam Barth 2011-10-13 02:50:44 PDT

Created attachment 110816 [details]
Patch

Comment 2 Eric Seidel (no email) 2011-10-13 02:53:17 PDT

Comment on attachment 110816 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=110816&action=review

OK.

> Source/WebCore/page/ContentSecurityPolicy.cpp:273
> +    if (end - begin == 1 && *begin == '*') {

It seems like you should have a local length = end - begin?  Or do you move begin?

Comment 3 Adam Barth 2011-10-13 02:54:24 PDT

Comment on attachment 110816 [details]
Patch

Yeah, begin and end get moved around a lot in this function.  I'd prefer not to have a length variable because I'd worry it would get out of sync.

Comment 4 WebKit Review Bot 2011-10-13 03:15:48 PDT

Comment on attachment 110816 [details]
Patch

Clearing flags on attachment: 110816

Committed r97360: <http://trac.webkit.org/changeset/97360>

Comment 5 WebKit Review Bot 2011-10-13 03:15:52 PDT

All reviewed patches have been landed.  Closing bug.