xsl-img-blocked.php: <?php header("Content-Type: text/xml"); header("X-WebKit-CSP: img-src 'none'"); echo '<?xml version="1.0" encoding="UTF-8"?>'; echo '<?xml-stylesheet type="text/xsl" href="resources/transform-to-img.xsl"?>'; ?> <body/> resources/transform-to-img.xsl: <?xml version="1.0" encoding="ISO-8859-1"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <html> <head> <script> //<![CDATA[ if (window.layoutTestController) layoutTestController.dumpAsText(); //]]> </script> </head> <body> Here is an image: <img src="../resources/abe.png"/> </body> </html> </xsl:template> </xsl:stylesheet>

Created attachment 120360 [details] Patch + tests

Comment on attachment 120360 [details] Patch + tests View in context: https://bugs.webkit.org/attachment.cgi?id=120360&action=review > Source/WebCore/page/ContentSecurityPolicy.cpp:498 > +{ Should we ASSERT(!m_havePolicy) ?

Comment on attachment 120360 [details] Patch + tests View in context: https://bugs.webkit.org/attachment.cgi?id=120360&action=review >> Source/WebCore/page/ContentSecurityPolicy.cpp:498 >> +{ > > Should we ASSERT(!m_havePolicy) ? Don't think so -- didReceiveHeader silently ignores if set -- follow same first header rules rule here.

So, the copy operation can fail if we already have a policy? If so, that seems like "copy" is the wrong verb to use for this function. We should either use a name that expresses that this operation can fail or we should make the operation always succeed.

A third option is to make this function illegal to call in any situation in which it would fail (i.e., add the ASSERT).

Created attachment 120365 [details] Patch + tests You've convinced me.

Are those null checks needed?

(In reply to comment #8) > Are those null checks needed? I put them in because SecurityContext's constructor creates SecurityContexts with NULL CSP refpointers. Didn't want to rely on the flow up to this point always setting them for now and down the road.

Comment on attachment 120365 [details] Patch + tests View in context: https://bugs.webkit.org/attachment.cgi?id=120365&action=review > Source/WebCore/xml/XSLTProcessor.cpp:95 > + if (result->contentSecurityPolicy() && oldDocument->contentSecurityPolicy()) In the case where result->contentSecurityPolicy() is null, won't we fail to copy over the security policy? Isn't that bad? It seems like we should remove these null checks. If initSecurityOrigin hasn't finished by this point, we're in big trouble and we want to crash so we'll know that.

Created attachment 120378 [details] Patch + tests Fair enough. I suppose in a perfect world SecurityContext::contentSecurityPoliy() should ASSERT non-nullness of its return to allow callers to omit these kinds of checks, and that setContentSecurityPolicy() would ASSERT its arg is non-NULL, no?

Comment on attachment 120378 [details] Patch + tests Probably. If you'd like to add those ASSERTs, I'd be happy to review the patch. :)

Comment on attachment 120378 [details] Patch + tests Clearing flags on attachment: 120378 Committed r103617: <http://trac.webkit.org/changeset/103617>

All reviewed patches have been landed. Closing bug.