RESOLVED FIXED Bug 94415
CSP 1.1: Add 'plugin-types' and 'form-action' DOM API. 
https://bugs.webkit.org/show_bug.cgi?id=94415
Summary CSP 1.1: Add 'plugin-types' and 'form-action' DOM API.
Mike West
Reported 2012-08-18 12:22:07 PDT
I added feature detection methods for 'plugin-types' and 'form-action' in https://dvcs.w3.org/hg/content-security-policy/rev/72456c14e22d We should update the API implementation to match.
Attachments
Patch (10.76 KB, patch)
2012-08-18 12:32 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2012-08-18 12:32:41 PDT
Created attachment 159266 [details] Patch
Mike West
Comment 2 2012-08-18 12:35:04 PDT
Hey Adam, would you mind taking a look at this? I didn't add 'script-nonce' in this patch, as I'm not entirely sure that's a good idea. I'm tempted to address it with something like 'requiresNonce' that would return a bool, rather than giving script the ability to brute-force the nonce by continually checking 'allowsNonce("xxx")'. I'll drop an email to the list to see if anyone has a strong opinion on the matter. Thanks!
Adam Barth
Comment 3 2012-08-19 13:52:16 PDT
> I didn't add 'script-nonce' in this patch, as I'm not entirely sure that's a good idea. I'm tempted to address it with something like 'requiresNonce' that would return a bool, rather than giving script the ability to brute-force the nonce by continually checking 'allowsNonce("xxx")'. Another possibility is to have the nonce available in JavaScript under the theory that if you can read that property, you're already able to execute script... Hum... Let's wait a bit while we experiment with script-nonce to see how we end up using it.
Mike West
Comment 4 2012-08-19 14:05:18 PDT
Comment on attachment 159266 [details] Patch Waiting sounds reasonable. Speaking of waiting... CQ? (maybe this week...)
WebKit Review Bot
Comment 5 2012-08-19 15:40:09 PDT
Comment on attachment 159266 [details] Patch Clearing flags on attachment: 159266 Committed r125983: <http://trac.webkit.org/changeset/125983>
WebKit Review Bot
Comment 6 2012-08-19 15:40:13 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.