2011-04-07 Adam Barth <abarth@webkit.org>
[WebKit-https.git] / Source / WebCore / ChangeLog
index fad5a3c..15e3284 100644 (file)
@@ -1,3 +1,28 @@
+2011-04-07  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Implement CSP's options directive
+        https://bugs.webkit.org/show_bug.cgi?id=58014
+
+        This patch contains the full options parser, but we only have enough of
+        CSP implemented to see the effects of disable-xss-protection.  Will
+        need to do some more work before we can see eval-script in action.
+
+        Tests: http/tests/security/contentSecurityPolicy/inline-script-allowed.html
+               http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html
+
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::CSPOptions::CSPOptions):
+        (WebCore::CSPOptions::disableXSSProtection):
+        (WebCore::CSPOptions::evalScript):
+        (WebCore::CSPOptions::parse):
+        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs):
+        (WebCore::ContentSecurityPolicy::allowInlineEventHandlers):
+        (WebCore::ContentSecurityPolicy::allowInlineScript):
+        (WebCore::ContentSecurityPolicy::addDirective):
+        * page/ContentSecurityPolicy.h:
+
 2011-04-07  Alexey Proskuryakov  <ap@apple.com>
 
         Reviewed by Anders Carlsson.