2011-04-07 Adam Barth <abarth@webkit.org>

2011-04-07  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement CSP's options directive
        https://bugs.webkit.org/show_bug.cgi?id=58014

        * http/tests/security/contentSecurityPolicy/inline-script-allowed-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/inline-script-allowed.html: Added.
        * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html: Added.
2011-04-07  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement CSP's options directive
        https://bugs.webkit.org/show_bug.cgi?id=58014

        This patch contains the full options parser, but we only have enough of
        CSP implemented to see the effects of disable-xss-protection.  Will
        need to do some more work before we can see eval-script in action.

        Tests: http/tests/security/contentSecurityPolicy/inline-script-allowed.html
               http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html

        * page/ContentSecurityPolicy.cpp:
        (WebCore::CSPOptions::CSPOptions):
        (WebCore::CSPOptions::disableXSSProtection):
        (WebCore::CSPOptions::evalScript):
        (WebCore::CSPOptions::parse):
        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs):
        (WebCore::ContentSecurityPolicy::allowInlineEventHandlers):
        (WebCore::ContentSecurityPolicy::allowInlineScript):
        (WebCore::ContentSecurityPolicy::addDirective):
        * page/ContentSecurityPolicy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@83205 268f45cc-cd09-0410-ab3c-d52691b4dbfc