2011-04-07 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 20:51:22 +0000 (20:51 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 20:51:22 +0000 (20:51 +0000)
commit516aa049f57091e02b14420771e498babc40c2df
tree877b3c125f90367aedeb467fdb135c456a93e7af
parent06e57bf6f56da4b44a40b3f3b2890204d7c698f4
2011-04-07  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement CSP's options directive
        https://bugs.webkit.org/show_bug.cgi?id=58014

        * http/tests/security/contentSecurityPolicy/inline-script-allowed-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/inline-script-allowed.html: Added.
        * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html: Added.
2011-04-07  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement CSP's options directive
        https://bugs.webkit.org/show_bug.cgi?id=58014

        This patch contains the full options parser, but we only have enough of
        CSP implemented to see the effects of disable-xss-protection.  Will
        need to do some more work before we can see eval-script in action.

        Tests: http/tests/security/contentSecurityPolicy/inline-script-allowed.html
               http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html

        * page/ContentSecurityPolicy.cpp:
        (WebCore::CSPOptions::CSPOptions):
        (WebCore::CSPOptions::disableXSSProtection):
        (WebCore::CSPOptions::evalScript):
        (WebCore::CSPOptions::parse):
        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs):
        (WebCore::ContentSecurityPolicy::allowInlineEventHandlers):
        (WebCore::ContentSecurityPolicy::allowInlineScript):
        (WebCore::ContentSecurityPolicy::addDirective):
        * page/ContentSecurityPolicy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@83205 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/ContentSecurityPolicy.cpp
Source/WebCore/page/ContentSecurityPolicy.h