2011-04-07 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Apr 2011 01:08:59 +0000 (01:08 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Apr 2011 01:08:59 +0000 (01:08 +0000)
commit5a3ccc90adb9b9221db6ca2392b2ff20938e70a0
treeee53a6dc89b8340efd2753b78d143b4eb559e303
parent8a806c6e9d3c5a1a40acae24b352f3cb0d472e1e
2011-04-07  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement img-src style-src and font-src
        https://bugs.webkit.org/show_bug.cgi?id=58018

        Test a bunch of allow/block tests for these new directives.

        * http/tests/security/contentSecurityPolicy/image-allowed-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/image-allowed.html: Added.
        * http/tests/security/contentSecurityPolicy/image-blocked-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/image-blocked.html: Added.
        * http/tests/security/contentSecurityPolicy/resources/blue.css: Added.
        * http/tests/security/contentSecurityPolicy/resources/style.xsl: Added.
        * http/tests/security/contentSecurityPolicy/style-allowed-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/style-allowed.html: Added.
        * http/tests/security/contentSecurityPolicy/style-blocked-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/style-blocked.html: Added.
        * http/tests/security/contentSecurityPolicy/xsl-allowed.php: Added.
        * http/tests/security/contentSecurityPolicy/xsl-blocked-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/xsl-blocked.php: Added.
2011-04-07  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement img-src style-src and font-src
        https://bugs.webkit.org/show_bug.cgi?id=58018

        These are pretty straight forward given the rest of the infrastructure
        we've built so far.

        Tests: http/tests/security/contentSecurityPolicy/image-allowed.html
               http/tests/security/contentSecurityPolicy/image-blocked.html
               http/tests/security/contentSecurityPolicy/style-allowed.html
               http/tests/security/contentSecurityPolicy/style-blocked.html
               http/tests/security/contentSecurityPolicy/xsl-allowed.php
               http/tests/security/contentSecurityPolicy/xsl-blocked.php

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::canRequest):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::allowImageFromSource):
        (WebCore::ContentSecurityPolicy::allowStyleFromSource):
        (WebCore::ContentSecurityPolicy::allowFontFromSource):
        (WebCore::ContentSecurityPolicy::addDirective):
        * page/ContentSecurityPolicy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@83235 268f45cc-cd09-0410-ab3c-d52691b4dbfc
19 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/image-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/image-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/blue.css [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/style.xsl [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/style-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/style-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/style-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/style-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/xsl-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/xsl-allowed.php [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/xsl-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/xsl-blocked.php [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/cache/CachedResourceLoader.cpp
Source/WebCore/page/ContentSecurityPolicy.cpp
Source/WebCore/page/ContentSecurityPolicy.h