[CSP] Check policy before opening a new window to a JavaScript URL
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Oct 2017 18:03:02 +0000 (18:03 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Oct 2017 18:03:02 +0000 (18:03 +0000)
commit1bc7a50141ef0f254df19f78800f27f7fda6deb6
tree61338c1ff16807eb326a78e9e925e51a0875a043
parent4ae31f450f9fb4f559277ad54b1e93ad8c85a7cf
[CSP] Check policy before opening a new window to a JavaScript URL
https://bugs.webkit.org/show_bug.cgi?id=176815
<rdar://problem/34400057>

Reviewed by Brent Fulgham.

Source/WebCore:

Ensure that the Content Security Policy of the page allows navigation to a JavaScript URL
before opening a new window to it.

Test: http/tests/security/contentSecurityPolicy/window-open-javascript-url-blocked.html

* loader/FrameLoader.cpp:
(WebCore::createWindow):

LayoutTests:

* http/tests/security/contentSecurityPolicy/resources/window-open-javascript-url-blocked.js: Added.
* http/tests/security/contentSecurityPolicy/window-open-javascript-url-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/window-open-javascript-url-blocked.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@222788 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/resources/window-open-javascript-url-blocked.js [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/window-open-javascript-url-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/window-open-javascript-url-blocked.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/FrameLoader.cpp