Bug 153153

Summary:

CSP: object-src directive should prohibit creation of nested browsing context

Product:

WebKit

Reporter:

Daniel Bates <dbates>

Component:

WebCore Misc.

Assignee:

Daniel Bates <dbates>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, cdumez, commit-queue, dbates, japhet, mkwst, webkit-bug-importer

Priority:

Keywords:

BlinkMergeCandidate, InRadar

Version:

WebKit Local Build

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch and Layout Tests	bfulgham: review+

Daniel Bates

Reported 2016-01-15 15:01:10 PST

We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=164952>. CSP: Check <param> element values against the document's CSP before loading. We ought to take account of the 'param' element parsing behavior that happens in 'HTMLObjectElement'. This patch moves the pluginIsLoadable check to make that happen. To avoid 'setTimeout' in the test, and to align with the spec[1], this patch also starts dispatching an 'error' event on load failure for 'object' elements. [1]: #4.6 ("If the load failed...") of http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#the-object-element

Attachments
Patch and Layout Tests (26.36 KB, patch) 2016-03-04 17:15 PST, Daniel Bates	bfulgham: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2016-01-27 20:37:33 PST

Daniel Bates

Comment 2 2016-03-04 17:15:54 PST

Created attachment 273059 [details] Patch and Layout Tests

Brent Fulgham

Comment 3 2016-03-04 21:37:28 PST

Comment on attachment 273059 [details] Patch and Layout Tests View in context: https://bugs.webkit.org/attachment.cgi?id=273059&action=review Very nice! r=me. > LayoutTests/TestExpectations:-851 > -webkit.org/b/153153 http/tests/security/contentSecurityPolicy/object-src-param-url-blocked.html Hooray!

Daniel Bates

Comment 4 2016-03-07 12:21:10 PST

Note You need to log in before you can comment on or make changes to this bug.