RESOLVED FIXED 113039
CSP 1.1: Strip URLs in SecurityPolicyViolationEvents, just as we do for POSTed violation reports. 
https://bugs.webkit.org/show_bug.cgi?id=113039
Summary CSP 1.1: Strip URLs in SecurityPolicyViolationEvents, just as we do for POSTe...
Mike West
Reported 2013-03-22 03:40:15 PDT
CSP 1.1: Strip URLs in SecurityPolicyViolationEvents, just as we do for POSTed violation reports.
Attachments
Patch (21.42 KB, patch)
2013-03-22 03:47 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (21.49 KB, patch)
2013-03-25 02:43 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (24.34 KB, patch)
2013-03-25 03:27 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (27.11 KB, patch)
2013-03-25 05:00 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2013-03-22 03:47:19 PDT
Created attachment 194500 [details] Patch
Mike West
Comment 2 2013-03-24 12:59:40 PDT
Hey Adam! I obviously need to rebase this patch to fix whatever didn't apply correctly, but perhaps you can take a look in the meantime? It's a fairly large oversight on my part in the initial implementation. :/ Thanks!
Mike West
Comment 3 2013-03-25 02:43:48 PDT
Created attachment 194810 [details] Patch
Mike West
Comment 4 2013-03-25 02:50:03 PDT
Hey Jochen! Since Adam is out, would you mind taking a look at this patch?
Mike West
Comment 5 2013-03-25 03:27:38 PDT
Created attachment 194818 [details] Patch
Mike West
Comment 6 2013-03-25 03:29:48 PDT
(In reply to comment #5) > Created an attachment (id=194818) [details] > Patch Jochen noted that we're doing the wrong thing with 'file:' URIs. Normally, I'd break that out into a separate patch, but I'm not sure it's worth it in this case. The current patch fixes both issues by changing the 'if' to 'if (!url.isHierarchical() || url.protocolIs("file"))'. I'm also happy to break that (and the new test it brings with it) out to a separate patch if you think that'd be clearer.
jochen
Comment 7 2013-03-25 03:57:06 PDT
Comment on attachment 194818 [details] Patch ok
Mike West
Comment 8 2013-03-25 03:58:24 PDT
(In reply to comment #7) > (From update of attachment 194818 [details]) > ok Cool. I'll CQ it once the mac bots join the happy crowd. Thanks!
Mike West
Comment 9 2013-03-25 05:00:44 PDT
Created attachment 194830 [details] Patch
Mike West
Comment 10 2013-03-25 05:03:15 PDT
Comment on attachment 194830 [details] Patch Carrying over the r+, CQing after fixing the platform-specific results for the new test.
WebKit Review Bot
Comment 11 2013-03-25 05:22:53 PDT
Comment on attachment 194830 [details] Patch Clearing flags on attachment: 194830 Committed r146758: <http://trac.webkit.org/changeset/146758>
WebKit Review Bot
Comment 12 2013-03-25 05:22:57 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.