RESOLVED FIXED 153153
CSP: object-src directive should prohibit creation of nested browsing context 
https://bugs.webkit.org/show_bug.cgi?id=153153
Summary CSP: object-src directive should prohibit creation of nested browsing context
Daniel Bates
Reported 2016-01-15 15:01:10 PST
We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=164952>. CSP: Check <param> element values against the document's CSP before loading. We ought to take account of the 'param' element parsing behavior that happens in 'HTMLObjectElement'. This patch moves the pluginIsLoadable check to make that happen. To avoid 'setTimeout' in the test, and to align with the spec[1], this patch also starts dispatching an 'error' event on load failure for 'object' elements. [1]: #4.6 ("If the load failed...") of http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#the-object-element
Attachments
Patch and Layout Tests (26.36 KB, patch)
2016-03-04 17:15 PST, Daniel Bates 		bfulgham: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-01-27 20:37:33 PST
<rdar://problem/24383209>
Daniel Bates
Comment 2 2016-03-04 17:15:54 PST
Created attachment 273059 [details] Patch and Layout Tests
Brent Fulgham
Comment 3 2016-03-04 21:37:28 PST
Comment on attachment 273059 [details] Patch and Layout Tests View in context: https://bugs.webkit.org/attachment.cgi?id=273059&action=review Very nice! r=me. > LayoutTests/TestExpectations:-851 > -webkit.org/b/153153 http/tests/security/contentSecurityPolicy/object-src-param-url-blocked.html Hooray!
Daniel Bates
Comment 4 2016-03-07 12:21:10 PST
Committed r197697: <http://trac.webkit.org/changeset/197697>
Note You need to log in before you can comment on or make changes to this bug.