[webkit-changes] [286763] trunk

Wed, 08 Dec 2021 22:35:56 -0800

Title: [286763] trunk
Revision
286763
Author
pgrif...@igalia.com
Date
2021-12-08 22:34:52 -0800 (Wed, 08 Dec 2021)

Log Message

CSP: Skip whitespace at beginning of policy header
https://bugs.webkit.org/show_bug.cgi?id=233951

Reviewed by Kate Cheney.

LayoutTests/imported/w3c:

Update expectations as passing.

* web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt:

Source/WebCore:

This should have no practical effect but it fixes matching
the originalPolicy property in WPT results.

* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::didReceiveHeader):

LayoutTests:

No longer skip a test and update results to not have leading whitespace.

* TestExpectations:
* http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (286762 => 286763)


--- trunk/LayoutTests/ChangeLog	2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/ChangeLog	2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,3 +1,15 @@
+2021-12-08  Patrick Griffis  <pgrif...@igalia.com>
+
+        CSP: Skip whitespace at beginning of policy header
+        https://bugs.webkit.org/show_bug.cgi?id=233951
+
+        Reviewed by Kate Cheney.
+
+        No longer skip a test and update results to not have leading whitespace.
+
+        * TestExpectations:
+        * http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:
+
 2021-12-08  Arcady Goldmints-Orlov  <agoldmi...@igalia.com>
 
         [WPE] Update test baselines after r284521. Unreviewed test gardening.

Modified: trunk/LayoutTests/TestExpectations (286762 => 286763)


--- trunk/LayoutTests/TestExpectations	2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/TestExpectations	2021-12-09 06:34:52 UTC (rev 286763)
@@ -980,7 +980,6 @@
 imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/targeting.html [ Skip ]
 imported/w3c/web-platform-tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html [ Skip ]
 imported/w3c/web-platform-tests/content-security-policy/generic/304-response-should-update-csp.sub.html [ Skip ]
-imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html [ Skip ]
 imported/w3c/web-platform-tests/content-security-policy/unsafe-hashes/_javascript__src_allowed-href_blank.html [ Skip ]
 
 # FIXME: Skip Content Security Policy tests whose output is non-deterministic

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt (286762 => 286763)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt	2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt	2021-12-09 06:34:52 UTC (rev 286763)
@@ -37,4 +37,4 @@
 REQUEST_METHOD: POST
 REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2
 === POST DATA =""
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src-elem","effective-directive":"script-src","original-policy":" script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/alert-fail.js","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src-elem","effective-directive":"script-src","original-policy":"script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/alert-fail.js","status-code":200}}

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (286762 => 286763)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,3 +1,14 @@
+2021-12-08  Patrick Griffis  <pgrif...@igalia.com>
+
+        CSP: Skip whitespace at beginning of policy header
+        https://bugs.webkit.org/show_bug.cgi?id=233951
+
+        Reviewed by Kate Cheney.
+
+        Update expectations as passing.
+
+        * web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt:
+
 2021-12-08  Antti Koivisto  <an...@apple.com>
 
         [CSS Cascade Layers] CSSImportRule.cssText doesn't include layer parameter

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt (286762 => 286763)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt	2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt	2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,8 +1,6 @@
 Source expressions in a separate policy are honored with `strict-dynamic` in the script-src directive.
 
 
-Harness Error (TIMEOUT), message = null
-
 PASS Script injected via `appendChild` is permitted with `strict-dynamic` + a nonce+allowed double policy.
-TIMEOUT Non-allowed script injected via `appendChild` is not permitted with `strict-dynamic` + a nonce+allowed double policy. Test timed out
+PASS Non-allowed script injected via `appendChild` is not permitted with `strict-dynamic` + a nonce+allowed double policy.

Modified: trunk/Source/WebCore/ChangeLog (286762 => 286763)


--- trunk/Source/WebCore/ChangeLog	2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/Source/WebCore/ChangeLog	2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,3 +1,16 @@
+2021-12-08  Patrick Griffis  <pgrif...@igalia.com>
+
+        CSP: Skip whitespace at beginning of policy header
+        https://bugs.webkit.org/show_bug.cgi?id=233951
+
+        Reviewed by Kate Cheney.
+
+        This should have no practical effect but it fixes matching
+        the originalPolicy property in WPT results.
+
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+
 2021-12-08  Megan Gardner  <megan_gard...@apple.com>
 
         Show correct content menu for images services chevron.

Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (286762 => 286763)


--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp	2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp	2021-12-09 06:34:52 UTC (rev 286763)
@@ -204,8 +204,9 @@
     // be combined with a comma. Walk the header string, and parse each comma
     // separated chunk as a separate header.
     readCharactersForParsing(header, [&](auto buffer) {
+        skipWhile<isASCIISpace>(buffer);
         auto begin = buffer.position();
-    
+
         while (buffer.hasCharactersRemaining()) {
             skipUntil(buffer, ',');
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to