Diff
Modified: branches/safari-602.2.14.0-branch/LayoutTests/ChangeLog (207248 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/ChangeLog 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/LayoutTests/ChangeLog 2016-10-12 23:01:40 UTC (rev 207249)
@@ -1,5 +1,37 @@
2016-10-11 Matthew Hanson <matthew_han...@apple.com>
+ Merge r203611. rdar://problem/28476958
+
+ 2016-07-22 Daniel Bates <daba...@apple.com>
+
+ CSP: object-src and plugin-types directives are not respected for plugin replacements
+ https://bugs.webkit.org/show_bug.cgi?id=159761
+ <rdar://problem/27365724>
+
+ Reviewed by Brent Fulgham.
+
+ Add layout tests to ensure that we apply the CSP object-src and plugin-types directives to content
+ that loads with either the QuickTime plugin replacement or YouTube plugin replacement.
+
+ * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt: Added.
+ * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html: Added.
+ * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt: Added.
+ * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html: Added.
+ * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt: Added.
+ * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html: Added.
+ * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt: Added.
+ * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html: Added.
+ * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html: Added.
+
+2016-10-11 Matthew Hanson <matthew_han...@apple.com>
+
Merge r203522. rdar://problem/28476959
2016-07-21 Daniel Bates <daba...@apple.com>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load yellow.mov because it does not appear in the object-src directive of the Content Security Policy.
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<embed id="embed" width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov">
+</body>
+</html>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load https://www.youtube.com/v/UF8uR6Z6KLc because it does not appear in the object-src directive of the Content Security Policy.
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+ codebase=""
+ <embed width="425" height="350" type="application/x-shockwave-flash" src=""
+</object>
+</body>
+</html>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+ALERT: PASS did load plugin.
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types video/quicktime">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+</script>
+</head>
+<body>
+<embed id="embed" type="video/quicktime" width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov" postdomevents=true>
+<script>
+document.getElementById("embed").addEventListener("qt_begin", function () {
+ alert("PASS did load plugin.");
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, true);
+</script>
+</body>
+</html>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+Blocked access to external URL https://www.youtube.com/embed/UF8uR6Z6KLc?showinfo=0
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types application/x-shockwave-flash">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+
+// Waiting at least 100ms seems to ensure that YouTube plugin replacement has loaded.
+window.setTimeout(function () {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, 100);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+ codebase=""
+ <embed width="425" height="350" type="application/x-shockwave-flash" src=""
+</object>
+</body>
+</html>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load yellow.mov because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load yellow.mov because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<embed width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov">
+</body>
+</html>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<embed type="video/quicktime" width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov">
+</body>
+</html>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load https://www.youtube.com/v/UF8uR6Z6KLc because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load https://www.youtube.com/v/UF8uR6Z6KLc because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+ codebase=""
+ <embed width="425" height="350" src=""
+</object>
+</body>
+</html>
Added: branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html (0 => 207249)
--- branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html (rev 0)
+++ branches/safari-602.2.14.0-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html 2016-10-12 23:01:40 UTC (rev 207249)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+if (window.internals)
+ window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+ codebase=""
+ <embed width="425" height="350" type="application/x-shockwave-flash" src=""
+</object>
+</body>
+</html>
Modified: branches/safari-602.2.14.0-branch/Source/WebCore/ChangeLog (207248 => 207249)
--- branches/safari-602.2.14.0-branch/Source/WebCore/ChangeLog 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/ChangeLog 2016-10-12 23:01:40 UTC (rev 207249)
@@ -1,5 +1,47 @@
2016-10-11 Matthew Hanson <matthew_han...@apple.com>
+ Merge r203611. rdar://problem/28476958
+
+ 2016-07-22 Daniel Bates <daba...@apple.com>
+
+ CSP: object-src and plugin-types directives are not respected for plugin replacements
+ https://bugs.webkit.org/show_bug.cgi?id=159761
+ <rdar://problem/27365724>
+
+ Reviewed by Brent Fulgham.
+
+ Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
+ load with a plugin replacement.
+
+ Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
+ security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
+ security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
+ security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
+ security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
+ security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
+ security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
+ security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html
+
+ * html/HTMLPlugInImageElement.cpp:
+ (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
+ (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
+ are allowed to load such content.
+ * html/HTMLPlugInImageElement.h:
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
+ earlier in HTMLPlugInImageElement::requestObject().
+ (WebCore::SubframeLoader::requestPlugin): Ditto.
+ (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
+ to HTMLPlugInImageElement::allowedToLoadPluginContent().
+ (WebCore::SubframeLoader::requestObject): Deleted.
+ * loader/SubframeLoader.h:
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
+ function to a const function since these functions do not modify |this|.
+ * page/csp/ContentSecurityPolicy.h:
+
+2016-10-11 Matthew Hanson <matthew_han...@apple.com>
+
Merge r203522. rdar://problem/28476959
2016-07-21 Daniel Bates <daba...@apple.com>
Modified: branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.cpp (207248 => 207249)
--- branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.cpp 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.cpp 2016-10-12 23:01:40 UTC (rev 207249)
@@ -23,6 +23,7 @@
#include "Chrome.h"
#include "ChromeClient.h"
+#include "ContentSecurityPolicy.h"
#include "Event.h"
#include "EventHandler.h"
#include "EventNames.h"
@@ -770,8 +771,33 @@
HTMLPlugInElement::defaultEventHandler(event);
}
+bool HTMLPlugInImageElement::allowedToLoadPluginContent(const String& url, const String& mimeType) const
+{
+ URL completedURL;
+ if (!url.isEmpty())
+ completedURL = document().completeURL(url);
+
+ ASSERT(document().contentSecurityPolicy());
+ const ContentSecurityPolicy& contentSecurityPolicy = *document().contentSecurityPolicy();
+
+ contentSecurityPolicy.upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load);
+
+ String declaredMimeType = document().isPluginDocument() && document().ownerElement() ?
+ document().ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : attributeWithoutSynchronization(HTMLNames::typeAttr);
+ bool isInUserAgentShadowTree = this->isInUserAgentShadowTree();
+ return contentSecurityPolicy.allowObjectFromSource(completedURL, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL, isInUserAgentShadowTree);
+}
+
bool HTMLPlugInImageElement::requestObject(const String& url, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues)
{
+ if (url.isEmpty() && mimeType.isEmpty())
+ return false;
+
+ if (!allowedToLoadPluginContent(url, mimeType)) {
+ renderEmbeddedObject()->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
+ return false;
+ }
+
if (HTMLPlugInElement::requestObject(url, mimeType, paramNames, paramValues))
return true;
Modified: branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.h (207248 => 207249)
--- branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.h 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/html/HTMLPlugInImageElement.h 2016-10-12 23:01:40 UTC (rev 207249)
@@ -111,6 +111,8 @@
bool isPlugInImageElement() const final { return true; }
bool isRestartedPlugin() const final { return m_isRestartedPlugin; }
+ bool allowedToLoadPluginContent(const String& url, const String& mimeType) const;
+
void finishParsingChildren() final;
void didAddUserAgentShadowRoot(ShadowRoot*) final;
Modified: branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.cpp (207248 => 207249)
--- branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.cpp 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.cpp 2016-10-12 23:01:40 UTC (rev 207249)
@@ -108,22 +108,8 @@
return shouldUsePlugin(completedURL, mimeType, false, useFallback);
}
-bool SubframeLoader::isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType) const
+bool SubframeLoader::pluginIsLoadable(const URL& url, const String& mimeType)
{
- if (!document())
- return true;
-
- ASSERT(document()->contentSecurityPolicy());
- const ContentSecurityPolicy& contentSecurityPolicy = *document()->contentSecurityPolicy();
-
- String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ?
- document()->ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : pluginElement.attributeWithoutSynchronization(HTMLNames::typeAttr);
- bool isInUserAgentShadowTree = pluginElement.isInUserAgentShadowTree();
- return contentSecurityPolicy.allowObjectFromSource(url, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, url, isInUserAgentShadowTree);
-}
-
-bool SubframeLoader::pluginIsLoadable(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType)
-{
if (MIMETypeRegistry::isJavaAppletMIMEType(mimeType)) {
if (!m_frame.settings().isJavaEnabled())
return false;
@@ -140,12 +126,6 @@
return false;
}
- if (!isPluginContentAllowedByContentSecurityPolicy(pluginElement, url, mimeType)) {
- RenderEmbeddedObject* renderer = pluginElement.renderEmbeddedObject();
- renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
- return false;
- }
-
if (!m_frame.loader().mixedContentChecker().canRunInsecureContent(document()->securityOrigin(), url))
return false;
}
@@ -161,7 +141,7 @@
if ((!allowPlugins() && !MIMETypeRegistry::isApplicationPluginMIMEType(mimeType)))
return false;
- if (!pluginIsLoadable(ownerElement, url, mimeType))
+ if (!pluginIsLoadable(url, mimeType))
return false;
ASSERT(ownerElement.hasTagName(objectTag) || ownerElement.hasTagName(embedTag));
@@ -242,12 +222,6 @@
return success;
}
- if (!isPluginContentAllowedByContentSecurityPolicy(ownerElement, completedURL, mimeType)) {
- RenderEmbeddedObject* renderer = ownerElement.renderEmbeddedObject();
- renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
- return false;
- }
-
// If the plug-in element already contains a subframe, loadOrRedirectSubframe will re-use it. Otherwise,
// it will create a new frame and set it as the RenderWidget's Widget, causing what was previously
// in the widget to be torn down.
Modified: branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.h (207248 => 207249)
--- branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.h 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/loader/SubframeLoader.h 2016-10-12 23:01:40 UTC (rev 207249)
@@ -77,10 +77,8 @@
Frame* loadSubframe(HTMLFrameOwnerElement&, const URL&, const String& name, const String& referrer);
bool loadPlugin(HTMLPlugInImageElement&, const URL&, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback);
- bool isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement&, const URL&, const String& mimeType) const;
-
bool shouldUsePlugin(const URL&, const String& mimeType, bool hasFallback, bool& useFallback);
- bool pluginIsLoadable(HTMLPlugInImageElement&, const URL&, const String& mimeType);
+ bool pluginIsLoadable(const URL&, const String& mimeType);
Document* document() const;
Modified: branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (207248 => 207249)
--- branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-10-12 23:01:40 UTC (rev 207249)
@@ -765,7 +765,7 @@
#endif
}
-void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType)
+void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType) const
{
URL url = ""
upgradeInsecureRequestIfNeeded(url, requestType);
@@ -772,7 +772,7 @@
request.setURL(url);
}
-void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType)
+void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType) const
{
if (!url.protocolIs("http") && !url.protocolIs("ws"))
return;
Modified: branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h (207248 => 207249)
--- branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h 2016-10-12 23:01:32 UTC (rev 207248)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h 2016-10-12 23:01:40 UTC (rev 207249)
@@ -156,8 +156,8 @@
void setUpgradeInsecureRequests(bool);
bool upgradeInsecureRequests() const { return m_upgradeInsecureRequests; }
enum class InsecureRequestType { Load, FormSubmission, Navigation };
- void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType);
- void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType);
+ void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType) const;
+ void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) const;
HashSet<RefPtr<SecurityOrigin>>&& takeNavigationRequestsToUpgrade();
void inheritInsecureNavigationRequestsToUpgradeFromOpener(const ContentSecurityPolicy&);