Title: [207196] branches/safari-602-branch
Revision
207196
Author
matthew_han...@apple.com
Date
2016-10-12 01:40:58 -0700 (Wed, 12 Oct 2016)

Log Message

Merge r203611. rdar://problem/28476958

Modified Paths

Added Paths

Diff

Modified: branches/safari-602-branch/LayoutTests/ChangeLog (207195 => 207196)


--- branches/safari-602-branch/LayoutTests/ChangeLog	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/LayoutTests/ChangeLog	2016-10-12 08:40:58 UTC (rev 207196)
@@ -1,5 +1,37 @@
 2016-10-11  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r203611. rdar://problem/28476958
+
+    2016-07-22  Daniel Bates  <daba...@apple.com>
+
+            CSP: object-src and plugin-types directives are not respected for plugin replacements
+            https://bugs.webkit.org/show_bug.cgi?id=159761
+            <rdar://problem/27365724>
+
+            Reviewed by Brent Fulgham.
+
+            Add layout tests to ensure that we apply the CSP object-src and plugin-types directives to content
+            that loads with either the QuickTime plugin replacement or YouTube plugin replacement.
+
+            * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt: Added.
+            * security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html: Added.
+            * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt: Added.
+            * security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html: Added.
+            * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt: Added.
+            * security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html: Added.
+            * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt: Added.
+            * security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html: Added.
+            * security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html: Added.
+
+2016-10-11  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r203522. rdar://problem/28476959
 
     2016-07-21  Daniel Bates  <daba...@apple.com>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load yellow.mov because it does not appear in the object-src directive of the Content Security Policy.
+

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<embed id="embed" width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov">
+</body>
+</html>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load https://www.youtube.com/v/UF8uR6Z6KLc because it does not appear in the object-src directive of the Content Security Policy.
+ 

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+    codebase=""
+    <embed width="425" height="350" type="application/x-shockwave-flash" src=""
+</object>
+</body>
+</html>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+ALERT: PASS did load plugin.
+

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types video/quicktime">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+</script>
+</head>
+<body>
+<embed id="embed" type="video/quicktime" width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov" postdomevents=true>
+<script>
+document.getElementById("embed").addEventListener("qt_begin", function () {
+    alert("PASS did load plugin.");
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, true);
+</script>
+</body>
+</html>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+Blocked access to external URL https://www.youtube.com/embed/UF8uR6Z6KLc?showinfo=0
+

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types application/x-shockwave-flash">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+
+// Waiting at least 100ms seems to ensure that YouTube plugin replacement has loaded.
+window.setTimeout(function () {
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, 100);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+    codebase=""
+    <embed width="425" height="350" type="application/x-shockwave-flash" src=""
+</object>
+</body>
+</html>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load yellow.mov because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load yellow.mov because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<embed width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov">
+</body>
+</html>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<embed type="video/quicktime" width="640" height="480" src="" qtsrc="../../plugins/resources/orange.mov">
+</body>
+</html>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load https://www.youtube.com/v/UF8uR6Z6KLc because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+ 

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type-expected.txt	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Refused to load https://www.youtube.com/v/UF8uR6Z6KLc because its MIME type does not appear in the plugin-types directive of the Content Security Policy.
+ 

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+    codebase=""
+    <embed width="425" height="350" src=""
+</object>
+</body>
+</html>

Added: branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html (0 => 207196)


--- branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html	2016-10-12 08:40:58 UTC (rev 207196)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="plugin-types text/html">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setPluginReplacementEnabled(true);
+
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+document.addEventListener("securitypolicyviolation", done, false);
+</script>
+</head>
+<body>
+<object width="425" height="350" classid=""
+    codebase=""
+    <embed width="425" height="350" type="application/x-shockwave-flash" src=""
+</object>
+</body>
+</html>

Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (207195 => 207196)


--- branches/safari-602-branch/Source/WebCore/ChangeLog	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog	2016-10-12 08:40:58 UTC (rev 207196)
@@ -1,5 +1,47 @@
 2016-10-11  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r203611. rdar://problem/28476958
+
+    2016-07-22  Daniel Bates  <daba...@apple.com>
+
+            CSP: object-src and plugin-types directives are not respected for plugin replacements
+            https://bugs.webkit.org/show_bug.cgi?id=159761
+            <rdar://problem/27365724>
+
+            Reviewed by Brent Fulgham.
+
+            Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
+            load with a plugin replacement.
+
+            Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
+                   security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
+                   security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
+                   security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
+                   security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
+                   security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
+                   security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
+                   security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html
+
+            * html/HTMLPlugInImageElement.cpp:
+            (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
+            (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
+            are allowed to load such content.
+            * html/HTMLPlugInImageElement.h:
+            * loader/SubframeLoader.cpp:
+            (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
+            earlier in HTMLPlugInImageElement::requestObject().
+            (WebCore::SubframeLoader::requestPlugin): Ditto.
+            (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
+            to HTMLPlugInImageElement::allowedToLoadPluginContent().
+            (WebCore::SubframeLoader::requestObject): Deleted.
+            * loader/SubframeLoader.h:
+            * page/csp/ContentSecurityPolicy.cpp:
+            (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
+            function to a const function since these functions do not modify |this|.
+            * page/csp/ContentSecurityPolicy.h:
+
+2016-10-11  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r203522. rdar://problem/28476959
 
     2016-07-21  Daniel Bates  <daba...@apple.com>

Modified: branches/safari-602-branch/Source/WebCore/html/HTMLPlugInImageElement.cpp (207195 => 207196)


--- branches/safari-602-branch/Source/WebCore/html/HTMLPlugInImageElement.cpp	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/Source/WebCore/html/HTMLPlugInImageElement.cpp	2016-10-12 08:40:58 UTC (rev 207196)
@@ -23,6 +23,7 @@
 
 #include "Chrome.h"
 #include "ChromeClient.h"
+#include "ContentSecurityPolicy.h"
 #include "Event.h"
 #include "EventHandler.h"
 #include "EventNames.h"
@@ -770,8 +771,33 @@
     HTMLPlugInElement::defaultEventHandler(event);
 }
 
+bool HTMLPlugInImageElement::allowedToLoadPluginContent(const String& url, const String& mimeType) const
+{
+    URL completedURL;
+    if (!url.isEmpty())
+        completedURL = document().completeURL(url);
+
+    ASSERT(document().contentSecurityPolicy());
+    const ContentSecurityPolicy& contentSecurityPolicy = *document().contentSecurityPolicy();
+
+    contentSecurityPolicy.upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load);
+
+    String declaredMimeType = document().isPluginDocument() && document().ownerElement() ?
+        document().ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : attributeWithoutSynchronization(HTMLNames::typeAttr);
+    bool isInUserAgentShadowTree = this->isInUserAgentShadowTree();
+    return contentSecurityPolicy.allowObjectFromSource(completedURL, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL, isInUserAgentShadowTree);
+}
+
 bool HTMLPlugInImageElement::requestObject(const String& url, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues)
 {
+    if (url.isEmpty() && mimeType.isEmpty())
+        return false;
+
+    if (!allowedToLoadPluginContent(url, mimeType)) {
+        renderEmbeddedObject()->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
+        return false;
+    }
+
     if (HTMLPlugInElement::requestObject(url, mimeType, paramNames, paramValues))
         return true;
     

Modified: branches/safari-602-branch/Source/WebCore/html/HTMLPlugInImageElement.h (207195 => 207196)


--- branches/safari-602-branch/Source/WebCore/html/HTMLPlugInImageElement.h	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/Source/WebCore/html/HTMLPlugInImageElement.h	2016-10-12 08:40:58 UTC (rev 207196)
@@ -111,6 +111,8 @@
     bool isPlugInImageElement() const final { return true; }
     bool isRestartedPlugin() const final { return m_isRestartedPlugin; }
 
+    bool allowedToLoadPluginContent(const String& url, const String& mimeType) const;
+
     void finishParsingChildren() final;
     void didAddUserAgentShadowRoot(ShadowRoot*) final;
 

Modified: branches/safari-602-branch/Source/WebCore/loader/SubframeLoader.cpp (207195 => 207196)


--- branches/safari-602-branch/Source/WebCore/loader/SubframeLoader.cpp	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/Source/WebCore/loader/SubframeLoader.cpp	2016-10-12 08:40:58 UTC (rev 207196)
@@ -108,22 +108,8 @@
     return shouldUsePlugin(completedURL, mimeType, false, useFallback);
 }
 
-bool SubframeLoader::isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType) const
+bool SubframeLoader::pluginIsLoadable(const URL& url, const String& mimeType)
 {
-    if (!document())
-        return true;
-
-    ASSERT(document()->contentSecurityPolicy());
-    const ContentSecurityPolicy& contentSecurityPolicy = *document()->contentSecurityPolicy();
-
-    String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ?
-        document()->ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : pluginElement.attributeWithoutSynchronization(HTMLNames::typeAttr);
-    bool isInUserAgentShadowTree = pluginElement.isInUserAgentShadowTree();
-    return contentSecurityPolicy.allowObjectFromSource(url, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, url, isInUserAgentShadowTree);
-}
-
-bool SubframeLoader::pluginIsLoadable(HTMLPlugInImageElement& pluginElement, const URL& url, const String& mimeType)
-{
     if (MIMETypeRegistry::isJavaAppletMIMEType(mimeType)) {
         if (!m_frame.settings().isJavaEnabled())
             return false;
@@ -140,12 +126,6 @@
             return false;
         }
 
-        if (!isPluginContentAllowedByContentSecurityPolicy(pluginElement, url, mimeType)) {
-            RenderEmbeddedObject* renderer = pluginElement.renderEmbeddedObject();
-            renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
-            return false;
-        }
-
         if (!m_frame.loader().mixedContentChecker().canRunInsecureContent(document()->securityOrigin(), url))
             return false;
     }
@@ -161,7 +141,7 @@
     if ((!allowPlugins() && !MIMETypeRegistry::isApplicationPluginMIMEType(mimeType)))
         return false;
 
-    if (!pluginIsLoadable(ownerElement, url, mimeType))
+    if (!pluginIsLoadable(url, mimeType))
         return false;
 
     ASSERT(ownerElement.hasTagName(objectTag) || ownerElement.hasTagName(embedTag));
@@ -242,12 +222,6 @@
         return success;
     }
 
-    if (!isPluginContentAllowedByContentSecurityPolicy(ownerElement, completedURL, mimeType)) {
-        RenderEmbeddedObject* renderer = ownerElement.renderEmbeddedObject();
-        renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
-        return false;
-    }
-
     // If the plug-in element already contains a subframe, loadOrRedirectSubframe will re-use it. Otherwise,
     // it will create a new frame and set it as the RenderWidget's Widget, causing what was previously 
     // in the widget to be torn down.

Modified: branches/safari-602-branch/Source/WebCore/loader/SubframeLoader.h (207195 => 207196)


--- branches/safari-602-branch/Source/WebCore/loader/SubframeLoader.h	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/Source/WebCore/loader/SubframeLoader.h	2016-10-12 08:40:58 UTC (rev 207196)
@@ -77,10 +77,8 @@
     Frame* loadSubframe(HTMLFrameOwnerElement&, const URL&, const String& name, const String& referrer);
     bool loadPlugin(HTMLPlugInImageElement&, const URL&, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback);
 
-    bool isPluginContentAllowedByContentSecurityPolicy(HTMLPlugInImageElement&, const URL&, const String& mimeType) const;
-
     bool shouldUsePlugin(const URL&, const String& mimeType, bool hasFallback, bool& useFallback);
-    bool pluginIsLoadable(HTMLPlugInImageElement&, const URL&, const String& mimeType);
+    bool pluginIsLoadable(const URL&, const String& mimeType);
 
     Document* document() const;
 

Modified: branches/safari-602-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (207195 => 207196)


--- branches/safari-602-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp	2016-10-12 08:40:58 UTC (rev 207196)
@@ -765,7 +765,7 @@
 #endif
 }
 
-void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType)
+void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType) const
 {
     URL url = ""
     upgradeInsecureRequestIfNeeded(url, requestType);
@@ -772,7 +772,7 @@
     request.setURL(url);
 }
 
-void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType)
+void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType) const
 {
     if (!url.protocolIs("http") && !url.protocolIs("ws"))
         return;

Modified: branches/safari-602-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h (207195 => 207196)


--- branches/safari-602-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h	2016-10-12 08:40:49 UTC (rev 207195)
+++ branches/safari-602-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h	2016-10-12 08:40:58 UTC (rev 207196)
@@ -156,8 +156,8 @@
     void setUpgradeInsecureRequests(bool);
     bool upgradeInsecureRequests() const { return m_upgradeInsecureRequests; }
     enum class InsecureRequestType { Load, FormSubmission, Navigation };
-    void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType);
-    void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType);
+    void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType) const;
+    void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) const;
 
     HashSet<RefPtr<SecurityOrigin>>&& takeNavigationRequestsToUpgrade();
     void inheritInsecureNavigationRequestsToUpgradeFromOpener(const ContentSecurityPolicy&);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to