Diff
Modified: trunk/LayoutTests/ChangeLog (103616 => 103617)
--- trunk/LayoutTests/ChangeLog 2011-12-23 10:20:39 UTC (rev 103616)
+++ trunk/LayoutTests/ChangeLog 2011-12-23 10:40:25 UTC (rev 103617)
@@ -1,3 +1,14 @@
+2011-12-23 Tom Sepez <[email protected]>
+
+ XSLT-created HTML documents do not inherit content-security-policy from originally loaded XML.
+ https://bugs.webkit.org/show_bug.cgi?id=75043
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/contentSecurityPolicy/resources/transform-to-img.xsl: Added.
+ * http/tests/security/contentSecurityPolicy/xsl-img-blocked-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/xsl-img-blocked.php: Added.
+
2011-12-23 Ilya Tikhonovsky <[email protected]>
Unreviewed upstream expectations.
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/transform-to-img.xsl (0 => 103617)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/transform-to-img.xsl (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/transform-to-img.xsl 2011-12-23 10:40:25 UTC (rev 103617)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:template match="/">
+ <html>
+ <head>
+ <script>
+//<![CDATA[
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+//]]>
+ </script>
+ </head>
+ <body>
+ Here is an image:
+ <img src=""
+ </body>
+ </html>
+ </xsl:template>
+</xsl:stylesheet>
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked-expected.txt (0 => 103617)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked-expected.txt 2011-12-23 10:40:25 UTC (rev 103617)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 1: Refused to load image from 'http://127.0.0.1:8000/security/resources/abe.png' because of Content-Security-Policy.
+
+Here is an image:
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked.php (0 => 103617)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked.php 2011-12-23 10:40:25 UTC (rev 103617)
@@ -0,0 +1,8 @@
+<?php
+header("Content-Type: text/xml");
+header("X-WebKit-CSP: img-src 'none'");
+
+echo '<?xml version="1.0" encoding="UTF-8"?>';
+echo '<?xml-stylesheet type="text/xsl" href=""
+?>
+<body/>
Modified: trunk/Source/WebCore/ChangeLog (103616 => 103617)
--- trunk/Source/WebCore/ChangeLog 2011-12-23 10:20:39 UTC (rev 103616)
+++ trunk/Source/WebCore/ChangeLog 2011-12-23 10:40:25 UTC (rev 103617)
@@ -1,3 +1,19 @@
+2011-12-23 Tom Sepez <[email protected]>
+
+ XSLT-created HTML documents do not inherit content-security-policy from originally loaded XML.
+ https://bugs.webkit.org/show_bug.cgi?id=75043
+
+ Reviewed by Adam Barth.
+
+ Test: http/tests/security/contentSecurityPolicy/xsl-img-blocked.php
+
+ * page/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::copyStateFrom):
+ (WebCore::ContentSecurityPolicy::didReceiveHeader):
+ * page/ContentSecurityPolicy.h:
+ * xml/XSLTProcessor.cpp:
+ (WebCore::XSLTProcessor::createDocumentFromSource):
+
2011-12-23 Darin Adler <[email protected]>
REGRESSION (r97533): Optgroup label is not disabled
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (103616 => 103617)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2011-12-23 10:20:39 UTC (rev 103616)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2011-12-23 10:40:25 UTC (rev 103617)
@@ -494,6 +494,13 @@
{
}
+void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)
+{
+ ASSERT(!m_havePolicy);
+ if (other->m_havePolicy)
+ didReceiveHeader(other->m_header, other->m_reportOnly ? ReportOnly : EnforcePolicy);
+}
+
void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType type)
{
if (m_havePolicy)
@@ -501,6 +508,7 @@
parse(header);
m_havePolicy = true;
+ m_header = header;
switch (type) {
case ReportOnly:
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.h (103616 => 103617)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.h 2011-12-23 10:20:39 UTC (rev 103616)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.h 2011-12-23 10:40:25 UTC (rev 103617)
@@ -44,6 +44,8 @@
}
~ContentSecurityPolicy();
+ void copyStateFrom(const ContentSecurityPolicy*);
+
enum HeaderType {
ReportOnly,
EnforcePolicy
@@ -92,6 +94,7 @@
ScriptExecutionContext* m_scriptExecutionContext;
bool m_reportOnly;
+ String m_header;
OwnPtr<CSPDirective> m_defaultSrc;
OwnPtr<CSPDirective> m_scriptSrc;
OwnPtr<CSPDirective> m_objectSrc;
Modified: trunk/Source/WebCore/xml/XSLTProcessor.cpp (103616 => 103617)
--- trunk/Source/WebCore/xml/XSLTProcessor.cpp 2011-12-23 10:20:39 UTC (rev 103616)
+++ trunk/Source/WebCore/xml/XSLTProcessor.cpp 2011-12-23 10:40:25 UTC (rev 103617)
@@ -28,6 +28,7 @@
#include "DOMImplementation.h"
#include "CachedResourceLoader.h"
+#include "ContentSecurityPolicy.h"
#include "DocumentFragment.h"
#include "Frame.h"
#include "FrameLoader.h"
@@ -91,6 +92,7 @@
result->setSecurityOrigin(oldDocument->securityOrigin());
result->setCookieURL(oldDocument->cookieURL());
result->setFirstPartyForCookies(oldDocument->firstPartyForCookies());
+ result->contentSecurityPolicy()->copyStateFrom(oldDocument->contentSecurityPolicy());
}
frame->setDocument(result);
