Diff
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (287302 => 287303)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2021-12-21 08:45:38 UTC (rev 287303)
@@ -1,3 +1,14 @@
+2021-12-21 Carlos Garcia Campos <[email protected]>
+
+ CSP: Include the sample in eval violation reports
+ https://bugs.webkit.org/show_bug.cgi?id=234390
+
+ Reviewed by Kate Cheney.
+
+ Update expectations.
+
+ * web-platform-tests/content-security-policy/securitypolicyviolation/script-sample-expected.txt:
+
2021-12-20 Patrick Griffis <[email protected]>
CSP: Always use UTF-8 encoded content when checking hashes
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/script-sample-expected.txt (287302 => 287303)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/script-sample-expected.txt 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/script-sample-expected.txt 2021-12-21 08:45:38 UTC (rev 287303)
@@ -5,7 +5,7 @@
PASS Inline script should have a sample.
PASS Inline event handlers should have a sample.
TIMEOUT _javascript_ URLs in iframes should have a sample. Test timed out
-TIMEOUT eval() should have a sample. Test timed out
-TIMEOUT setInterval() should have a sample. Test timed out
-TIMEOUT setTimeout() should have a sample. Test timed out
+PASS eval() should have a sample.
+PASS setInterval() should have a sample.
+PASS setTimeout() should have a sample.
Modified: trunk/Source/_javascript_Core/ChangeLog (287302 => 287303)
--- trunk/Source/_javascript_Core/ChangeLog 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-12-21 08:45:38 UTC (rev 287303)
@@ -1,3 +1,26 @@
+2021-12-21 Carlos Garcia Campos <[email protected]>
+
+ CSP: Include the sample in eval violation reports
+ https://bugs.webkit.org/show_bug.cgi?id=234390
+
+ Reviewed by Kate Cheney.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::eval): Pass the code to reportViolationForUnsafeEval().
+ * runtime/DirectEvalExecutable.cpp:
+ (JSC::DirectEvalExecutable::create): Ditto.
+ * runtime/FunctionConstructor.cpp:
+ (JSC::stringifyFunction): Helper function with the code to stringify function to be called also for the csp
+ violation report.
+ (JSC::constructFunction): Call stringifyFunction() to get the code for reportViolationForUnsafeEval().
+ (JSC::constructFunctionSkippingEvalEnabledCheck): Use stringifyFunction().
+ * runtime/IndirectEvalExecutable.cpp:
+ (JSC::IndirectEvalExecutable::createImpl): Pass the code to reportViolationForUnsafeEval().
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::reportViolationForUnsafeEval): Add string parameter for the code sample.
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::JSC_DEFINE_HOST_FUNCTION): Pass the code to reportViolationForUnsafeEval().
+
2021-12-21 Zan Dobersek <[email protected]>
[RISCV64] Add basic MacroAssemblerRISCV64 branching methods
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (287302 => 287303)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -98,13 +98,15 @@
if (!program.isString())
return program;
+ auto* programString = asString(program);
+
TopCallFrameSetter topCallFrame(vm, callFrame);
if (!globalObject->evalEnabled()) {
- globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject);
+ globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject, programString);
throwException(globalObject, scope, createEvalError(globalObject, globalObject->evalDisabledErrorMessage()));
return jsUndefined();
}
- String programSource = asString(program)->value(globalObject);
+ String programSource = programString->value(globalObject);
RETURN_IF_EXCEPTION(scope, JSValue());
CallFrame* callerFrame = callFrame->callerFrame();
Modified: trunk/Source/_javascript_Core/runtime/DirectEvalExecutable.cpp (287302 => 287303)
--- trunk/Source/_javascript_Core/runtime/DirectEvalExecutable.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/_javascript_Core/runtime/DirectEvalExecutable.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -40,7 +40,7 @@
auto scope = DECLARE_THROW_SCOPE(vm);
if (!globalObject->evalEnabled()) {
- globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject);
+ globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject, source.provider() ? jsNontrivialString(vm, source.provider()->source().toString()) : nullptr);
throwException(globalObject, scope, createEvalError(globalObject, globalObject->evalDisabledErrorMessage()));
return nullptr;
}
Modified: trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp (287302 => 287303)
--- trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -64,28 +64,8 @@
putDirectWithoutTransition(vm, vm.propertyNames->prototype, functionPrototype, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly);
}
-// ECMA 15.3.2 The Function Constructor
-JSObject* constructFunction(JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const SourceOrigin& sourceOrigin, const String& sourceURL, const TextPosition& position, FunctionConstructionMode functionConstructionMode, JSValue newTarget)
+static String stringifyFunction(JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, FunctionConstructionMode functionConstructionMode, ThrowScope& scope, std::optional<int>& functionConstructorParametersEndPosition)
{
- VM& vm = globalObject->vm();
- auto scope = DECLARE_THROW_SCOPE(vm);
-
- if (UNLIKELY(!globalObject->evalEnabled())) {
- globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject);
- throwException(globalObject, scope, createEvalError(globalObject, globalObject->evalDisabledErrorMessage()));
- return nullptr;
- }
- RELEASE_AND_RETURN(scope, constructFunctionSkippingEvalEnabledCheck(globalObject, args, functionName, sourceOrigin, sourceURL, position, -1, functionConstructionMode, newTarget));
-}
-
-JSObject* constructFunctionSkippingEvalEnabledCheck(
- JSGlobalObject* globalObject, const ArgList& args,
- const Identifier& functionName, const SourceOrigin& sourceOrigin, const String& sourceURL,
- const TextPosition& position, int overrideLineNumber, FunctionConstructionMode functionConstructionMode, JSValue newTarget)
-{
- VM& vm = globalObject->vm();
- auto scope = DECLARE_THROW_SCOPE(vm);
-
const char* prefix = nullptr;
switch (functionConstructionMode) {
case FunctionConstructionMode::Function:
@@ -105,16 +85,16 @@
// How we stringify functions is sometimes important for web compatibility.
// See https://bugs.webkit.org/show_bug.cgi?id=24350.
String program;
- std::optional<int> functionConstructorParametersEndPosition = std::nullopt;
+ functionConstructorParametersEndPosition = std::nullopt;
if (args.isEmpty())
program = makeString(prefix, functionName.string(), "() {\n\n}");
else if (args.size() == 1) {
auto body = args.at(0).toWTFString(globalObject);
- RETURN_IF_EXCEPTION(scope, nullptr);
+ RETURN_IF_EXCEPTION(scope, { });
program = tryMakeString(prefix, functionName.string(), "() {\n", body, "\n}");
if (UNLIKELY(!program)) {
throwOutOfMemoryError(globalObject, scope);
- return nullptr;
+ return { };
}
} else {
StringBuilder builder(StringBuilder::OverflowHandler::RecordOverflow);
@@ -121,36 +101,66 @@
builder.append(prefix, functionName.string(), '(');
auto* jsString = args.at(0).toString(globalObject);
- RETURN_IF_EXCEPTION(scope, nullptr);
+ RETURN_IF_EXCEPTION(scope, { });
auto viewWithString = jsString->viewWithUnderlyingString(globalObject);
- RETURN_IF_EXCEPTION(scope, nullptr);
+ RETURN_IF_EXCEPTION(scope, { });
builder.append(viewWithString.view);
for (size_t i = 1; !builder.hasOverflowed() && i < args.size() - 1; i++) {
auto* jsString = args.at(i).toString(globalObject);
- RETURN_IF_EXCEPTION(scope, nullptr);
+ RETURN_IF_EXCEPTION(scope, { });
auto viewWithString = jsString->viewWithUnderlyingString(globalObject);
- RETURN_IF_EXCEPTION(scope, nullptr);
+ RETURN_IF_EXCEPTION(scope, { });
builder.append(", ", viewWithString.view);
}
if (UNLIKELY(builder.hasOverflowed())) {
throwOutOfMemoryError(globalObject, scope);
- return nullptr;
+ return { };
}
functionConstructorParametersEndPosition = builder.length() + 1;
auto* bodyString = args.at(args.size() - 1).toString(globalObject);
- RETURN_IF_EXCEPTION(scope, nullptr);
+ RETURN_IF_EXCEPTION(scope, { });
auto body = bodyString->viewWithUnderlyingString(globalObject);
- RETURN_IF_EXCEPTION(scope, nullptr);
+ RETURN_IF_EXCEPTION(scope, { });
builder.append(") {\n", body.view, "\n}");
if (UNLIKELY(builder.hasOverflowed())) {
throwOutOfMemoryError(globalObject, scope);
- return nullptr;
+ return { };
}
program = builder.toString();
}
+ return program;
+}
+
+// ECMA 15.3.2 The Function Constructor
+JSObject* constructFunction(JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const SourceOrigin& sourceOrigin, const String& sourceURL, const TextPosition& position, FunctionConstructionMode functionConstructionMode, JSValue newTarget)
+{
+ VM& vm = globalObject->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
+ if (UNLIKELY(!globalObject->evalEnabled())) {
+ auto codeScope = DECLARE_THROW_SCOPE(vm);
+ std::optional<int> functionConstructorParametersEndPosition;
+ auto code = stringifyFunction(globalObject, args, functionName, functionConstructionMode, codeScope, functionConstructorParametersEndPosition);
+ globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject, !code.isNull() ? jsNontrivialString(vm, WTFMove(code)) : nullptr);
+ throwException(globalObject, scope, createEvalError(globalObject, globalObject->evalDisabledErrorMessage()));
+ return nullptr;
+ }
+ RELEASE_AND_RETURN(scope, constructFunctionSkippingEvalEnabledCheck(globalObject, args, functionName, sourceOrigin, sourceURL, position, -1, functionConstructionMode, newTarget));
+}
+
+JSObject* constructFunctionSkippingEvalEnabledCheck(JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const SourceOrigin& sourceOrigin, const String& sourceURL, const TextPosition& position, int overrideLineNumber, FunctionConstructionMode functionConstructionMode, JSValue newTarget)
+{
+ VM& vm = globalObject->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
+ std::optional<int> functionConstructorParametersEndPosition;
+ auto program = stringifyFunction(globalObject, args, functionName, functionConstructionMode, scope, functionConstructorParametersEndPosition);
+ if (program.isNull())
+ return nullptr;
+
SourceCode source = makeSource(program, sourceOrigin, sourceURL, position);
JSObject* exception = nullptr;
FunctionExecutable* function = FunctionExecutable::fromGlobalCode(functionName, globalObject, source, exception, overrideLineNumber, functionConstructorParametersEndPosition);
Modified: trunk/Source/_javascript_Core/runtime/IndirectEvalExecutable.cpp (287302 => 287303)
--- trunk/Source/_javascript_Core/runtime/IndirectEvalExecutable.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/_javascript_Core/runtime/IndirectEvalExecutable.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -42,7 +42,7 @@
auto scope = DECLARE_THROW_SCOPE(vm);
if (!globalObject->evalEnabled()) {
- globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject);
+ globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject, source.provider() ? jsNontrivialString(vm, source.provider()->source().toString()) : nullptr);
throwException(globalObject, scope, createEvalError(globalObject, globalObject->evalDisabledErrorMessage()));
return nullptr;
}
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (287302 => 287303)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2021-12-21 08:45:38 UTC (rev 287303)
@@ -253,7 +253,7 @@
typedef ScriptExecutionStatus (*ScriptExecutionStatusPtr)(JSGlobalObject*, JSObject* scriptExecutionOwner);
ScriptExecutionStatusPtr scriptExecutionStatus;
- typedef void (*ReportViolationForUnsafeEvalPtr)(JSGlobalObject*);
+ typedef void (*ReportViolationForUnsafeEvalPtr)(JSGlobalObject*, JSString*);
ReportViolationForUnsafeEvalPtr reportViolationForUnsafeEval;
typedef String (*DefaultLanguageFunctionPtr)();
@@ -931,7 +931,7 @@
static void reportUncaughtExceptionAtEventLoop(JSGlobalObject*, Exception*);
static JSObject* currentScriptExecutionOwner(JSGlobalObject* global) { return global; }
static ScriptExecutionStatus scriptExecutionStatus(JSGlobalObject*, JSObject*) { return ScriptExecutionStatus::Running; }
- static void reportViolationForUnsafeEval(JSGlobalObject*) { }
+ static void reportViolationForUnsafeEval(JSGlobalObject*, JSString*) { }
JSObject* arrayBufferPrototype(ArrayBufferSharingMode sharingMode) const
{
@@ -1080,7 +1080,7 @@
JS_EXPORT_PRIVATE void queueMicrotask(Ref<Microtask>&&);
- static void reportViolationForUnsafeEval(const JSGlobalObject*) { }
+ static void reportViolationForUnsafeEval(const JSGlobalObject*, JSString*) { }
bool evalEnabled() const { return m_evalEnabled; }
bool webAssemblyEnabled() const { return m_webAssemblyEnabled; }
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp (287302 => 287303)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -470,13 +470,15 @@
if (!x.isString())
return JSValue::encode(x);
+
+ auto codeString = asString(x);
if (!globalObject->evalEnabled()) {
- globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject);
+ globalObject->globalObjectMethodTable()->reportViolationForUnsafeEval(globalObject, codeString);
throwException(globalObject, scope, createEvalError(globalObject, globalObject->evalDisabledErrorMessage()));
return JSValue::encode(jsUndefined());
}
- String s = asString(x)->value(globalObject);
+ String s = codeString->value(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
JSValue parsedObject;
Modified: trunk/Source/WebCore/ChangeLog (287302 => 287303)
--- trunk/Source/WebCore/ChangeLog 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/ChangeLog 2021-12-21 08:45:38 UTC (rev 287303)
@@ -1,3 +1,32 @@
+2021-12-21 Carlos Garcia Campos <[email protected]>
+
+ CSP: Include the sample in eval violation reports
+ https://bugs.webkit.org/show_bug.cgi?id=234390
+
+ Reviewed by Kate Cheney.
+
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::JSDOMWindowBase::reportViolationForUnsafeEval): Handle the source parameter and pass it to allowEval().
+ * bindings/js/JSDOMWindowBase.h:
+ * bindings/js/JSWorkerGlobalScopeBase.cpp:
+ (WebCore::JSWorkerGlobalScopeBase::reportViolationForUnsafeEval): Handle the source parameter.
+ * bindings/js/JSWorkerGlobalScopeBase.h:
+ * bindings/js/JSWorkletGlobalScopeBase.cpp:
+ (WebCore::JSWorkletGlobalScopeBase::reportViolationForUnsafeEval): Ditto.
+ * bindings/js/JSWorkletGlobalScopeBase.h:
+ * bindings/js/ScheduledAction.h:
+ (WebCore::ScheduledAction::code const): Return the code.
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::setTimeout): Pass the code to allowEval().
+ (WebCore::DOMWindow::setInterval): Ditto.
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::allowEval const): Handle codeContent parameter and pass it to reportViolation().
+ (WebCore::ContentSecurityPolicy::reportViolation const): Ditto.
+ * page/csp/ContentSecurityPolicy.h:
+ * workers/WorkerGlobalScope.cpp:
+ (WebCore::WorkerGlobalScope::setTimeout): Pass the code to allowEval().
+ (WebCore::WorkerGlobalScope::setInterval): Ditto.
+
2021-12-21 Fujii Hironori <[email protected]>
MSVC reports "SVGPropertyAnimator.h(94): error C2839: invalid return type 'T *' for overloaded 'operator ->'" with /std:c++20
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp (287302 => 287303)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -255,7 +255,7 @@
return jsCast<JSDocument*>(owner)->wrapped().jscScriptExecutionStatus();
}
-void JSDOMWindowBase::reportViolationForUnsafeEval(JSGlobalObject* object)
+void JSDOMWindowBase::reportViolationForUnsafeEval(JSGlobalObject* object, JSString* source)
{
const JSDOMWindowBase* thisObject = static_cast<const JSDOMWindowBase*>(object);
ContentSecurityPolicy* contentSecurityPolicy = nullptr;
@@ -270,7 +270,7 @@
if (!contentSecurityPolicy)
return;
- contentSecurityPolicy->allowEval(object, LogToConsole::No, false);
+ contentSecurityPolicy->allowEval(object, LogToConsole::No, source ? source->tryGetValue() : StringView());
}
void JSDOMWindowBase::willRemoveFromWindowProxy()
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h (287302 => 287303)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h 2021-12-21 08:45:38 UTC (rev 287303)
@@ -81,7 +81,7 @@
static void queueMicrotaskToEventLoop(JSC::JSGlobalObject&, Ref<JSC::Microtask>&&);
static JSC::JSObject* currentScriptExecutionOwner(JSC::JSGlobalObject*);
static JSC::ScriptExecutionStatus scriptExecutionStatus(JSC::JSGlobalObject*, JSC::JSObject*);
- static void reportViolationForUnsafeEval(JSC::JSGlobalObject*);
+ static void reportViolationForUnsafeEval(JSC::JSGlobalObject*, JSC::JSString*);
void printErrorMessage(const String&) const;
Modified: trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp (287302 => 287303)
--- trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -134,9 +134,9 @@
return jsCast<JSWorkerGlobalScopeBase*>(globalObject)->scriptExecutionContext()->jscScriptExecutionStatus();
}
-void JSWorkerGlobalScopeBase::reportViolationForUnsafeEval(JSC::JSGlobalObject* globalObject)
+void JSWorkerGlobalScopeBase::reportViolationForUnsafeEval(JSC::JSGlobalObject* globalObject, JSC::JSString* source)
{
- return JSGlobalObject::reportViolationForUnsafeEval(globalObject);
+ return JSGlobalObject::reportViolationForUnsafeEval(globalObject, source);
}
void JSWorkerGlobalScopeBase::queueMicrotaskToEventLoop(JSGlobalObject& object, Ref<JSC::Microtask>&& task)
Modified: trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h (287302 => 287303)
--- trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h 2021-12-21 08:45:38 UTC (rev 287303)
@@ -64,7 +64,7 @@
static JSC::RuntimeFlags _javascript_RuntimeFlags(const JSC::JSGlobalObject*);
static JSC::ScriptExecutionStatus scriptExecutionStatus(JSC::JSGlobalObject*, JSC::JSObject*);
static void queueMicrotaskToEventLoop(JSC::JSGlobalObject&, Ref<JSC::Microtask>&&);
- static void reportViolationForUnsafeEval(JSC::JSGlobalObject*);
+ static void reportViolationForUnsafeEval(JSC::JSGlobalObject*, JSC::JSString*);
protected:
JSWorkerGlobalScopeBase(JSC::VM&, JSC::Structure*, RefPtr<WorkerGlobalScope>&&);
Modified: trunk/Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp (287302 => 287303)
--- trunk/Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -109,9 +109,9 @@
return jsCast<JSWorkletGlobalScopeBase*>(globalObject)->scriptExecutionContext()->jscScriptExecutionStatus();
}
-void JSWorkletGlobalScopeBase::reportViolationForUnsafeEval(JSC::JSGlobalObject* globalObject)
+void JSWorkletGlobalScopeBase::reportViolationForUnsafeEval(JSC::JSGlobalObject* globalObject, JSC::JSString* source)
{
- return JSGlobalObject::reportViolationForUnsafeEval(globalObject);
+ return JSGlobalObject::reportViolationForUnsafeEval(globalObject, source);
}
bool JSWorkletGlobalScopeBase::supportsRichSourceInfo(const JSGlobalObject* object)
Modified: trunk/Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h (287302 => 287303)
--- trunk/Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h 2021-12-21 08:45:38 UTC (rev 287303)
@@ -61,7 +61,7 @@
static JSC::RuntimeFlags _javascript_RuntimeFlags(const JSC::JSGlobalObject*);
static JSC::ScriptExecutionStatus scriptExecutionStatus(JSC::JSGlobalObject*, JSC::JSObject*);
static void queueMicrotaskToEventLoop(JSC::JSGlobalObject&, Ref<JSC::Microtask>&&);
- static void reportViolationForUnsafeEval(JSC::JSGlobalObject*);
+ static void reportViolationForUnsafeEval(JSC::JSGlobalObject*, JSC::JSString*);
protected:
JSWorkletGlobalScopeBase(JSC::VM&, JSC::Structure*, RefPtr<WorkletGlobalScope>&&);
Modified: trunk/Source/WebCore/bindings/js/ScheduledAction.h (287302 => 287303)
--- trunk/Source/WebCore/bindings/js/ScheduledAction.h 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/bindings/js/ScheduledAction.h 2021-12-21 08:45:38 UTC (rev 287303)
@@ -47,6 +47,8 @@
enum class Type { Code, Function };
Type type() const;
+ StringView code() const { return m_code; }
+
void execute(ScriptExecutionContext&);
private:
Modified: trunk/Source/WebCore/page/DOMWindow.cpp (287302 => 287303)
--- trunk/Source/WebCore/page/DOMWindow.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/page/DOMWindow.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -1802,7 +1802,7 @@
// FIXME: Should this check really happen here? Or should it happen when code is about to eval?
if (action->type() == ScheduledAction::Type::Code) {
- if (!context->contentSecurityPolicy()->allowEval(context->globalObject(), LogToConsole::Yes))
+ if (!context->contentSecurityPolicy()->allowEval(context->globalObject(), LogToConsole::Yes, action->code()))
return 0;
}
@@ -1827,7 +1827,7 @@
// FIXME: Should this check really happen here? Or should it happen when code is about to eval?
if (action->type() == ScheduledAction::Type::Code) {
- if (!context->contentSecurityPolicy()->allowEval(context->globalObject(), LogToConsole::Yes))
+ if (!context->contentSecurityPolicy()->allowEval(context->globalObject(), LogToConsole::Yes, action->code()))
return 0;
}
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (287302 => 287303)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -511,7 +511,7 @@
return checkHashAndReportViolation(styleContent.toString(), &ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeInlineStyleElement, &ContentSecurityPolicyDirectiveList::violatedDirectiveForStyleHash, m_hashAlgorithmsForInlineStylesheets, handleViolatedDirective);
}
-bool ContentSecurityPolicy::allowEval(JSC::JSGlobalObject* state, LogToConsole shouldLogToConsole, bool overrideContentSecurityPolicy) const
+bool ContentSecurityPolicy::allowEval(JSC::JSGlobalObject* state, LogToConsole shouldLogToConsole, StringView codeContent, bool overrideContentSecurityPolicy) const
{
if (overrideContentSecurityPolicy)
return true;
@@ -518,7 +518,7 @@
bool didNotifyInspector = false;
auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) {
String consoleMessage = shouldLogToConsole == LogToConsole::Yes ? consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::scriptSrc, violatedDirective, URL(), "Refused to execute a script", "'unsafe-eval'") : String();
- reportViolation(ContentSecurityPolicyDirectiveNames::scriptSrc, violatedDirective, "eval", consoleMessage, state);
+ reportViolation(ContentSecurityPolicyDirectiveNames::scriptSrc, violatedDirective, "eval", consoleMessage, state, codeContent);
if (!didNotifyInspector && !violatedDirective.directiveList().isReportOnly()) {
reportBlockedScriptExecutionToInspector(violatedDirective.text());
didNotifyInspector = true;
@@ -754,10 +754,10 @@
return SecurityOrigin::create(url)->toString();
}
-void ContentSecurityPolicy::reportViolation(const String& violatedDirective, const ContentSecurityPolicyDirective& effectiveViolatedDirective, const String& blockedURL, const String& consoleMessage, JSC::JSGlobalObject* state) const
+void ContentSecurityPolicy::reportViolation(const String& violatedDirective, const ContentSecurityPolicyDirective& effectiveViolatedDirective, const String& blockedURL, const String& consoleMessage, JSC::JSGlobalObject* state, StringView sourceContent) const
{
- // FIXME: Extract source file, content, and position from JSC::ExecState.
- return reportViolation(violatedDirective, effectiveViolatedDirective.nameForReporting().convertToASCIILowercase(), effectiveViolatedDirective.directiveList(), blockedURL, consoleMessage, String(), StringView(), TextPosition(OrdinalNumber::beforeFirst(), OrdinalNumber::beforeFirst()), state);
+ // FIXME: Extract source file, and position from JSC::ExecState.
+ return reportViolation(violatedDirective, effectiveViolatedDirective.nameForReporting().convertToASCIILowercase(), effectiveViolatedDirective.directiveList(), blockedURL, consoleMessage, String(), sourceContent, TextPosition(OrdinalNumber::beforeFirst(), OrdinalNumber::beforeFirst()), state);
}
void ContentSecurityPolicy::reportViolation(const String& effectiveViolatedDirective, const String& violatedDirective, const ContentSecurityPolicyDirectiveList& violatedDirectiveList, const String& blockedURL, const String& consoleMessage, JSC::JSGlobalObject* state) const
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h (287302 => 287303)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h 2021-12-21 08:45:38 UTC (rev 287303)
@@ -104,7 +104,7 @@
bool allowNonParserInsertedScripts(const URL&, const String&, const StringView&, ParserInserted) const;
bool allowInlineStyle(const String& contextURL, const OrdinalNumber& contextLine, StringView styleContent, CheckUnsafeHashes, Element&, bool overrideContentSecurityPolicy = false) const;
- bool allowEval(JSC::JSGlobalObject*, LogToConsole, bool overrideContentSecurityPolicy = false) const;
+ bool allowEval(JSC::JSGlobalObject*, LogToConsole, StringView codeContent, bool overrideContentSecurityPolicy = false) const;
bool allowPluginType(const String& type, const String& typeAttribute, const URL&, bool overrideContentSecurityPolicy = false) const;
@@ -223,7 +223,7 @@
using HashInEnforcedAndReportOnlyPoliciesPair = std::pair<bool, bool>;
template<typename Predicate> HashInEnforcedAndReportOnlyPoliciesPair findHashOfContentInPolicies(const Predicate&, StringView content, OptionSet<ContentSecurityPolicyHashAlgorithm>) const WARN_UNUSED_RETURN;
- void reportViolation(const String& effectiveViolatedDirective, const ContentSecurityPolicyDirective& violatedDirective, const String& blockedURL, const String& consoleMessage, JSC::JSGlobalObject*) const;
+ void reportViolation(const String& effectiveViolatedDirective, const ContentSecurityPolicyDirective& violatedDirective, const String& blockedURL, const String& consoleMessage, JSC::JSGlobalObject*, StringView sourceContent) const;
void reportViolation(const String& effectiveViolatedDirective, const String& violatedDirective, const ContentSecurityPolicyDirectiveList&, const String& blockedURL, const String& consoleMessage, JSC::JSGlobalObject* = nullptr) const;
void reportViolation(const String& effectiveViolatedDirective, const ContentSecurityPolicyDirective& violatedDirective, const String& blockedURL, const String& consoleMessage, const String& sourceURL, const StringView& sourceContent, const TextPosition& sourcePosition, const URL& preRedirectURL = URL(), JSC::JSGlobalObject* = nullptr, Element* = nullptr) const;
void reportViolation(const String& effectiveViolatedDirective, const String& violatedDirective, const ContentSecurityPolicyDirectiveList& violatedDirectiveList, const String& blockedURL, const String& consoleMessage, const String& sourceURL, const StringView& sourceContent, const TextPosition& sourcePosition, JSC::JSGlobalObject*, const URL& preRedirectURL = URL(), Element* = nullptr) const;
Modified: trunk/Source/WebCore/workers/WorkerGlobalScope.cpp (287302 => 287303)
--- trunk/Source/WebCore/workers/WorkerGlobalScope.cpp 2021-12-21 08:35:10 UTC (rev 287302)
+++ trunk/Source/WebCore/workers/WorkerGlobalScope.cpp 2021-12-21 08:45:38 UTC (rev 287303)
@@ -306,7 +306,7 @@
{
// FIXME: Should this check really happen here? Or should it happen when code is about to eval?
if (action->type() == ScheduledAction::Type::Code) {
- if (!contentSecurityPolicy()->allowEval(globalObject(), LogToConsole::Yes))
+ if (!contentSecurityPolicy()->allowEval(globalObject(), LogToConsole::Yes, action->code()))
return 0;
}
@@ -324,7 +324,7 @@
{
// FIXME: Should this check really happen here? Or should it happen when code is about to eval?
if (action->type() == ScheduledAction::Type::Code) {
- if (!contentSecurityPolicy()->allowEval(globalObject(), LogToConsole::Yes))
+ if (!contentSecurityPolicy()->allowEval(globalObject(), LogToConsole::Yes, action->code()))
return 0;
}
