[webkit-changes] [288992] trunk

Wed, 02 Feb 2022 13:11:26 -0800

Title: [288992] trunk
Revision
288992
Author
[email protected]
Date
2022-02-02 13:10:32 -0800 (Wed, 02 Feb 2022)

Log Message

CSP: Fix returned WebAssembly error type when blocked
https://bugs.webkit.org/show_bug.cgi?id=235319

Reviewed by Kate Cheney.

LayoutTests/imported/w3c:

Update expectations with more passes.

* web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.serviceworker-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.worker-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.serviceworker-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.worker-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt:
* web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt:

Source/_javascript_Core:

As per the spec it should return WebAssembly.CompileError.

* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::tryCreate):

LayoutTests:

Update expectations.

* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt:
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt:
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (288991 => 288992)


--- trunk/LayoutTests/ChangeLog	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/ChangeLog	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,3 +1,17 @@
+2022-02-02  Patrick Griffis  <[email protected]>
+
+        CSP: Fix returned WebAssembly error type when blocked
+        https://bugs.webkit.org/show_bug.cgi?id=235319
+
+        Reviewed by Kate Cheney.
+
+        Update expectations.
+
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt:
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt:
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt:
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt:
+
 2022-02-02  Said Abou-Hallawa  <[email protected]>
 
         REGRESSION(r288865): SourceImage should never sink its ImageBuffer to a NativeImage

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt (288991 => 288992)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -8,6 +8,6 @@
 
 CONSOLE MESSAGE: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
 
-CONSOLE MESSAGE: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+CONSOLE MESSAGE: CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+ (evaluating 'new WebAssembly.Instance(new WebAssembly.Module(empty))')
 
-

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt (288991 => 288992)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,4 +1,4 @@
 ALERT: /PASS/
-CONSOLE MESSAGE: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
-
+CONSOLE MESSAGE: CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+ (evaluating 'new WebAssembly.Instance(new WebAssembly.Module(Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x1, 0x00, 0x00, 0x00)))')
  WebAssembly should be blocked in the iframe, but inline script should be allowed.

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt (288991 => 288992)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
+CONSOLE MESSAGE: CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
+ (evaluating 'new WebAssembly.Instance(new WebAssembly.Module(Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x1, 0x00, 0x00, 0x00)))')
 
-

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt (288991 => 288992)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -8,8 +8,8 @@
 
 CONSOLE MESSAGE: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
 
-CONSOLE MESSAGE: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
-
+CONSOLE MESSAGE: CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+ (evaluating 'new WebAssembly.Instance(new WebAssembly.Module(empty))')
 Tests that WebAssembly is blocked in a subframe that disallows WebAssembly when the parent frame allows WebAssembly.

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,3 +1,25 @@
+2022-02-02  Patrick Griffis  <[email protected]>
+
+        CSP: Fix returned WebAssembly error type when blocked
+        https://bugs.webkit.org/show_bug.cgi?id=235319
+
+        Reviewed by Kate Cheney.
+
+        Update expectations with more passes.
+
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.serviceworker-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.worker-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.serviceworker-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.worker-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt:
+        * web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt:
+
 2022-02-02  Asumu Takikawa  <[email protected]>
 
         Unmute link errors for ES module scripts

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,6 +1,3 @@
 
-FAIL default-src-blocks-wasm promise_rejects_js: function "function () { throw e }" threw object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline'".
-" ("EvalError") expected instance of function "function CompileError() {
-    [native code]
-}" ("CompileError")
+PASS default-src-blocks-wasm

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.serviceworker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.serviceworker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.serviceworker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,6 +1,3 @@
 
-FAIL default-src-blocks-wasm promise_rejects_js: function "function () { throw e }" threw object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline'".
-" ("EvalError") expected instance of function "function CompileError() {
-    [native code]
-}" ("CompileError")
+PASS default-src-blocks-wasm

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.worker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.worker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.worker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,6 +1,3 @@
 
-FAIL default-src-blocks-wasm promise_rejects_js: function "function () { throw e }" threw object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline'".
-" ("EvalError") expected instance of function "function CompileError() {
-    [native code]
-}" ("CompileError")
+PASS default-src-blocks-wasm

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,4 +1,4 @@
 
-FAIL default-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
+FAIL default-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
 "

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,4 +1,4 @@
 
-FAIL default-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
+FAIL default-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
 "

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,4 +1,4 @@
 
-FAIL default-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
+FAIL default-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
 "

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,6 +1,3 @@
 
-FAIL script-src-blocks-wasm promise_rejects_js: function "function () { throw e }" threw object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
-" ("EvalError") expected instance of function "function CompileError() {
-    [native code]
-}" ("CompileError")
+PASS script-src-blocks-wasm

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.serviceworker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.serviceworker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.serviceworker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,6 +1,3 @@
 
-FAIL script-src-blocks-wasm promise_rejects_js: function "function () { throw e }" threw object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
-" ("EvalError") expected instance of function "function CompileError() {
-    [native code]
-}" ("CompileError")
+PASS script-src-blocks-wasm

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.worker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.worker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.worker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,6 +1,3 @@
 
-FAIL script-src-blocks-wasm promise_rejects_js: function "function () { throw e }" threw object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
-" ("EvalError") expected instance of function "function CompileError() {
-    [native code]
-}" ("CompileError")
+PASS script-src-blocks-wasm

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,4 +1,4 @@
 
-FAIL script-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
+FAIL script-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
 "

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.serviceworker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,4 +1,4 @@
 
-FAIL script-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
+FAIL script-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
 "

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt (288991 => 288992)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.worker-expected.txt	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,4 +1,4 @@
 
-FAIL script-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
+FAIL script-src-wasm-unsafe-eval-allows-wasm promise_test: Unhandled rejection with value: object "CompileError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'".
 "

Modified: trunk/Source/_javascript_Core/ChangeLog (288991 => 288992)


--- trunk/Source/_javascript_Core/ChangeLog	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/Source/_javascript_Core/ChangeLog	2022-02-02 21:10:32 UTC (rev 288992)
@@ -1,3 +1,15 @@
+2022-02-02  Patrick Griffis  <[email protected]>
+
+        CSP: Fix returned WebAssembly error type when blocked
+        https://bugs.webkit.org/show_bug.cgi?id=235319
+
+        Reviewed by Kate Cheney.
+
+        As per the spec it should return WebAssembly.CompileError.
+
+        * wasm/js/JSWebAssemblyInstance.cpp:
+        (JSC::JSWebAssemblyInstance::tryCreate):
+
 2022-02-02  Mark Lam  <[email protected]>
 
         Update computation of FAST_TLS base.

Modified: trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.cpp (288991 => 288992)


--- trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.cpp	2022-02-02 21:08:41 UTC (rev 288991)
+++ trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.cpp	2022-02-02 21:10:32 UTC (rev 288992)
@@ -31,6 +31,7 @@
 #include "AbstractModuleRecord.h"
 #include "JSCInlines.h"
 #include "JSModuleNamespaceObject.h"
+#include "JSWebAssemblyCompileError.h"
 #include "JSWebAssemblyLinkError.h"
 #include "JSWebAssemblyMemory.h"
 #include "JSWebAssemblyModule.h"
@@ -168,8 +169,9 @@
         return nullptr;
     };
 
+    // Disabled by CSP: https://w3c.github.io/webappsec-csp/#can-compile-wasm-bytes
     if (!globalObject->webAssemblyEnabled())
-        return exception(createEvalError(globalObject, globalObject->webAssemblyDisabledErrorMessage()));
+        return exception(createJSWebAssemblyCompileError(globalObject, vm, globalObject->webAssemblyDisabledErrorMessage()));
 
     WebAssemblyModuleRecord* moduleRecord = WebAssemblyModuleRecord::create(globalObject, vm, globalObject->webAssemblyModuleRecordStructure(), moduleKey, moduleInformation);
     RETURN_IF_EXCEPTION(throwScope, nullptr);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to