Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1db982b7c00fb561e1028e9d460a3425848c30e8
https://github.com/WebKit/WebKit/commit/1db982b7c00fb561e1028e9d460a3425848c30e8
Author: Alex Christensen <[email protected]>
Date: 2024-09-26 (Thu, 26 Sep 2024)
Changed paths:
M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
M Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicy.mm
Log Message:
-----------
Fix infinite loops when parsing invalid CSP header fields after 273894@main
https://bugs.webkit.org/show_bug.cgi?id=280442
rdar://136779806
Reviewed by Brent Fulgham.
If we find an invalid value, report it and return instead of reporting it over
and over
again in an infinite loop until we run out of memory from too many reports.
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::parseRequireTrustedTypesFor):
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp:
(WebCore::ContentSecurityPolicyTrustedTypesDirective::parse):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicy.mm:
(TEST(ContentSecurityPolicy, InvalidRequireTrustedTypesFor)):
Canonical link: https://commits.webkit.org/284334@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes