Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1db982b7c00fb561e1028e9d460a3425848c30e8
      
https://github.com/WebKit/WebKit/commit/1db982b7c00fb561e1028e9d460a3425848c30e8
  Author: Alex Christensen <[email protected]>
  Date:   2024-09-26 (Thu, 26 Sep 2024)

  Changed paths:
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicy.mm

  Log Message:
  -----------
  Fix infinite loops when parsing invalid CSP header fields after 273894@main
https://bugs.webkit.org/show_bug.cgi?id=280442
rdar://136779806

Reviewed by Brent Fulgham.

If we find an invalid value, report it and return instead of reporting it over 
and over
again in an infinite loop until we run out of memory from too many reports.

* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::parseRequireTrustedTypesFor):
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp:
(WebCore::ContentSecurityPolicyTrustedTypesDirective::parse):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicy.mm:
(TEST(ContentSecurityPolicy, InvalidRequireTrustedTypesFor)):

Canonical link: https://commits.webkit.org/284334@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to