Diff
Modified: trunk/LayoutTests/ChangeLog (121882 => 121883)
--- trunk/LayoutTests/ChangeLog 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/LayoutTests/ChangeLog 2012-07-05 06:45:37 UTC (rev 121883)
@@ -1,5 +1,29 @@
2012-07-04 Mike West <[email protected]>
+ Implement the script-nonce Content Security Policy directive.
+ https://bugs.webkit.org/show_bug.cgi?id=89577
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html: Added.
+ * http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl:
+ Adding noncy goodness to the echo script.
+ * http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js:
+ (test):
+ * platform/gtk/TestExpectations:
+ Skipping 1.1 tests on GTK (missed it in r121879).
+
+2012-07-04 Mike West <[email protected]>
+
Skip CSP 1.1 tests on ports where it's disabled.
https://bugs.webkit.org/show_bug.cgi?id=90564
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-expected.txt (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-expected.txt 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,2 @@
+ALERT: PASS (1/1)
+This tests the effect of a valid script-nonce value. It passes if no console warning is visible, and the alert() is executed.
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta http-equiv="X-WebKit-CSP" content="script-nonce noncynonce;">
+ <script nonce="noncynonce">
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ </script>
+ <script nonce="noncynonce">
+ alert('PASS (1/1)');
+ </script>
+ </head>
+ <body>
+ <p>
+ This tests the effect of a valid script-nonce value. It passes if
+ no console warning is visible, and the alert() is executed.
+ </p>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce-expected.txt (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce-expected.txt 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Ignoring invalid Content Security Policy script nonce: 'this is a bad nonce'.
+
+ALERT: PASS (1/1)
+This tests the effect of an invalid script-nonce value. It passes if a console warning is visible, and the alert() is executed.
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce.html (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce.html 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta http-equiv="X-WebKit-CSP" content="script-nonce this is a bad nonce;">
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ </script>
+ <script>
+ alert('PASS (1/1)');
+ </script>
+ </head>
+ <body>
+ <p>
+ This tests the effect of an invalid script-nonce value. It passes if
+ a console warning is visible, and the alert() is executed.
+ </p>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-expected.txt (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-expected.txt 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,9 @@
+ALERT: PASS (1/2)
+ALERT: PASS (2/2)
+CONSOLE MESSAGE: line 13: Refused to execute script because it violates the following Content Security Policy directive: "script-nonce noncynonce".
+
+CONSOLE MESSAGE: line 16: Refused to execute script because it violates the following Content Security Policy directive: "script-nonce noncynonce".
+
+CONSOLE MESSAGE: line 19: Refused to execute script because it violates the following Content Security Policy directive: "script-nonce noncynonce".
+
+This tests the effect of a valid script-nonce value. It passes if three console warnings are visible, and the two PASS alerts are executed.
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta http-equiv="X-WebKit-CSP" content="script-nonce noncynonce;">
+ <script nonce="noncynonce">
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ alert('PASS (1/2)');
+ </script>
+ <script nonce=" noncynonce ">
+ alert('PASS (2/2)');
+ </script>
+ <script nonce="noncynonce noncynonce">
+ alert('FAIL (1/3)');
+ </script>
+ <script>
+ alert('FAIL (2/3)');
+ </script>
+ <script nonce="noncynonceno?">
+ alert('FAIL (3/3)');
+ </script>
+ </head>
+ <body>
+ <p>
+ This tests the effect of a valid script-nonce value. It passes if
+ three console warnings are visible, and the two PASS alerts are
+ executed.
+ </p>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce-expected.txt (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce-expected.txt 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Ignoring invalid Content Security Policy script nonce: ''.
+
+ALERT: PASS (1/1)
+This tests the effect of an empty script-nonce value. It passes if a console warning is visible, and the alert() is executed.
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce.html (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce.html 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta http-equiv="X-WebKit-CSP" content="script-nonce;">
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ </script>
+ <script>
+ alert('PASS (1/1)');
+ </script>
+ </head>
+ <body>
+ <p>
+ This tests the effect of an empty script-nonce value. It passes if
+ a console warning is visible, and the alert() is executed.
+ </p>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked-expected.txt (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked-expected.txt 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,27 @@
+CONSOLE MESSAGE: line 7: Refused to load 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js' because it violates the following Content Security Policy directive: "script-nonce nonce".
+
+CONSOLE MESSAGE: line 7: Refused to load 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js' because it violates the following Content Security Policy directive: "script-nonce notnonce".
+
+None of these scripts should execute even though there are parse errors in the policy.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+PASS
+
+--------
+Frame: '<!--framePath //<!--frame2-->-->'
+--------
+PASS
+
+--------
+Frame: '<!--framePath //<!--frame3-->-->'
+--------
+PASS
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html (0 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html 2012-07-05 06:45:37 UTC (rev 121883)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=''></script>
+<script>
+var tests = [
+ ['yes', 'script-src 127.0.0.1:8000', 'resources/script.js', 'nonce'],
+ ['yes', 'script-src 127.0.0.1:8000; script-nonce nonce', 'resources/script.js', 'nonce'],
+ ['no', 'script-src 127.0.0.1:8000; script-nonce nonce', 'resources/script.js', 'notnonce'],
+ ['no', 'script-src 127.0.0.1:8000; script-nonce notnonce', 'resources/script.js', 'nonce'],
+];
+</script>
+</head>
+<body _onload_="test()">
+ <p>
+ None of these scripts should execute even though there are parse errors in the policy.
+ </p>
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl (121882 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl 2012-07-05 06:45:37 UTC (rev 121883)
@@ -10,12 +10,18 @@
my ($text, $replacement) = ("FAIL", "PASS");
($text, $replacement) = ($replacement, $text) if $cgi->param('should_run') eq 'no';
+my $nonce = "";
+if ($cgi->param('nonce') ne '') {
+ $nonce = "nonce='".$cgi->param('nonce')."'";
+}
+
+
print "<!DOCTYPE html>\n";
print "<html>\n";
print "<body>\n";
print "<div id=\"result\" text=\"$replacement\">\n";
print "$text\n";
print "</div>\n";
-print "<script src=""
+print "<script $nonce src=""
print "</body>\n";
print "</html>\n";
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js (121882 => 121883)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js 2012-07-05 06:45:37 UTC (rev 121883)
@@ -15,6 +15,9 @@
"should_run=" + escape(current[0]) +
"&csp=" + escape(current[1]) +
"&q=" + baseURL + escape(current[2]);
+ if (current[3])
+ iframe.src += "&nonce=" + escape(current[3]);
+
iframe._onload_ = test;
document.body.appendChild(iframe);
}
Modified: trunk/LayoutTests/platform/gtk/TestExpectations (121882 => 121883)
--- trunk/LayoutTests/platform/gtk/TestExpectations 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/LayoutTests/platform/gtk/TestExpectations 2012-07-05 06:45:37 UTC (rev 121883)
@@ -342,6 +342,9 @@
// Disable webaudio codec tests, including proprietary codecs.
BUGWK88794 SKIP : webaudio/codec-tests = PASS
+// Content Security Policy 1.1 (ENABLE_CSP_NEXT) is not enabled
+BUGWK85558 SKIP : http/tests/security/contentSecurityPolicy/1.1 = TEXT
+
//////////////////////////////////////////////////////////////////////////////////////////
// End of Expected failures
//////////////////////////////////////////////////////////////////////////////////////////
Modified: trunk/Source/WebCore/ChangeLog (121882 => 121883)
--- trunk/Source/WebCore/ChangeLog 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/Source/WebCore/ChangeLog 2012-07-05 06:45:37 UTC (rev 121883)
@@ -1,3 +1,50 @@
+2012-07-04 Mike West <[email protected]>
+
+ Implement the script-nonce Content Security Policy directive.
+ https://bugs.webkit.org/show_bug.cgi?id=89577
+
+ Reviewed by Adam Barth.
+
+ This patch implements the (experimental) script-nonce Content Security
+ Policy directive from the 1.1 spec, which allows for selective
+ execution of script by specifying a "nonce" attribute for the
+ script tag. Script is only loaded and executed if it both matches the
+ nonce and matches the script-src whitelist (if present).
+
+ The implementation is gated on the ENABLE_CSP_NEXT flag, which is
+ currently disabled for all ports other than Chromium.
+
+ Spec: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-nonce--experimental
+
+ Tests: http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html
+ http/tests/security/contentSecurityPolicy/1.1/scriptnonce-badnonce.html
+ http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html
+ http/tests/security/contentSecurityPolicy/1.1/scriptnonce-emptynonce.html
+ http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html
+
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::requestScript):
+ (WebCore::ScriptElement::executeScript):
+ Passing the nonce attribute through to check against CSP.
+ * html/HTMLAttributeNames.in:
+ * html/HTMLScriptElement.idl:
+ Adding the `nonce` attribute to the script tag.
+ * page/ContentSecurityPolicy.cpp:
+ (CSPDirectiveList):
+ (WebCore::CSPDirectiveList::logInvalidNonce):
+ (WebCore):
+ (WebCore::CSPDirectiveList::checkNonceAndReportViolation):
+ (WebCore::CSPDirectiveList::allowJavaScriptURLs):
+ (WebCore::CSPDirectiveList::allowInlineEventHandlers):
+ If a nonce is set, deny _javascript_ URLs and inline event handlers.
+ (WebCore::CSPDirectiveList::allowScriptNonce):
+ (WebCore::CSPDirectiveList::parseScriptNonce):
+ (WebCore::CSPDirectiveList::addDirective):
+ (WebCore::isAllowedByAllWithNonce):
+ (WebCore::ContentSecurityPolicy::allowScriptNonce):
+ * page/ContentSecurityPolicy.h:
+ (WebCore):
+
2012-07-04 Gyuyoung Kim <[email protected]>
Notifications should be in Modules/notifications
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (121882 => 121883)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2012-07-05 06:45:37 UTC (rev 121883)
@@ -250,6 +250,8 @@
return false;
if (!m_element->inDocument() || m_element->document() != originalDocument)
return false;
+ if (!m_element->document()->contentSecurityPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr), m_element->document()->url(), m_startLineNumber, m_element->document()->completeURL(sourceUrl)))
+ return false;
ASSERT(!m_cachedScript);
if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
@@ -281,6 +283,9 @@
if (sourceCode.isEmpty())
return;
+ if (!m_element->document()->contentSecurityPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr), m_element->document()->url(), m_startLineNumber))
+ return;
+
if (!m_isExternalScript && !m_element->document()->contentSecurityPolicy()->allowInlineScript(m_element->document()->url(), m_startLineNumber))
return;
Modified: trunk/Source/WebCore/html/HTMLAttributeNames.in (121882 => 121883)
--- trunk/Source/WebCore/html/HTMLAttributeNames.in 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/Source/WebCore/html/HTMLAttributeNames.in 2012-07-05 06:45:37 UTC (rev 121883)
@@ -158,6 +158,7 @@
muted
name
nohref
+nonce
noresize
noshade
novalidate
Modified: trunk/Source/WebCore/html/HTMLScriptElement.idl (121882 => 121883)
--- trunk/Source/WebCore/html/HTMLScriptElement.idl 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/Source/WebCore/html/HTMLScriptElement.idl 2012-07-05 06:45:37 UTC (rev 121883)
@@ -29,5 +29,6 @@
attribute [Reflect, URL] DOMString src;
attribute [Reflect] DOMString type;
attribute [Reflect] DOMString crossOrigin;
+ attribute [Reflect, Conditional=CSP_NEXT] DOMString nonce;
};
}
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (121882 => 121883)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-07-05 06:45:37 UTC (rev 121883)
@@ -33,6 +33,7 @@
#include "Frame.h"
#include "InspectorInstrumentation.h"
#include "InspectorValues.h"
+#include "KURL.h"
#include "PingLoader.h"
#include "SchemeRegistry.h"
#include "ScriptCallStack.h"
@@ -550,6 +551,7 @@
bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
bool allowEval(PassRefPtr<ScriptCallStack>) const;
+ bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL&) const;
bool allowScriptFromSource(const KURL&) const;
bool allowObjectFromSource(const KURL&) const;
@@ -567,6 +569,7 @@
bool parseDirective(const UChar* begin, const UChar* end, String& name, String& value);
void parseReportURI(const String& name, const String& value);
+ void parseScriptNonce(const String& name, const String& value);
void addDirective(const String& name, const String& value);
void applySandboxPolicy(const String& name, const String& sandboxPolicy);
@@ -576,9 +579,11 @@
void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL = KURL(), const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
void logUnrecognizedDirective(const String& name) const;
void logDuplicateDirective(const String& name) const;
+ void logInvalidNonce(const String& nonce) const;
bool checkEval(CSPDirective*) const;
bool checkInlineAndReportViolation(CSPDirective*, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
+ bool checkNonceAndReportViolation(const String& nonce, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
bool checkEvalAndReportViolation(CSPDirective*, const String& consoleMessage, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
bool checkSourceAndReportViolation(CSPDirective*, const KURL&, const String& type) const;
@@ -601,6 +606,7 @@
OwnPtr<CSPDirective> m_connectSrc;
Vector<KURL> m_reportURIs;
+ String m_scriptNonce;
};
CSPDirectiveList::CSPDirectiveList(ScriptExecutionContext* scriptExecutionContext)
@@ -690,6 +696,12 @@
m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message);
}
+void CSPDirectiveList::logInvalidNonce(const String& nonce) const
+{
+ String message = makeString("Ignoring invalid Content Security Policy script nonce: '", nonce, "'.\n");
+ m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message);
+}
+
bool CSPDirectiveList::checkEval(CSPDirective* directive) const
{
return !directive || directive->allowEval();
@@ -708,6 +720,14 @@
return denyIfEnforcingPolicy();
}
+bool CSPDirectiveList::checkNonceAndReportViolation(const String& nonce, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+{
+ if (m_scriptNonce.isEmpty() || nonce.stripWhiteSpace() == m_scriptNonce)
+ return true;
+ reportViolation(m_scriptNonce, consoleMessage + "\"script-nonce " + m_scriptNonce + "\".\n", KURL(), contextURL, contextLine);
+ return denyIfEnforcingPolicy();
+}
+
bool CSPDirectiveList::checkEvalAndReportViolation(CSPDirective* directive, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
{
if (checkEval(directive))
@@ -728,13 +748,15 @@
bool CSPDirectiveList::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine) const
{
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute _javascript_ URL because it violates the following Content Security Policy directive: "));
- return checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, contextURL, contextLine);
+ return (checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, contextURL, contextLine)
+ && checkNonceAndReportViolation(String(), consoleMessage, contextURL, contextLine));
}
bool CSPDirectiveList::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine) const
{
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute inline event handler because it violates the following Content Security Policy directive: "));
- return checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, contextURL, contextLine);
+ return (checkInlineAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, contextURL, contextLine)
+ && checkNonceAndReportViolation(String(), consoleMessage, contextURL, contextLine));
}
bool CSPDirectiveList::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine) const
@@ -755,6 +777,14 @@
return checkEvalAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, String(), WTF::OrdinalNumber::beforeFirst(), callStack);
}
+bool CSPDirectiveList::allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& url) const
+{
+ DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to execute script because it violates the following Content Security Policy directive: "));
+ if (url.isEmpty())
+ return checkNonceAndReportViolation(nonce, consoleMessage, contextURL, contextLine);
+ return checkNonceAndReportViolation(nonce, "Refused to load '" + url.string() + "' because it violates the following Content Security Policy directive: ", contextURL, contextLine);
+}
+
bool CSPDirectiveList::allowScriptFromSource(const KURL& url) const
{
DEFINE_STATIC_LOCAL(String, type, ("script"));
@@ -898,6 +928,36 @@
}
}
+void CSPDirectiveList::parseScriptNonce(const String& name, const String& value)
+{
+ if (!m_scriptNonce.isEmpty()) {
+ logDuplicateDirective(name);
+ return;
+ }
+
+ String nonce;
+ const UChar* position = value.characters();
+ const UChar* end = position + value.length();
+
+ skipWhile<isASCIISpace>(position, end);
+ const UChar* nonceBegin = position;
+ if (position == end) {
+ logInvalidNonce(String());
+ return;
+ }
+ skipWhile<isNotASCIISpace>(position, end);
+ if (nonceBegin < position)
+ nonce = String(nonceBegin, position - nonceBegin);
+
+ // Trim off trailing whitespace: If we're not at the end of the string, log
+ // an error.
+ skipWhile<isASCIISpace>(position, end);
+ if (position < end)
+ logInvalidNonce(value);
+ else
+ m_scriptNonce = nonce;
+}
+
void CSPDirectiveList::setCSPDirective(const String& name, const String& value, OwnPtr<CSPDirective>& directive)
{
if (directive) {
@@ -921,6 +981,9 @@
{
DEFINE_STATIC_LOCAL(String, defaultSrc, ("default-src"));
DEFINE_STATIC_LOCAL(String, scriptSrc, ("script-src"));
+#if ENABLE(CSP_NEXT)
+ DEFINE_STATIC_LOCAL(String, scriptNonce, ("script-nonce"));
+#endif
DEFINE_STATIC_LOCAL(String, objectSrc, ("object-src"));
DEFINE_STATIC_LOCAL(String, frameSrc, ("frame-src"));
DEFINE_STATIC_LOCAL(String, imgSrc, ("img-src"));
@@ -955,6 +1018,10 @@
applySandboxPolicy(name, value);
else if (equalIgnoringCase(name, reportURI))
parseReportURI(name, value);
+#if ENABLE(CSP_NEXT)
+ else if (equalIgnoringCase(name, scriptNonce))
+ parseScriptNonce(name, value);
+#endif
else
logUnrecognizedDirective(name);
}
@@ -1016,6 +1083,16 @@
return true;
}
+template<bool (CSPDirectiveList::*allowed)(const String&, const String&, const WTF::OrdinalNumber&, const KURL&) const>
+bool isAllowedByAllWithNonce(const CSPDirectiveListVector& policies, const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& url)
+{
+ for (size_t i = 0; i < policies.size(); ++i) {
+ if (!(policies[i].get()->*allowed)(nonce, contextURL, contextLine, url))
+ return false;
+ }
+ return true;
+}
+
template<bool (CSPDirectiveList::*allowFromURL)(const KURL&) const>
bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const KURL& url)
{
@@ -1056,6 +1133,11 @@
return isAllowedByAllWithCallStack<&CSPDirectiveList::allowEval>(m_policies, callStack);
}
+bool ContentSecurityPolicy::allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& url) const
+{
+ return isAllowedByAllWithNonce<&CSPDirectiveList::allowScriptNonce>(m_policies, nonce, contextURL, contextLine, url);
+}
+
bool ContentSecurityPolicy::allowScriptFromSource(const KURL& url) const
{
return isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url);
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.h (121882 => 121883)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-07-05 06:02:37 UTC (rev 121882)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-07-05 06:45:37 UTC (rev 121883)
@@ -26,6 +26,7 @@
#ifndef ContentSecurityPolicy_h
#define ContentSecurityPolicy_h
+#include "KURL.h"
#include <wtf/PassOwnPtr.h>
#include <wtf/RefCounted.h>
#include <wtf/Vector.h>
@@ -40,7 +41,6 @@
class CSPDirectiveList;
class ScriptCallStack;
class ScriptExecutionContext;
-class KURL;
typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
@@ -71,6 +71,7 @@
bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
bool allowEval(PassRefPtr<ScriptCallStack>) const;
+ bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& = KURL()) const;
bool allowScriptFromSource(const KURL&) const;
bool allowObjectFromSource(const KURL&) const;
