Log Message
Unreviewed, rolling out r126852. http://trac.webkit.org/changeset/126852 https://bugs.webkit.org/show_bug.cgi?id=94433
broke qt and mac tests Source/WebCore: * bindings/js/ScheduledAction.cpp: (WebCore::ScheduledAction::create): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::initScript): * bindings/v8/V8DOMWindowShell.cpp: (WebCore::V8DOMWindowShell::initializeIfNeeded): * bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::WindowSetTimeoutImpl): * page/ContentSecurityPolicy.cpp: (CSPDirectiveList): (WebCore::CSPDirectiveList::reportViolation): (WebCore::CSPDirectiveList::checkEvalAndReportViolation): (WebCore::CSPDirectiveList::allowEval): (WebCore::ContentSecurityPolicy::didReceiveHeader): (WebCore): (WebCore::isAllowedByAllWithCallStack): (WebCore::ContentSecurityPolicy::allowEval): (WebCore::ContentSecurityPolicy::reportViolation): (WebCore::ContentSecurityPolicy::logToConsole): * page/ContentSecurityPolicy.h: (WebCore): * page/DOMSecurityPolicy.cpp: (WebCore::DOMSecurityPolicy::allowsEval): LayoutTests: * http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Removed. * http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html: Removed. * http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Removed. * http/tests/inspector/csp-inline-warning-contains-stacktrace.html: Removed. * http/tests/inspector/resources/csp-inline-test.js: Removed. * http/tests/inspector/resources/csp-test.js: Removed.
Modified Paths
- trunk/LayoutTests/ChangeLog
- trunk/Source/WebCore/ChangeLog
- trunk/Source/WebCore/bindings/js/ScheduledAction.cpp
- trunk/Source/WebCore/bindings/js/ScriptController.cpp
- trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp
- trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp
- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
- trunk/Source/WebCore/page/ContentSecurityPolicy.h
- trunk/Source/WebCore/page/DOMSecurityPolicy.cpp
Removed Paths
- trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt
- trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html
- trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt
- trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace.html
- trunk/LayoutTests/http/tests/inspector/resources/csp-inline-test.js
- trunk/LayoutTests/http/tests/inspector/resources/csp-test.js
Diff
Modified: trunk/LayoutTests/ChangeLog (126853 => 126854)
--- trunk/LayoutTests/ChangeLog 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/LayoutTests/ChangeLog 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,3 +1,18 @@
+2012-08-28 Kentaro Hara <[email protected]>
+
+ Unreviewed, rolling out r126852.
+ http://trac.webkit.org/changeset/126852
+ https://bugs.webkit.org/show_bug.cgi?id=94433
+
+ broke qt and mac tests
+
+ * http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Removed.
+ * http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html: Removed.
+ * http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Removed.
+ * http/tests/inspector/csp-inline-warning-contains-stacktrace.html: Removed.
+ * http/tests/inspector/resources/csp-inline-test.js: Removed.
+ * http/tests/inspector/resources/csp-test.js: Removed.
+
2012-08-28 Csaba Osztrogonác <[email protected]>
[Qt] Unreviewed gardening, skip failing tests.
Deleted: trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt (126853 => 126854)
--- trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,15 +0,0 @@
-CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
-
-This test injects a blocked image from _javascript_. The resulting console error should contain a stack trace.
-
-
-Message[0]: csp-injected-content-warning-contains-stacktrace.html:12 Refused to load the image 'http://127.0.0.1:8000/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
-
-Stack Trace:
-
- 0) http://127.0.0.1:8000/inspector/csp-injected-content-warning-contains-stacktrace.html / thisTest / 12 / 25
- 1) (internal script) / / (line number) / (column number)
- 2) (internal script) / InjectedScript._evaluateOn / (line number) / (column number)
- 3) (internal script) / InjectedScript._evaluateAndWrap / (line number) / (column number)
- 4) (internal script) / InjectedScript.evaluate / (line number) / (column number)
-
Deleted: trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html (126853 => 126854)
--- trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,21 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
- <meta http-equiv="X-WebKit-CSP" content="img-src 'none'">
- <script src=""
- <script src=""
- <script src=""
- <script src=""
- <script>
- function thisTest() {
- var img = document.createElement('img');
- img.src = ""
- document.body.appendChild(img);
- }
- </script>
- </head>
- <body _onload_="runTest()">
- <p>This test injects a blocked image from _javascript_. The resulting console
- error should contain a stack trace.</p>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt (126853 => 126854)
--- trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,14 +0,0 @@
-CONSOLE MESSAGE: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'".
-
-This test injects an inline script from _javascript_. The resulting console error should contain a stack trace.
-
-Message[0]: csp-inline-test.js:4 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'".
-
-Stack Trace:
-
- 0) http://127.0.0.1:8000/inspector/resources/csp-inline-test.js / thisTest / 4 / 19
- 1) (internal script) / / (line number) / (column number)
- 2) (internal script) / InjectedScript._evaluateOn / (line number) / (column number)
- 3) (internal script) / InjectedScript._evaluateAndWrap / (line number) / (column number)
- 4) (internal script) / InjectedScript.evaluate / (line number) / (column number)
-
Deleted: trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace.html (126853 => 126854)
--- trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace.html 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace.html 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,15 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
- <meta http-equiv="X-WebKit-CSP" content="script-src 'self'">
- <script src=""
- <script src=""
- <script src=""
- <script src=""
- <script src=""
- </head>
- <body>
- <p>This test injects an inline script from _javascript_. The resulting
- console error should contain a stack trace.</p>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/inspector/resources/csp-inline-test.js (126853 => 126854)
--- trunk/LayoutTests/http/tests/inspector/resources/csp-inline-test.js 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/LayoutTests/http/tests/inspector/resources/csp-inline-test.js 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,6 +0,0 @@
-function thisTest() {
- var s = document.createElement('script');
- s.innerText = "alert('FAIL.');"
- document.body.appendChild(s);
-}
-window._onload_ = runTest;
Deleted: trunk/LayoutTests/http/tests/inspector/resources/csp-test.js (126853 => 126854)
--- trunk/LayoutTests/http/tests/inspector/resources/csp-test.js 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/LayoutTests/http/tests/inspector/resources/csp-test.js 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,33 +0,0 @@
-function test() {
- InspectorTest.addConsoleSniffer(addMessage, true);
-
- var messageCount = 0;
- function addMessage(message) {
- if (messageCount++)
- return;
- var messages = WebInspector.consoleView.messages;
- for (var i = 0; i < messages.length; ++i) {
- var m = messages[i];
- InspectorTest.addResult("Message[" + i + "]: " + WebInspector.displayNameForURL(m.url) + ":" + m.line + " " + m.message);
- var trace = m.stackTrace;
- if (!trace) {
- InspectorTest.addResult("FAIL: no stack trace attached to message #" + i);
- } else {
- InspectorTest.addResult("Stack Trace:\n");
- for (var j = 0; j < trace.length; j++) {
- var url = ""
- var lineNumber = trace[j].lineNumber;
- var columnNumber = trace[j].columnNumber;
- if (!trace[j].url) {
- url = "" script)";
- lineNumber = "(line number)";
- columnNumber = "(column number)";
- }
- InspectorTest.addResult(" " + j + ") " + url + " / " + trace[j].functionName + " / " + lineNumber + " / " + columnNumber);
- }
- }
- }
- InspectorTest.completeTest();
- }
- InspectorTest.evaluateInPage("thisTest()");
-}
Modified: trunk/Source/WebCore/ChangeLog (126853 => 126854)
--- trunk/Source/WebCore/ChangeLog 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/ChangeLog 2012-08-28 07:59:34 UTC (rev 126854)
@@ -1,3 +1,35 @@
+2012-08-28 Kentaro Hara <[email protected]>
+
+ Unreviewed, rolling out r126852.
+ http://trac.webkit.org/changeset/126852
+ https://bugs.webkit.org/show_bug.cgi?id=94433
+
+ broke qt and mac tests
+
+ * bindings/js/ScheduledAction.cpp:
+ (WebCore::ScheduledAction::create):
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::initScript):
+ * bindings/v8/V8DOMWindowShell.cpp:
+ (WebCore::V8DOMWindowShell::initializeIfNeeded):
+ * bindings/v8/custom/V8DOMWindowCustom.cpp:
+ (WebCore::WindowSetTimeoutImpl):
+ * page/ContentSecurityPolicy.cpp:
+ (CSPDirectiveList):
+ (WebCore::CSPDirectiveList::reportViolation):
+ (WebCore::CSPDirectiveList::checkEvalAndReportViolation):
+ (WebCore::CSPDirectiveList::allowEval):
+ (WebCore::ContentSecurityPolicy::didReceiveHeader):
+ (WebCore):
+ (WebCore::isAllowedByAllWithCallStack):
+ (WebCore::ContentSecurityPolicy::allowEval):
+ (WebCore::ContentSecurityPolicy::reportViolation):
+ (WebCore::ContentSecurityPolicy::logToConsole):
+ * page/ContentSecurityPolicy.h:
+ (WebCore):
+ * page/DOMSecurityPolicy.cpp:
+ (WebCore::DOMSecurityPolicy::allowsEval):
+
2012-08-28 Mike West <[email protected]>
Add call stacks to Content Security Policy checks when relevant.
Modified: trunk/Source/WebCore/bindings/js/ScheduledAction.cpp (126853 => 126854)
--- trunk/Source/WebCore/bindings/js/ScheduledAction.cpp 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/bindings/js/ScheduledAction.cpp 2012-08-28 07:59:34 UTC (rev 126854)
@@ -55,7 +55,8 @@
JSValue v = exec->argument(0);
CallData callData;
if (getCallData(v, callData) == CallTypeNone) {
- if (policy && !policy->allowEval())
+ RefPtr<ScriptCallStack> callStack(createScriptCallStackForInspector(exec));
+ if (policy && !policy->allowEval(callStack.release()))
return nullptr;
UString string = v.toString(exec)->value(exec);
if (exec->hadException())
Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (126853 => 126854)
--- trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp 2012-08-28 07:59:34 UTC (rev 126854)
@@ -222,7 +222,7 @@
windowShell->window()->updateDocument();
if (m_frame->document())
- windowShell->window()->setEvalEnabled(m_frame->document()->contentSecurityPolicy()->allowEval(ContentSecurityPolicy::SuppressReport));
+ windowShell->window()->setEvalEnabled(m_frame->document()->contentSecurityPolicy()->allowEval(0, ContentSecurityPolicy::SuppressReport));
if (Page* page = m_frame->page()) {
attachDebugger(windowShell, page->debugger());
Modified: trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp (126853 => 126854)
--- trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp 2012-08-28 07:59:34 UTC (rev 126854)
@@ -320,7 +320,7 @@
setSecurityToken();
if (m_frame->document())
- context->AllowCodeGenerationFromStrings(m_frame->document()->contentSecurityPolicy()->allowEval(ContentSecurityPolicy::SuppressReport));
+ context->AllowCodeGenerationFromStrings(m_frame->document()->contentSecurityPolicy()->allowEval(0, ContentSecurityPolicy::SuppressReport));
m_frame->loader()->client()->didCreateScriptContext(m_context.get(), 0, 0);
Modified: trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp (126853 => 126854)
--- trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp 2012-08-28 07:59:34 UTC (rev 126854)
@@ -128,7 +128,8 @@
id = DOMTimer::install(scriptContext, action.release(), timeout, singleShot);
} else {
- if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval())
+ RefPtr<ScriptCallStack> callStack(createScriptCallStackForInspector());
+ if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval(callStack.release()))
return v8Integer(0, args.GetIsolate());
ASSERT(imp->frame());
id = DOMTimer::install(scriptContext, adoptPtr(new ScheduledAction(imp->frame()->script()->currentWorldContext(), functionString)), timeout, singleShot);
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (126853 => 126854)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-08-28 07:59:34 UTC (rev 126854)
@@ -38,7 +38,6 @@
#include "PingLoader.h"
#include "SchemeRegistry.h"
#include "ScriptCallStack.h"
-#include "ScriptCallStackFactory.h"
#include "SecurityOrigin.h"
#include "TextEncoding.h"
#include <wtf/HashSet.h>
@@ -711,7 +710,7 @@
bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
- bool allowEval(ContentSecurityPolicy::ReportingStatus) const;
+ bool allowEval(PassRefPtr<ScriptCallStack>, ContentSecurityPolicy::ReportingStatus) const;
bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL&) const;
bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ContentSecurityPolicy::ReportingStatus) const;
@@ -743,7 +742,7 @@
void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDirectiveType>&);
SourceListDirective* operativeDirective(SourceListDirective*) const;
- void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL = KURL(), const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
+ void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL = KURL(), const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
bool checkEval(SourceListDirective*) const;
bool checkInline(SourceListDirective*) const;
@@ -751,7 +750,7 @@
bool checkSource(SourceListDirective*, const KURL&) const;
bool checkMediaType(MediaListDirective*, const String& type, const String& typeAttribute) const;
- bool checkEvalAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
+ bool checkEvalAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
bool checkInlineAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
bool checkNonceAndReportViolation(NonceDirective*, const String& nonce, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const String& type) const;
@@ -806,10 +805,10 @@
return directives.release();
}
-void CSPDirectiveList::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+void CSPDirectiveList::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
{
String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage;
- m_policy->reportViolation(directiveText, message, blockedURL, m_reportURIs, m_header, contextURL, contextLine);
+ m_policy->reportViolation(directiveText, message, blockedURL, m_reportURIs, m_header, contextURL, contextLine, callStack);
}
bool CSPDirectiveList::checkEval(SourceListDirective* directive) const
@@ -846,11 +845,11 @@
return directive ? directive : m_defaultSrc.get();
}
-bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directive, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directive, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
{
if (checkEval(directive))
return true;
- reportViolation(directive->text(), consoleMessage + "\"" + directive->text() + "\".\n", KURL(), contextURL, contextLine);
+ reportViolation(directive->text(), consoleMessage + "\"" + directive->text() + "\".\n", KURL(), contextURL, contextLine, callStack);
return denyIfEnforcingPolicy();
}
@@ -938,11 +937,11 @@
checkInline(operativeDirective(m_styleSrc.get()));
}
-bool CSPDirectiveList::allowEval(ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool CSPDirectiveList::allowEval(PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to evaluate script because it violates the following Content Security Policy directive: "));
return reportingStatus == ContentSecurityPolicy::SendReport ?
- checkEvalAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, String(), WTF::OrdinalNumber::beforeFirst()) :
+ checkEvalAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, String(), WTF::OrdinalNumber::beforeFirst(), callStack) :
checkEval(operativeDirective(m_scriptSrc.get()));
}
@@ -1258,7 +1257,7 @@
begin = position;
}
- if (!allowEval(SuppressReport))
+ if (!allowEval(0, SuppressReport))
m_scriptExecutionContext->disableEval();
}
@@ -1277,11 +1276,11 @@
return m_policies.isEmpty() ? EnforcePolicy : m_policies[0]->headerType();
}
-template<bool (CSPDirectiveList::*allowed)( ContentSecurityPolicy::ReportingStatus) const>
-bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolicy::ReportingStatus reportingStatus)
+template<bool (CSPDirectiveList::*allowed)(PassRefPtr<ScriptCallStack>, ContentSecurityPolicy::ReportingStatus) const>
+bool isAllowedByAllWithCallStack(const CSPDirectiveListVector& policies, PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus)
{
for (size_t i = 0; i < policies.size(); ++i) {
- if (!(policies[i].get()->*allowed)(reportingStatus))
+ if (!(policies[i].get()->*allowed)(callStack, reportingStatus))
return false;
}
return true;
@@ -1342,9 +1341,9 @@
return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus);
}
-bool ContentSecurityPolicy::allowEval(ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowEval(PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
- return isAllowedByAll<&CSPDirectiveList::allowEval>(m_policies, reportingStatus);
+ return isAllowedByAllWithCallStack<&CSPDirectiveList::allowEval>(m_policies, callStack, reportingStatus);
}
bool ContentSecurityPolicy::allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& url) const
@@ -1437,9 +1436,9 @@
m_scriptExecutionContext->enforceSandboxFlags(mask);
}
-void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
{
- logToConsole(consoleMessage, contextURL, contextLine);
+ logToConsole(consoleMessage, contextURL, contextLine, callStack);
if (reportURIs.isEmpty())
return;
@@ -1523,12 +1522,9 @@
logToConsole(message);
}
-void ContentSecurityPolicy::logToConsole(const String& message, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+void ContentSecurityPolicy::logToConsole(const String& message, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
{
- RefPtr<ScriptCallStack> callStack;
- if (InspectorInstrumentation::hasFrontends())
- callStack = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
- m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, contextURL, contextLine.oneBasedInt(), (callStack && callStack->size() > 0) ? callStack : 0);
+ m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, contextURL, contextLine.oneBasedInt(), callStack);
}
}
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.h (126853 => 126854)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-08-28 07:59:34 UTC (rev 126854)
@@ -40,6 +40,7 @@
namespace WebCore {
class CSPDirectiveList;
+class ScriptCallStack;
class DOMStringList;
class ScriptExecutionContext;
class SecurityOrigin;
@@ -78,7 +79,7 @@
bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
- bool allowEval(ReportingStatus = SendReport) const;
+ bool allowEval(PassRefPtr<ScriptCallStack>, ReportingStatus = SendReport) const;
bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& = KURL()) const;
bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
@@ -103,7 +104,7 @@
void reportInvalidPluginTypes(const String&) const;
void reportInvalidSourceExpression(const String& directiveName, const String& source) const;
void reportUnrecognizedDirective(const String&) const;
- void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
+ void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
const KURL& url() const;
KURL completeURL(const String&) const;
@@ -113,7 +114,7 @@
private:
explicit ContentSecurityPolicy(ScriptExecutionContext*);
- void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
+ void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
ScriptExecutionContext* m_scriptExecutionContext;
bool m_overrideInlineStyleAllowed;
Modified: trunk/Source/WebCore/page/DOMSecurityPolicy.cpp (126853 => 126854)
--- trunk/Source/WebCore/page/DOMSecurityPolicy.cpp 2012-08-28 07:56:41 UTC (rev 126853)
+++ trunk/Source/WebCore/page/DOMSecurityPolicy.cpp 2012-08-28 07:59:34 UTC (rev 126854)
@@ -120,7 +120,7 @@
if (!isActive())
return true;
- return scriptExecutionContext()->contentSecurityPolicy()->allowEval(ContentSecurityPolicy::SuppressReport);
+ return scriptExecutionContext()->contentSecurityPolicy()->allowEval(0, ContentSecurityPolicy::SuppressReport);
}
_______________________________________________ webkit-changes mailing list [email protected] http://lists.webkit.org/mailman/listinfo/webkit-changes
