Diff
Modified: trunk/LayoutTests/ChangeLog (133619 => 133620)
--- trunk/LayoutTests/ChangeLog 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/ChangeLog 2012-11-06 17:15:29 UTC (rev 133620)
@@ -1,3 +1,34 @@
+2012-11-06 Mike West <[email protected]>
+
+ CSP 1.1: Tweak the script interface to match the spec.
+ https://bugs.webkit.org/show_bug.cgi?id=101321
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html:
+ * http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js:
+ s/document.SecurityPolicy/document.securityPolicy/g
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html: Added.
+ For whatever reason, we never wrote tests for these methods. Now we
+ have, which is good.
+
2012-11-06 David Barton <[email protected]>
Unreviewed gardening after bug 101115 fixed.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,7 +3,7 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsConnectionTo('http://example.com/'))
+ if (document.securityPolicy.allowsConnectionTo('http://example.com/'))
log('PASS connection is allowed when no policy exists.');
else
log('FAIL connection is not allowed when no policy exists.');
@@ -11,7 +11,7 @@
injectPolicy("connect-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsConnectionTo('http://example.com/'))
+ if (!document.securityPolicy.allowsConnectionTo('http://example.com/'))
log('PASS connection is not allowed when policy exists.');
else
log('FAIL connection is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsEval())
+ if (document.securityPolicy.allowsEval)
log('PASS eval is allowed when no policy exists.');
else
log('FAIL eval is not allowed when no policy exists.');
injectPolicy("script-src 'unsafe-inline';");
- if (!document.SecurityPolicy.allowsEval())
+ if (!document.securityPolicy.allowsEval)
log('PASS eval is not allowed when policy exists.');
else
log('FAIL eval is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsFontFrom('http://example.com/'))
+ if (document.securityPolicy.allowsFontFrom('http://example.com/'))
log('PASS font is allowed when no policy exists.');
else
log('FAIL font is not allowed when no policy exists.');
injectPolicy("font-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsFontFrom('http://example.com/'))
+ if (!document.securityPolicy.allowsFontFrom('http://example.com/'))
log('PASS font is not allowed when policy exists.');
else
log('PASS font is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,7 +3,7 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsFormAction('http://example.com/'))
+ if (document.securityPolicy.allowsFormAction('http://example.com/'))
log('PASS form action is allowed when no policy exists.');
else
log('FAIL form action is not allowed when no policy exists.');
@@ -11,7 +11,7 @@
injectPolicy("form-action http://notexample.com;");
- if (!document.SecurityPolicy.allowsFormAction('http://example.com/'))
+ if (!document.securityPolicy.allowsFormAction('http://example.com/'))
log('PASS form action is not allowed when policy exists.');
else
log('FAIL form action is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsFrameFrom('http://example.com/'))
+ if (document.securityPolicy.allowsFrameFrom('http://example.com/'))
log('PASS frame is allowed when no policy exists.');
else
log('FAIL frame is not allowed when no policy exists.');
injectPolicy("frame-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsFrameFrom('http://example.com/'))
+ if (!document.securityPolicy.allowsFrameFrom('http://example.com/'))
log('PASS frame is not allowed when policy exists.');
else
log('FAIL frame is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsImageFrom('http://example.com/'))
+ if (document.securityPolicy.allowsImageFrom('http://example.com/'))
log('PASS image is allowed when no policy exists.');
else
log('FAIL image is not allowed when no policy exists.');
injectPolicy("img-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsImageFrom('http://example.com/'))
+ if (!document.securityPolicy.allowsImageFrom('http://example.com/'))
log('PASS image is not allowed when policy exists.');
else
log('FAIL image is allowed when policy exists.');
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt (0 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt 2012-11-06 17:15:29 UTC (rev 133620)
@@ -0,0 +1,3 @@
+PASS inline script is allowed when no policy exists.
+PASS inline script is not allowed when policy exists.
+
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html (0 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -0,0 +1,19 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+ <body>
+ <script src=""
+ <script>
+ if (document.securityPolicy.allowsInlineScript)
+ log('PASS inline script is allowed when no policy exists.');
+ else
+ log('FAIL inline script is not allowed when no policy exists.');
+
+ injectPolicy("script-src 'unsafe-eval';");
+
+ if (!document.securityPolicy.allowsInlineScript)
+ log('PASS inline script is not allowed when policy exists.');
+ else
+ log('FAIL inline script is allowed when policy exists.');
+ </script>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt (0 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt 2012-11-06 17:15:29 UTC (rev 133620)
@@ -0,0 +1,3 @@
+PASS inline style is allowed when no policy exists.
+PASS inline style is not allowed when policy exists.
+
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html (0 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -0,0 +1,19 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+ <body>
+ <script src=""
+ <script>
+ if (document.securityPolicy.allowsInlineStyle)
+ log('PASS inline style is allowed when no policy exists.');
+ else
+ log('FAIL inline style is not allowed when no policy exists.');
+
+ injectPolicy("style-src 'none';");
+
+ if (!document.securityPolicy.allowsInlineStyle)
+ log('PASS inline style is not allowed when policy exists.');
+ else
+ log('FAIL inline style is allowed when policy exists.');
+ </script>
+ </body>
+</html>
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsMediaFrom('http://example.com/'))
+ if (document.securityPolicy.allowsMediaFrom('http://example.com/'))
log('PASS media is allowed when no policy exists.');
else
log('FAIL media is not allowed when no policy exists.');
injectPolicy("media-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsMediaFrom('http://example.com/'))
+ if (!document.securityPolicy.allowsMediaFrom('http://example.com/'))
log('PASS media is not allowed when policy exists.');
else
log('FAIL media is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsObjectFrom('http://example.com/'))
+ if (document.securityPolicy.allowsObjectFrom('http://example.com/'))
log('PASS object is allowed when no policy exists.');
else
log('FAIL object is not allowed when no policy exists.');
injectPolicy("object-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsObjectFrom('http://example.com/'))
+ if (!document.securityPolicy.allowsObjectFrom('http://example.com/'))
log('PASS object is not allowed when policy exists.');
else
log('FAIL object is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,7 +3,7 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsPluginType('application/x-shockwave-flash'))
+ if (document.securityPolicy.allowsPluginType('application/x-shockwave-flash'))
log('PASS plugin type is allowed when no policy exists.');
else
log('FAIL plugin type is not allowed when no policy exists.');
@@ -11,7 +11,7 @@
injectPolicy("plugin-types application/x-webkit-test-netscape;");
- if (!document.SecurityPolicy.allowsPluginType('application/x-shockwave-flash'))
+ if (!document.securityPolicy.allowsPluginType('application/x-shockwave-flash'))
log('PASS plugin type is not allowed when policy exists.');
else
log('FAIL plugin type is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsScriptFrom('http://example.com/'))
+ if (document.securityPolicy.allowsScriptFrom('http://example.com/'))
log('PASS script is allowed when no policy exists.');
else
log('FAIL script is not allowed when no policy exists.');
injectPolicy("script-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsScriptFrom('http://example.com/'))
+ if (!document.securityPolicy.allowsScriptFrom('http://example.com/'))
log('PASS script is not allowed when policy exists.');
else
log('FAIL script is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,14 +3,14 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.allowsStyleFrom('http://example.com/'))
+ if (document.securityPolicy.allowsStyleFrom('http://example.com/'))
log('PASS style is allowed when no policy exists.');
else
log('FAIL style is not allowed when no policy exists.');
injectPolicy("style-src http://notexample.com;");
- if (!document.SecurityPolicy.allowsStyleFrom('http://example.com/'))
+ if (!document.securityPolicy.allowsStyleFrom('http://example.com/'))
log('PASS style is not allowed when policy exists.');
else
log('FAIL style is allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt 2012-11-06 17:15:29 UTC (rev 133620)
@@ -1,3 +1,3 @@
-PASS document.SecurityPolicy.active is false when no policy exists.
-PASS document.SecurityPolicy.active is true when policy exists.
+PASS document.securityPolicy.active is false when no policy exists.
+PASS document.securityPolicy.active is true when policy exists.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,17 +3,17 @@
<body>
<script src=""
<script>
- if (!document.SecurityPolicy.isActive())
- log('PASS document.SecurityPolicy.active is false when no policy exists.');
+ if (!document.securityPolicy.isActive)
+ log('PASS document.securityPolicy.active is false when no policy exists.');
else
- log('FAIL document.SecurityPolicy.active is truw when no policy exists.');
+ log('FAIL document.securityPolicy.active is truw when no policy exists.');
injectPolicy("script-src 'unsafe-inline';");
- if (document.SecurityPolicy.isActive())
- log('PASS document.SecurityPolicy.active is true when policy exists.');
+ if (document.securityPolicy.isActive)
+ log('PASS document.securityPolicy.active is true when policy exists.');
else
- log('FAIL document.SecurityPolicy.active is false when policy exists.');
+ log('FAIL document.securityPolicy.active is false when policy exists.');
</script>
</body>
</html>
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt 2012-11-06 17:15:29 UTC (rev 133620)
@@ -1,4 +1,4 @@
-PASS document.SecurityPolicy.reportURIs has length 0 when no policy exists.
-PASS document.SecurityPolicy.reportURIs has length 1 when policy exists.
-PASS document.SecurityPolicy.reportURIs[0] is correct.
+PASS document.securityPolicy.reportURIs has length 0 when no policy exists.
+PASS document.securityPolicy.reportURIs has length 1 when policy exists.
+PASS document.securityPolicy.reportURIs[0] is correct.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html 2012-11-06 17:15:29 UTC (rev 133620)
@@ -3,22 +3,22 @@
<body>
<script src=""
<script>
- if (document.SecurityPolicy.reportURIs.length === 0)
- log('PASS document.SecurityPolicy.reportURIs has length 0 when no policy exists.');
+ if (document.securityPolicy.reportURIs.length === 0)
+ log('PASS document.securityPolicy.reportURIs has length 0 when no policy exists.');
else
- log('FAIL document.SecurityPolicy.reportURIs has length ' + document.SecurityPolicy.reportURIs.length + ' when no policy exists.');
+ log('FAIL document.securityPolicy.reportURIs has length ' + document.securityPolicy.reportURIs.length + ' when no policy exists.');
injectPolicy('report-uri http://example.com');
- if (document.SecurityPolicy.reportURIs.length === 1)
- log('PASS document.SecurityPolicy.reportURIs has length 1 when policy exists.');
+ if (document.securityPolicy.reportURIs.length === 1)
+ log('PASS document.securityPolicy.reportURIs has length 1 when policy exists.');
else
- log('FAIL document.SecurityPolicy.reportURIs has length ' + document.SecurityPolicy.reportURIs.length + ' when policy exists.');
+ log('FAIL document.securityPolicy.reportURIs has length ' + document.securityPolicy.reportURIs.length + ' when policy exists.');
- if (document.SecurityPolicy.reportURIs[0] === "http://example.com/")
- log('PASS document.SecurityPolicy.reportURIs[0] is correct.');
+ if (document.securityPolicy.reportURIs[0] === "http://example.com/")
+ log('PASS document.securityPolicy.reportURIs[0] is correct.');
else
- log('FAIL document.SecurityPolicy.reportURIs[0] is ' + document.SecurityPolicy.reportURIs[0] + ' (should be `http://example.com/`).');
+ log('FAIL document.securityPolicy.reportURIs[0] is ' + document.securityPolicy.reportURIs[0] + ' (should be `http://example.com/`).');
</script>
</body>
</html>
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js (133619 => 133620)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js 2012-11-06 17:15:29 UTC (rev 133620)
@@ -14,6 +14,6 @@
document.head.appendChild(meta);
}
-if (!document.SecurityPolicy)
+if (!document.securityPolicy)
log('FAIL document.securityPolicy is not defined.')
Modified: trunk/Source/WebCore/ChangeLog (133619 => 133620)
--- trunk/Source/WebCore/ChangeLog 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/Source/WebCore/ChangeLog 2012-11-06 17:15:29 UTC (rev 133620)
@@ -1,3 +1,31 @@
+2012-11-06 Mike West <[email protected]>
+
+ CSP 1.1: Tweak the script interface to match the spec.
+ https://bugs.webkit.org/show_bug.cgi?id=101321
+
+ Reviewed by Adam Barth.
+
+ This patch brings WebKit in line with the changes made to the spec in
+ https://dvcs.w3.org/hg/content-security-policy/rev/5a29424a37d4.
+ Specifically, the following:
+
+ - Renamed 'document.SecurityPolicy' to 'document.securityPolicy'
+ - Converted the following to read-only boolean attributes:
+ - 'allowsEval'
+ - 'allowsInlineScript'
+ - 'allowsInlineStyle'
+ - 'isActive'
+
+ These changes only have effect for ports with CSP_NEXT enabled.
+
+ Tests: http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html
+ http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html
+
+ * dom/Document.idl:
+ * page/DOMSecurityPolicy.idl:
+ Tweaking the IDL files to match the new definition of the
+ functionlity in the spec.
+
2012-11-06 Andrey Lushnikov <[email protected]>
Added console.clear() method
Modified: trunk/Source/WebCore/dom/Document.idl (133619 => 133620)
--- trunk/Source/WebCore/dom/Document.idl 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/Source/WebCore/dom/Document.idl 2012-11-06 17:15:29 UTC (rev 133620)
@@ -366,7 +366,7 @@
[Conditional=PAGE_VISIBILITY_API] readonly attribute boolean webkitHidden;
// Security Policy API: http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-interfaces
- [Conditional=CSP_NEXT] readonly attribute DOMSecurityPolicy SecurityPolicy;
+ [Conditional=CSP_NEXT] readonly attribute DOMSecurityPolicy securityPolicy;
};
Modified: trunk/Source/WebCore/page/DOMSecurityPolicy.idl (133619 => 133620)
--- trunk/Source/WebCore/page/DOMSecurityPolicy.idl 2012-11-06 16:44:46 UTC (rev 133619)
+++ trunk/Source/WebCore/page/DOMSecurityPolicy.idl 2012-11-06 17:15:29 UTC (rev 133620)
@@ -27,10 +27,13 @@
OmitConstructor,
InterfaceName=SecurityPolicy
] interface DOMSecurityPolicy {
+ readonly attribute boolean allowsEval;
+ readonly attribute boolean allowsInlineScript;
+ readonly attribute boolean allowsInlineStyle;
+ readonly attribute boolean isActive;
+
readonly attribute DOMStringList reportURIs;
- boolean isActive();
-
boolean allowsConnectionTo(in DOMString url);
boolean allowsFontFrom(in DOMString url);
boolean allowsFormAction(in DOMString url);
@@ -41,9 +44,4 @@
boolean allowsPluginType(in DOMString type);
boolean allowsScriptFrom(in DOMString url);
boolean allowsStyleFrom(in DOMString url);
-
- boolean allowsEval();
- boolean allowsInlineScript();
- boolean allowsInlineStyle();
};
-
