Google Git
Sign in
webkit / WebKit / 399e2bec54f2806bfb1726fde93d63607a011c7b
commit399e2bec54f2806bfb1726fde93d63607a011c7b[log] [tgz]
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu May 05 00:32:36 2016 +0000
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu May 05 00:32:36 2016 +0000
treec3127aba18ec4d4d1ab935dca7d1a7a3d7366b72
parent62d002982500e46de3dc1173e65e83b96b7509d0 [diff]
CSP: Perform case sensitive match against path portion of source expression URL that ends in '/'
https://bugs.webkit.org/show_bug.cgi?id=157275

Reviewed by Darin Adler.

Source/WebCore:

Merged from Blink:
<https://chromium.googlesource.com/chromium/src/+/7bd0a75e3f71a10e71ded31ea5905d5ee3d992eb>

Perform a case-sensitive prefix match of the path portion a source expression that ends in '/'
against the path portion of a request URL as per step 8.5.4 of section Does url match expression
in origin with redirect count of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp>
(Editor's Draft, 27 April 2016).

* page/csp/ContentSecurityPolicySource.cpp:
(WebCore::ContentSecurityPolicySource::pathMatches):

LayoutTests:

Add test to ensure that the path portion of a request URL is case-sensitively
matched against the path portion of a source expression that ends in '/'.

* http/tests/security/contentSecurityPolicy/source-list-parsing-paths-01-expected.txt:
* http/tests/security/contentSecurityPolicy/source-list-parsing-paths-01.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200445 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5 files changed
tree: c3127aba18ec4d4d1ab935dca7d1a7a3d7366b72
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. ChangeLog
  14. ChangeLog-2012-05-22
  15. CMakeLists.txt
  16. Makefile
  17. Makefile.shared