[webkit-changes] [WebKit/WebKit] 142d2a: Implement enforcement of `trusted-types` CSP direc...
Luke Warlow
noreply at github.com
Wed Feb 7 18:56:34 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 142d2a80207e10069b36196a19a83cda6b96223d
https://github.com/WebKit/WebKit/commit/142d2a80207e10069b36196a19a83cda6b96223d
Author: Luke Warlow <lwarlow at igalia.com>
Date: 2024-02-07 (Wed, 07 Feb 2024)
Changed paths:
M LayoutTests/TestExpectations
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicy-CSP-no-name-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-noNamesGiven-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-report-only-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-check-report-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-expected.txt
M Source/WebCore/dom/TrustedTypePolicyFactory.cpp
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
M Source/WebCore/page/csp/ContentSecurityPolicy.h
M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
M Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp
M Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.h
Log Message:
-----------
Implement enforcement of `trusted-types` CSP directive
https://bugs.webkit.org/show_bug.cgi?id=267632
Reviewed by Youenn Fablet.
This updates the trusted types policy creation code to validate that it's allowed by CSP.
* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicy-CSP-no-name-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-noNamesGiven-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-cspTests-none-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/TrustedTypePolicyFactory-createPolicy-nameTests-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-duplicate-names-list-report-only-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-check-report-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/trusted-types-reporting-expected.txt:
* Source/WebCore/dom/TrustedTypePolicyFactory.cpp:
(WebCore::TrustedTypePolicyFactory::createPolicy):
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowTrustedTypesPolicy const):
(WebCore::ContentSecurityPolicy::reportViolation const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForTrustedTypesPolicy const):
(WebCore::ContentSecurityPolicyDirectiveList::shouldReportSample const):
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h:
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.cpp:
(WebCore::ContentSecurityPolicyTrustedTypesDirective::allows const):
* Source/WebCore/page/csp/ContentSecurityPolicyTrustedTypesDirective.h:
Canonical link: https://commits.webkit.org/274263@main
More information about the webkit-changes
mailing list