<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[197118] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/197118">197118</a></dd>
<dt>Author</dt> <dd>dbates@webkit.org</dd>
<dt>Date</dt> <dd>2016-02-25 08:21:40 -0800 (Thu, 25 Feb 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
https://bugs.webkit.org/show_bug.cgi?id=154522
<rdar://problem/24762078>
Reviewed by Brent Fulgham.
Source/WebCore:
Include attributes statusCode and columnNumber in a dispatched SecurityPolicyViolationEvent and
as part of the SecurityPolicyViolationEventInit dictionary as per section Violation DOM Events
of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (24 February 2016).
Additionally, enable dispatching of this event when a Content Security Policy violation occurs regardless
of whether ENABLE(CSP_NEXT) is enabled.
Test: http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
* WebCore.xcodeproj/project.pbxproj: Add files JSSecurityPolicyViolationEvent.{cpp, h}.
* dom/EventNames.in: Enable support for SecurityPolicyViolationEvent unconditionally.
* dom/SecurityPolicyViolationEvent.h: Remove ENABLE(CSP_NEXT)-guard so that we compile this
code unconditionally. Modified SecurityPolicyViolationEventInit and SecurityPolicyViolationEvent
to support attributes statusCode and columnNumebr.
* dom/SecurityPolicyViolationEvent.idl: Add attributes statusCode and columnNumber.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reportViolation): Modified to both dispatch a SecurityPolicyViolationEvent
and send a violation report (if applicable).
LayoutTests:
Add new test http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
to ensure that SecurityPolicyViolationEvent.statusCode is 0 when dispatched for a violation on an HTTPS-served
document per section Reporting of the Content Security Policy 2.0 spec, <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
Update existing test results and mark more tests as PASS in file LayoutTests/TestExpectations.
* TestExpectations: Mark tests http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation*.html as PASS
so that we run them.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt: Update expected result to
reflect failing sub-test. We do not support the experimental JavaScript event listener onsecuritypolicyviolation when
building with ENABLE(CSP_NEXT) disabled.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt: Update line and column numbers.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html: Ditto.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html: Ditto.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html: Ditto.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html: Update line and column numbers.
* js/dom/global-constructors-attributes-expected.txt: Update expected results now that we expose SecurityPolicyViolationEvent.
* platform/efl/js/dom/global-constructors-attributes-expected.txt: Ditto.
* platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt: Ditto.
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt: Ditto.
* platform/mac/js/dom/global-constructors-attributes-expected.txt: Ditto.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationbasicsexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimageexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimagefromscriptexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimagefromscripthtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimagehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimageexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagefromscriptexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagefromscripthtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html</a></li>
<li><a href="#trunkLayoutTestsjsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformefljsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/platform/efl/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacjsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacmavericksjsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacyosemitejsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreWebCorexcodeprojprojectpbxproj">trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceWebCoredomEventNamesin">trunk/Source/WebCore/dom/EventNames.in</a></li>
<li><a href="#trunkSourceWebCoredomSecurityPolicyViolationEventh">trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.h</a></li>
<li><a href="#trunkSourceWebCoredomSecurityPolicyViolationEventidl">trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.idl</a></li>
<li><a href="#trunkSourceWebCorepagecspContentSecurityPolicycpp">trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagehttpsexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagehttpshtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/ChangeLog 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1,3 +1,37 @@
</span><ins>+2016-02-25 Daniel Bates <dabates@apple.com>
+
+ CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
+ https://bugs.webkit.org/show_bug.cgi?id=154522
+ <rdar://problem/24762078>
+
+ Reviewed by Brent Fulgham.
+
+ Add new test http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
+ to ensure that SecurityPolicyViolationEvent.statusCode is 0 when dispatched for a violation on an HTTPS-served
+ document per section Reporting of the Content Security Policy 2.0 spec, <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
+ Update existing test results and mark more tests as PASS in file LayoutTests/TestExpectations.
+
+ * TestExpectations: Mark tests http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation*.html as PASS
+ so that we run them.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt: Update expected result to
+ reflect failing sub-test. We do not support the experimental JavaScript event listener onsecuritypolicyviolation when
+ building with ENABLE(CSP_NEXT) disabled.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt: Update line and column numbers.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt: Ditto.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html: Ditto.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html: Ditto.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt: Ditto.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt: Ditto.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html: Ditto.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html: Update line and column numbers.
+ * js/dom/global-constructors-attributes-expected.txt: Update expected results now that we expose SecurityPolicyViolationEvent.
+ * platform/efl/js/dom/global-constructors-attributes-expected.txt: Ditto.
+ * platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt: Ditto.
+ * platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt: Ditto.
+ * platform/mac/js/dom/global-constructors-attributes-expected.txt: Ditto.
+
</ins><span class="cx"> 2016-02-25 Eric Carlson <eric.carlson@apple.com>
</span><span class="cx">
</span><span class="cx"> [MediaStream] MediaDeviceInfo deviceId and groupId must be unique to the page's origin
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/TestExpectations 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -814,6 +814,12 @@
</span><span class="cx"> http/tests/security/contentSecurityPolicy/1.1/base-uri-default-ignored.html [ Pass ]
</span><span class="cx"> http/tests/security/contentSecurityPolicy/1.1/base-uri-deny.html [ Pass ]
</span><span class="cx"> http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php [ Pass ]
</span><ins>+http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics.html [ Pass ]
+http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html [ Pass ]
+http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html [ Pass ]
+http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html [ Pass ]
+http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html [ Pass ]
+http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html [ Pass ]
</ins><span class="cx"> webkit.org/b/154203 http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-overrides-xfo.html
</span><span class="cx"> webkit.org/b/154203 http/tests/security/contentSecurityPolicy/1.1/scripthash-default-src.html
</span><span class="cx"> webkit.org/b/154203 http/tests/security/contentSecurityPolicy/1.1/stylehash-default-src.html
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationbasicsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -3,7 +3,7 @@
</span><span class="cx"> On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
</span><span class="cx">
</span><span class="cx">
</span><del>-PASS typeof document.onsecuritypolicyviolation is "object"
</del><ins>+FAIL typeof document.onsecuritypolicyviolation should be object. Was undefined.
</ins><span class="cx"> PASS typeof SecurityPolicyViolationEvent is "function"
</span><span class="cx"> PASS typeof window.e is "object"
</span><span class="cx"> PASS window.e.documentURI is "documentURIValue"
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimageexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -13,8 +13,8 @@
</span><span class="cx"> PASS window.e.effectiveDirective is "img-src"
</span><span class="cx"> PASS window.e.originalPolicy is "img-src 'none'"
</span><span class="cx"> PASS window.e.sourceFile is "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html"
</span><del>-PASS window.e.lineNumber is 23
-PASS window.e.columnNumber is 21
</del><ins>+PASS window.e.lineNumber is 25
+PASS window.e.columnNumber is 16
</ins><span class="cx"> PASS window.e.statusCode is 200
</span><span class="cx"> PASS successfullyParsed is true
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimagefromscriptexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -14,7 +14,7 @@
</span><span class="cx"> PASS window.e.originalPolicy is "img-src 'none'"
</span><span class="cx"> PASS window.e.sourceFile is "http://localhost:8000"
</span><span class="cx"> PASS window.e.lineNumber is 3
</span><del>-PASS window.e.columnNumber is 7
</del><ins>+PASS window.e.columnNumber is 2
</ins><span class="cx"> PASS window.e.statusCode is 200
</span><span class="cx"> PASS successfullyParsed is true
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimagefromscripthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> 'originalPolicy': 'img-src \'none\'',
</span><span class="cx"> 'sourceFile': 'http://localhost:8000',
</span><span class="cx"> 'lineNumber': 3,
</span><del>- 'columnNumber': 7,
</del><ins>+ 'columnNumber': 2,
</ins><span class="cx"> 'statusCode': 200,
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockcrossoriginimagehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -15,8 +15,8 @@
</span><span class="cx"> 'effectiveDirective': 'img-src',
</span><span class="cx"> 'originalPolicy': 'img-src \'none\'',
</span><span class="cx"> 'sourceFile': document.location.toString(),
</span><del>- 'lineNumber': 23,
- 'columnNumber': 21,
</del><ins>+ 'lineNumber': 25,
+ 'columnNumber': 16,
</ins><span class="cx"> 'statusCode': 200,
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimageexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -13,8 +13,8 @@
</span><span class="cx"> PASS window.e.effectiveDirective is "img-src"
</span><span class="cx"> PASS window.e.originalPolicy is "img-src 'none'"
</span><span class="cx"> PASS window.e.sourceFile is "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html"
</span><del>-PASS window.e.lineNumber is 23
-PASS window.e.columnNumber is 21
</del><ins>+PASS window.e.lineNumber is 25
+PASS window.e.columnNumber is 16
</ins><span class="cx"> PASS window.e.statusCode is 200
</span><span class="cx"> PASS successfullyParsed is true
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagefromscriptexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -14,7 +14,7 @@
</span><span class="cx"> PASS window.e.originalPolicy is "img-src 'none'"
</span><span class="cx"> PASS window.e.sourceFile is "http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js"
</span><span class="cx"> PASS window.e.lineNumber is 3
</span><del>-PASS window.e.columnNumber is 7
</del><ins>+PASS window.e.columnNumber is 2
</ins><span class="cx"> PASS window.e.statusCode is 200
</span><span class="cx"> PASS successfullyParsed is true
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagefromscripthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> 'originalPolicy': 'img-src \'none\'',
</span><span class="cx"> 'sourceFile': 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js',
</span><span class="cx"> 'lineNumber': 3,
</span><del>- 'columnNumber': 7,
</del><ins>+ 'columnNumber': 2,
</ins><span class="cx"> 'statusCode': 200,
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagehttpsexpectedtxtfromrev197114trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimageexpectedtxt"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt (from rev 197114, trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt) (0 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+Check that a SecurityPolicyViolationEvent is fired upon blocking an image.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Kicking off the tests:
+PASS window.e.documentURI is "https://127.0.0.1:8443/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html"
+PASS window.e.referrer is "http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html"
+FAIL window.e.blockedURI should be http://127.0.0.1:8000/security/resources/abe.png. Was http://127.0.0.1:8000.
+PASS window.e.violatedDirective is "img-src 'none'"
+PASS window.e.effectiveDirective is "img-src"
+PASS window.e.originalPolicy is "img-src 'none'"
+PASS window.e.sourceFile is "https://127.0.0.1:8443/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html"
+PASS window.e.lineNumber is 25
+PASS window.e.columnNumber is 16
+PASS window.e.statusCode is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagehttpshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html (0 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11securitypolicyviolationblockimagehtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -15,14 +15,14 @@
</span><span class="cx"> 'effectiveDirective': 'img-src',
</span><span class="cx"> 'originalPolicy': 'img-src \'none\'',
</span><span class="cx"> 'sourceFile': document.location.toString(),
</span><del>- 'lineNumber': 23,
- 'columnNumber': 21,
- 'statusCode': 200,
</del><ins>+ 'lineNumber': 25,
+ 'columnNumber': 16,
+ 'statusCode': document.location.protocol === 'http:' ? 200 : 0,
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> function run() {
</span><span class="cx"> var img = document.createElement('img');
</span><del>- img.src = '/security/resources/abe.png';
</del><ins>+ img.src = 'http://127.0.0.1:8000/security/resources/abe.png';
</ins><span class="cx"> document.body.appendChild(img);
</span><span class="cx"> }
</span><span class="cx"> </script>
</span></span></pre></div>
<a id="trunkLayoutTestsjsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/dom/global-constructors-attributes-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1718,6 +1718,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').value is SecurityPolicyViolationEvent
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').value is Selection
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsplatformefljsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/efl/js/dom/global-constructors-attributes-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/efl/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/platform/efl/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1788,6 +1788,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').value is SecurityPolicyViolationEvent
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').value is Selection
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacjsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1923,6 +1923,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').value is SecurityPolicyViolationEvent
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').value is Selection
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacmavericksjsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1798,6 +1798,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').value is SecurityPolicyViolationEvent
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').value is Selection
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacyosemitejsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1923,6 +1923,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').value is SecurityPolicyViolationEvent
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').value is Selection
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'Selection').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/Source/WebCore/ChangeLog 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1,3 +1,29 @@
</span><ins>+2016-02-25 Daniel Bates <dabates@apple.com>
+
+ CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
+ https://bugs.webkit.org/show_bug.cgi?id=154522
+ <rdar://problem/24762078>
+
+ Reviewed by Brent Fulgham.
+
+ Include attributes statusCode and columnNumber in a dispatched SecurityPolicyViolationEvent and
+ as part of the SecurityPolicyViolationEventInit dictionary as per section Violation DOM Events
+ of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (24 February 2016).
+ Additionally, enable dispatching of this event when a Content Security Policy violation occurs regardless
+ of whether ENABLE(CSP_NEXT) is enabled.
+
+ Test: http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
+
+ * WebCore.xcodeproj/project.pbxproj: Add files JSSecurityPolicyViolationEvent.{cpp, h}.
+ * dom/EventNames.in: Enable support for SecurityPolicyViolationEvent unconditionally.
+ * dom/SecurityPolicyViolationEvent.h: Remove ENABLE(CSP_NEXT)-guard so that we compile this
+ code unconditionally. Modified SecurityPolicyViolationEventInit and SecurityPolicyViolationEvent
+ to support attributes statusCode and columnNumebr.
+ * dom/SecurityPolicyViolationEvent.idl: Add attributes statusCode and columnNumber.
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::reportViolation): Modified to both dispatch a SecurityPolicyViolationEvent
+ and send a violation report (if applicable).
+
</ins><span class="cx"> 2016-02-25 Eric Carlson <eric.carlson@apple.com>
</span><span class="cx">
</span><span class="cx"> [MediaStream] MediaDeviceInfo deviceId and groupId must be unique to the page's origin
</span></span></pre></div>
<a id="trunkSourceWebCoreWebCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -6255,6 +6255,8 @@
</span><span class="cx"> CECADFCD1537791D00E37068 /* TextInsertionBaseCommand.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CECADFCB1537791D00E37068 /* TextInsertionBaseCommand.cpp */; };
</span><span class="cx"> CECADFCE1537791D00E37068 /* TextInsertionBaseCommand.h in Headers */ = {isa = PBXBuildFile; fileRef = CECADFCC1537791D00E37068 /* TextInsertionBaseCommand.h */; };
</span><span class="cx"> CECCFC3B141973D5002A0AC1 /* DecodeEscapeSequences.h in Headers */ = {isa = PBXBuildFile; fileRef = CECCFC3A141973D5002A0AC1 /* DecodeEscapeSequences.h */; };
</span><ins>+ CED06AD01C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CED06ACE1C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.cpp */; };
+ CED06AD11C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = CED06ACF1C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.h */; };
</ins><span class="cx"> CEDA12D7152CA1CB00D9E08D /* AlternativeTextClient.h in Headers */ = {isa = PBXBuildFile; fileRef = CEDA12D6152CA1CB00D9E08D /* AlternativeTextClient.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> CEE27ACB1BBB53A20072400A /* pthreadSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = CEE27ACA1BBB53A20072400A /* pthreadSPI.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> CEEFCD7919DB31F7003876D7 /* MediaResourceLoader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CEEFCD7719DB31F7003876D7 /* MediaResourceLoader.cpp */; };
</span><span class="lines">@@ -14278,6 +14280,8 @@
</span><span class="cx"> CECADFCB1537791D00E37068 /* TextInsertionBaseCommand.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TextInsertionBaseCommand.cpp; sourceTree = "<group>"; };
</span><span class="cx"> CECADFCC1537791D00E37068 /* TextInsertionBaseCommand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TextInsertionBaseCommand.h; sourceTree = "<group>"; };
</span><span class="cx"> CECCFC3A141973D5002A0AC1 /* DecodeEscapeSequences.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DecodeEscapeSequences.h; sourceTree = "<group>"; };
</span><ins>+ CED06ACE1C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSecurityPolicyViolationEvent.cpp; sourceTree = "<group>"; };
+ CED06ACF1C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSSecurityPolicyViolationEvent.h; sourceTree = "<group>"; };
</ins><span class="cx"> CEDA12D6152CA1CB00D9E08D /* AlternativeTextClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AlternativeTextClient.h; sourceTree = "<group>"; };
</span><span class="cx"> CEE27ACA1BBB53A20072400A /* pthreadSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pthreadSPI.h; sourceTree = "<group>"; };
</span><span class="cx"> CEEC6034187DD962003E43BB /* TextTrackRepresentationIOS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TextTrackRepresentationIOS.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -20986,6 +20990,8 @@
</span><span class="cx"> E1284BAF10449FFA00EAEB52 /* JSPageTransitionEvent.h */,
</span><span class="cx"> 5189F01B10B37BD900F3C739 /* JSPopStateEvent.cpp */,
</span><span class="cx"> 5189F01C10B37BD900F3C739 /* JSPopStateEvent.h */,
</span><ins>+ CED06ACE1C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.cpp */,
+ CED06ACF1C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.h */,
</ins><span class="cx"> 933A14B60B7D1D5200A53FFD /* JSTextEvent.cpp */,
</span><span class="cx"> 933A14B70B7D1D5200A53FFD /* JSTextEvent.h */,
</span><span class="cx"> 0FDA7C10188322EB00C954B5 /* JSTouch.cpp */,
</span><span class="lines">@@ -26817,6 +26823,7 @@
</span><span class="cx"> FDA15ECE12B03F61003A583A /* JSScriptProcessorNode.h in Headers */,
</span><span class="cx"> 9FA37EFB1172FDA600C4CD55 /* JSScriptProfile.h in Headers */,
</span><span class="cx"> 9FA37EFD1172FDA600C4CD55 /* JSScriptProfileNode.h in Headers */,
</span><ins>+ CED06AD11C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.h in Headers */,
</ins><span class="cx"> 9BDA64D81B975CF2009C4387 /* JSShadowRoot.h in Headers */,
</span><span class="cx"> CD9DE17B17AAC75B00EA386D /* JSSourceBuffer.h in Headers */,
</span><span class="cx"> CD9DE17D17AAC75B00EA386D /* JSSourceBufferList.h in Headers */,
</span><span class="lines">@@ -30572,6 +30579,7 @@
</span><span class="cx"> FDA15ECD12B03F61003A583A /* JSScriptProcessorNode.cpp in Sources */,
</span><span class="cx"> 9FA37EFA1172FDA600C4CD55 /* JSScriptProfile.cpp in Sources */,
</span><span class="cx"> 9FA37EFC1172FDA600C4CD55 /* JSScriptProfileNode.cpp in Sources */,
</span><ins>+ CED06AD01C77754800FDFAF1 /* JSSecurityPolicyViolationEvent.cpp in Sources */,
</ins><span class="cx"> 9BDA64D71B975CE5009C4387 /* JSShadowRoot.cpp in Sources */,
</span><span class="cx"> CD9DE17A17AAC75B00EA386D /* JSSourceBuffer.cpp in Sources */,
</span><span class="cx"> CD9DE17C17AAC75B00EA386D /* JSSourceBufferList.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceWebCoredomEventNamesin"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/EventNames.in (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/EventNames.in 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/Source/WebCore/dom/EventNames.in 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -57,7 +57,7 @@
</span><span class="cx"> TrackEvent conditional=VIDEO_TRACK
</span><span class="cx"> AutocompleteErrorEvent conditional=REQUEST_AUTOCOMPLETE
</span><span class="cx"> CSSFontFaceLoadEvent conditional=FONT_LOAD_EVENTS
</span><del>-SecurityPolicyViolationEvent conditional=CSP_NEXT
</del><ins>+SecurityPolicyViolationEvent
</ins><span class="cx"> UIRequestEvent conditional=INDIE_UI
</span><span class="cx"> GestureEvent conditional=IOS_GESTURE_EVENTS|MAC_GESTURE_EVENTS
</span><span class="cx"> WebKitPlaybackTargetAvailabilityEvent conditional=WIRELESS_PLAYBACK_TARGET
</span></span></pre></div>
<a id="trunkSourceWebCoredomSecurityPolicyViolationEventh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.h (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.h 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.h 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2013 Google Inc. All rights reserved.
</span><ins>+ * Copyright (C) 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -25,8 +26,6 @@
</span><span class="cx"> #ifndef SecurityPolicyViolationEvent_h
</span><span class="cx"> #define SecurityPolicyViolationEvent_h
</span><span class="cx">
</span><del>-#if ENABLE(CSP_NEXT)
-
</del><span class="cx"> #include "Event.h"
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="lines">@@ -39,14 +38,16 @@
</span><span class="cx"> String effectiveDirective;
</span><span class="cx"> String originalPolicy;
</span><span class="cx"> String sourceFile;
</span><ins>+ unsigned short statusCode { 0 };
</ins><span class="cx"> int lineNumber { 0 };
</span><ins>+ int columnNumber { 0 };
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> class SecurityPolicyViolationEvent final : public Event {
</span><span class="cx"> public:
</span><del>- static Ref<SecurityPolicyViolationEvent> create(const AtomicString& type, bool canBubble, bool cancelable, const String& documentURI, const String& referrer, const String& blockedURI, const String& violatedDirective, const String& effectiveDirective, const String& originalPolicy, const String& sourceFile, int lineNumber)
</del><ins>+ static Ref<SecurityPolicyViolationEvent> create(const AtomicString& type, bool canBubble, bool cancelable, const String& documentURI, const String& referrer, const String& blockedURI, const String& violatedDirective, const String& effectiveDirective, const String& originalPolicy, const String& sourceFile, unsigned short statusCode, int lineNumber, int columnNumber)
</ins><span class="cx"> {
</span><del>- return adoptRef(*new SecurityPolicyViolationEvent(type, canBubble, cancelable, documentURI, referrer, blockedURI, violatedDirective, effectiveDirective, originalPolicy, sourceFile, lineNumber));
</del><ins>+ return adoptRef(*new SecurityPolicyViolationEvent(type, canBubble, cancelable, documentURI, referrer, blockedURI, violatedDirective, effectiveDirective, originalPolicy, sourceFile, statusCode, lineNumber, columnNumber));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static Ref<SecurityPolicyViolationEvent> createForBindings()
</span><span class="lines">@@ -66,7 +67,9 @@
</span><span class="cx"> const String& effectiveDirective() const { return m_effectiveDirective; }
</span><span class="cx"> const String& originalPolicy() const { return m_originalPolicy; }
</span><span class="cx"> const String& sourceFile() const { return m_sourceFile; }
</span><ins>+ unsigned short statusCode() const { return m_statusCode; }
</ins><span class="cx"> int lineNumber() const { return m_lineNumber; }
</span><ins>+ int columnNumber() const { return m_columnNumber; }
</ins><span class="cx">
</span><span class="cx"> virtual EventInterface eventInterface() const { return SecurityPolicyViolationEventInterfaceType; }
</span><span class="cx">
</span><span class="lines">@@ -75,7 +78,7 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- SecurityPolicyViolationEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& documentURI, const String& referrer, const String& blockedURI, const String& violatedDirective, const String& effectiveDirective, const String& originalPolicy, const String& sourceFile, int lineNumber)
</del><ins>+ SecurityPolicyViolationEvent(const AtomicString& type, bool canBubble, bool cancelable, const String& documentURI, const String& referrer, const String& blockedURI, const String& violatedDirective, const String& effectiveDirective, const String& originalPolicy, const String& sourceFile, unsigned short statusCode, int lineNumber, int columnNumber)
</ins><span class="cx"> : Event(type, canBubble, cancelable)
</span><span class="cx"> , m_documentURI(documentURI)
</span><span class="cx"> , m_referrer(referrer)
</span><span class="lines">@@ -84,7 +87,9 @@
</span><span class="cx"> , m_effectiveDirective(effectiveDirective)
</span><span class="cx"> , m_originalPolicy(originalPolicy)
</span><span class="cx"> , m_sourceFile(sourceFile)
</span><ins>+ , m_statusCode(statusCode)
</ins><span class="cx"> , m_lineNumber(lineNumber)
</span><ins>+ , m_columnNumber(columnNumber)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -97,7 +102,9 @@
</span><span class="cx"> , m_effectiveDirective(initializer.effectiveDirective)
</span><span class="cx"> , m_originalPolicy(initializer.originalPolicy)
</span><span class="cx"> , m_sourceFile(initializer.sourceFile)
</span><ins>+ , m_statusCode(initializer.statusCode)
</ins><span class="cx"> , m_lineNumber(initializer.lineNumber)
</span><ins>+ , m_columnNumber(initializer.columnNumber)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -108,11 +115,11 @@
</span><span class="cx"> String m_effectiveDirective;
</span><span class="cx"> String m_originalPolicy;
</span><span class="cx"> String m_sourceFile;
</span><ins>+ unsigned short m_statusCode;
</ins><span class="cx"> int m_lineNumber;
</span><ins>+ int m_columnNumber;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span><span class="cx">
</span><del>-#endif // ENABLE(CSP_NEXT)
-
</del><span class="cx"> #endif // SecurityPolicyViolationEvent_h
</span></span></pre></div>
<a id="trunkSourceWebCoredomSecurityPolicyViolationEventidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.idl (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.idl 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/Source/WebCore/dom/SecurityPolicyViolationEvent.idl 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2013 Google Inc. All rights reserved.
</span><ins>+ * Copyright (C) 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -23,7 +24,6 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> [
</span><del>- Conditional=CSP_NEXT,
</del><span class="cx"> ConstructorTemplate=Event,
</span><span class="cx"> ] interface SecurityPolicyViolationEvent : Event {
</span><span class="cx"> [InitializedByEventConstructor] readonly attribute DOMString documentURI;
</span><span class="lines">@@ -33,5 +33,7 @@
</span><span class="cx"> [InitializedByEventConstructor] readonly attribute DOMString effectiveDirective;
</span><span class="cx"> [InitializedByEventConstructor] readonly attribute DOMString originalPolicy;
</span><span class="cx"> [InitializedByEventConstructor] readonly attribute DOMString sourceFile;
</span><del>- [InitializedByEventConstructor] readonly attribute long lineNumber;
</del><ins>+ [InitializedByEventConstructor] readonly attribute unsigned short statusCode;
+ [InitializedByEventConstructor] readonly attribute long lineNumber;
+ [InitializedByEventConstructor] readonly attribute long columnNumber;
</ins><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebCorepagecspContentSecurityPolicycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (197117 => 197118)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-02-25 16:21:07 UTC (rev 197117)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-02-25 16:21:40 UTC (rev 197118)
</span><span class="lines">@@ -342,29 +342,31 @@
</span><span class="cx"> if (!frame)
</span><span class="cx"> return;
</span><span class="cx">
</span><del>-#if ENABLE(CSP_NEXT)
- if (experimentalFeaturesEnabled()) {
- // FIXME: This code means that we're gathering information like line numbers twice. Once we can bring this out from behind the flag, we should reuse the data gathered here when generating the JSON report below.
- String documentURI = document.url().string();
- String referrer = document.referrer();
- String blockedURI = stripURLForUseInReport(document, blockedURL);
- String violatedDirective = directiveText;
- String originalPolicy = header;
- String sourceFile = String();
- int lineNumber = 0;
-
- Ref<ScriptCallStack> stack = createScriptCallStack(JSMainThreadExecState::currentState(), 2);
- const ScriptCallFrame* callFrame = stack->firstNonNativeCallFrame();
- if (callFrame && callFrame->lineNumber()) {
- URL source = URL(URL(), callFrame->sourceURL());
- sourceFile = stripURLForUseInReport(document, source);
- lineNumber = callFrame->lineNumber();
- }
</del><ins>+ String documentURI = document.url().strippedForUseAsReferrer();
+ String referrer = document.referrer();
+ String blockedURI = stripURLForUseInReport(document, blockedURL);
+ String violatedDirective = directiveText;
+ String originalPolicy = header;
+ ASSERT(document.loader());
+ unsigned short statusCode = document.url().protocolIs("http") && document.loader() ? document.loader()->response().httpStatusCode() : 0;
</ins><span class="cx">
</span><del>- document.enqueueDocumentEvent(SecurityPolicyViolationEvent::create(eventNames().securitypolicyviolationEvent, false, false, documentURI, referrer, blockedURI, violatedDirective, effectiveDirective, originalPolicy, sourceFile, lineNumber));
</del><ins>+ String sourceFile;
+ int lineNumber = 0;
+ int columnNumber = 0;
+ RefPtr<ScriptCallStack> stack = createScriptCallStack(JSMainThreadExecState::currentState(), 2);
+ const ScriptCallFrame* callFrame = stack->firstNonNativeCallFrame();
+ if (callFrame && callFrame->lineNumber()) {
+ sourceFile = stripURLForUseInReport(document, URL(URL(), callFrame->sourceURL()));
+ lineNumber = callFrame->lineNumber();
+ columnNumber = callFrame->columnNumber();
</ins><span class="cx"> }
</span><del>-#endif
</del><span class="cx">
</span><ins>+ // 1. Dispatch violation event.
+ bool canBubble = false;
+ bool cancelable = false;
+ document.enqueueDocumentEvent(SecurityPolicyViolationEvent::create(eventNames().securitypolicyviolationEvent, canBubble, cancelable, documentURI, referrer, blockedURI, violatedDirective, effectiveDirective, originalPolicy, sourceFile, statusCode, lineNumber, columnNumber));
+
+ // 2. Send violation report (if applicable).
</ins><span class="cx"> if (reportURIs.isEmpty())
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -379,30 +381,23 @@
</span><span class="cx"> // harmless information.
</span><span class="cx">
</span><span class="cx"> RefPtr<InspectorObject> cspReport = InspectorObject::create();
</span><del>- cspReport->setString(ASCIILiteral("document-uri"), document.url().strippedForUseAsReferrer());
- cspReport->setString(ASCIILiteral("referrer"), document.referrer());
</del><ins>+ cspReport->setString(ASCIILiteral("document-uri"), documentURI);
+ cspReport->setString(ASCIILiteral("referrer"), referrer);
</ins><span class="cx"> cspReport->setString(ASCIILiteral("violated-directive"), directiveText);
</span><span class="cx"> cspReport->setString(ASCIILiteral("effective-directive"), effectiveDirective);
</span><del>- cspReport->setString(ASCIILiteral("original-policy"), header);
- cspReport->setString(ASCIILiteral("blocked-uri"), stripURLForUseInReport(document, blockedURL));
-
- ASSERT(document.loader());
- cspReport->setInteger(ASCIILiteral("status-code"), document.url().protocolIs("http") && document.loader() ? document.loader()->response().httpStatusCode() : 0);
-
- RefPtr<ScriptCallStack> stack = createScriptCallStack(JSMainThreadExecState::currentState(), 2);
- const ScriptCallFrame* callFrame = stack->firstNonNativeCallFrame();
- if (callFrame && callFrame->lineNumber()) {
- URL source = URL(URL(), callFrame->sourceURL());
- cspReport->setString(ASCIILiteral("source-file"), stripURLForUseInReport(document, source));
- cspReport->setInteger(ASCIILiteral("line-number"), callFrame->lineNumber());
- cspReport->setInteger(ASCIILiteral("column-number"), callFrame->columnNumber());
</del><ins>+ cspReport->setString(ASCIILiteral("original-policy"), originalPolicy);
+ cspReport->setString(ASCIILiteral("blocked-uri"), blockedURI);
+ cspReport->setInteger(ASCIILiteral("status-code"), statusCode);
+ if (!sourceFile.isNull()) {
+ cspReport->setString(ASCIILiteral("source-file"), sourceFile);
+ cspReport->setInteger(ASCIILiteral("line-number"), lineNumber);
+ cspReport->setInteger(ASCIILiteral("column-number"), columnNumber);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RefPtr<InspectorObject> reportObject = InspectorObject::create();
</span><span class="cx"> reportObject->setObject(ASCIILiteral("csp-report"), cspReport.release());
</span><span class="cx">
</span><span class="cx"> RefPtr<FormData> report = FormData::create(reportObject->toJSONString().utf8());
</span><del>-
</del><span class="cx"> for (const auto& url : reportURIs)
</span><span class="cx"> PingLoader::sendViolationReport(*frame, document.completeURL(url), report.copyRef(), ViolationReportType::ContentSecurityPolicy);
</span><span class="cx"> }
</span></span></pre>
</div>
</div>
</body>
</html>