<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[198204] releases/WebKitGTK/webkit-2.12/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/198204">198204</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-03-15 01:49:05 -0700 (Tue, 15 Mar 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/198201">r198201</a> - REGRESSION (<a href="http://trac.webkit.org/projects/webkit/changeset/197724">r197724</a>): [GTK] Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155432
Reviewed by Darin Adler.
The GTK+ port Web Inspector uses GResources for all internal
resources (images, fonts, scripts, etc.) that are now blocked by
the CSP. GResouces are like data URLs in practice, so we should
always allow them.
* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorepagecspContentSecurityPolicySourceListcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit212SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (198203 => 198204)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-03-15 07:53:15 UTC (rev 198203)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-03-15 08:49:05 UTC (rev 198204)
</span><span class="lines">@@ -1,3 +1,18 @@
</span><ins>+2016-03-15 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
+ https://bugs.webkit.org/show_bug.cgi?id=155432
+
+ Reviewed by Darin Adler.
+
+ The GTK+ port Web Inspector uses GResources for all internal
+ resources (images, fonts, scripts, etc.) that are now blocked by
+ the CSP. GResouces are like data URLs in practice, so we should
+ always allow them.
+
+ * page/csp/ContentSecurityPolicySourceList.cpp:
+ (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
+
</ins><span class="cx"> 2016-03-10 Carlos Garcia Campos <cgarcia@igalia.com>
</span><span class="cx">
</span><span class="cx"> [GTK] Fix rendering of slider input elements
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorepagecspContentSecurityPolicySourceListcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp (198203 => 198204)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp 2016-03-15 07:53:15 UTC (rev 198203)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp 2016-03-15 08:49:05 UTC (rev 198204)
</span><span class="lines">@@ -102,10 +102,17 @@
</span><span class="cx"> // FIXME: We should not hardcode the directive names. We should make use of the constants in ContentSecurityPolicyDirectiveList.cpp.
</span><span class="cx"> // See <https://bugs.webkit.org/show_bug.cgi?id=155133>.
</span><span class="cx"> bool isAllowed = url.protocolIsInHTTPFamily();
</span><del>- if (equalLettersIgnoringASCIICase(m_directiveName, "img-src"))
</del><ins>+ if (equalLettersIgnoringASCIICase(m_directiveName, "img-src")) {
</ins><span class="cx"> isAllowed |= url.protocolIsData();
</span><del>- else if (equalLettersIgnoringASCIICase(m_directiveName, "media-src"))
</del><ins>+#if PLATFORM(GTK)
+ isAllowed |= url.protocolIs("resource");
+#endif
+ } else if (equalLettersIgnoringASCIICase(m_directiveName, "media-src")) {
</ins><span class="cx"> isAllowed |= url.protocolIsData() || url.protocolIsBlob();
</span><ins>+#if PLATFORM(GTK)
+ isAllowed |= url.protocolIs("resource");
+#endif
+ }
</ins><span class="cx"> return isAllowed;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>