[webkit-reviews] review granted: [Bug 94918] 'self' in a CSP directive should match blob: and filesystem: URLs. : [Attachment 160572] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 27 11:29:34 PDT 2012
Adam Barth <abarth at webkit.org> has granted Mike West <mkwst at chromium.org>'s
request for review:
Bug 94918: 'self' in a CSP directive should match blob: and filesystem: URLs.
https://bugs.webkit.org/show_bug.cgi?id=94918
Attachment 160572: Patch
https://bugs.webkit.org/attachment.cgi?id=160572&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=160572&action=review
> Source/WebCore/page/ContentSecurityPolicy.cpp:247
> + KURL urlToMatch = SecurityOrigin::shouldUseInnerURL(url) ?
SecurityOrigin::extractInnerURL(url) : url;
urlToMatch -> effectiveURL
> Source/WebCore/page/SecurityOrigin.cpp:195
> + if (SecurityOrigin::shouldUseInnerURL(url))
> + return adoptRef(new
SecurityOrigin(SecurityOrigin::extractInnerURL(url)));
"SecurityOrigin::" isn't needed here because SecurityOrigin::create is already
in the SecurityOrigin namespace.
> Source/WebCore/page/SecurityOrigin.cpp:225
> - if (shouldUseInnerURL(url) &&
SchemeRegistry::shouldTreatURLSchemeAsSecure(extractInnerURL(url).protocol()))
> + if (SecurityOrigin::shouldUseInnerURL(url) &&
SchemeRegistry::shouldTreatURLSchemeAsSecure(SecurityOrigin::extractInnerURL(ur
l).protocol()))
ditto
More information about the webkit-reviews
mailing list