Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(592)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp

Issue 1361763005: Disallow CSP source * matching of data:, blob:, and filesystem: URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master
Patch Set: Better extensions fix Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPSourceList.h ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
index 9caeb9340d6a66a0b0480e6b466375fd44838ca0..1191abce7fe4c98eaeefc3dd95e90342aa113ade 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
@@ -45,20 +45,23 @@ CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& direct
bool CSPSourceList::matches(const KURL& url, ContentSecurityPolicy::RedirectStatus redirectStatus) const
{
- if (m_allowStar)
+ // The CSP spec specifically states that data:, blob:, and filesystem URLs
+ // should not be captured by a '*" source
+ // (http://www.w3.org/TR/CSP2/#source-list-guid-matching). Thus, in the
+ // case of a full wildcard, data:, blob:, and filesystem: URLs are
+ // explicitly checked for in the source list before allowing them through.
+ if (m_allowStar) {
+ if (url.protocolIs("blob") || url.protocolIs("data") || url.protocolIs("filesystem"))
+ return hasSourceMatchInList(url, redirectStatus);
return true;
+ }
KURL effectiveURL = m_policy->selfMatchesInnerURL() && SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url;
if (m_allowSelf && m_policy->urlMatchesSelf(effectiveURL))
return true;
- for (size_t i = 0; i < m_list.size(); ++i) {
- if (m_list[i].matches(effectiveURL, redirectStatus))
- return true;
- }
-
- return false;
+ return hasSourceMatchInList(effectiveURL, redirectStatus);
}
bool CSPSourceList::allowInline() const
@@ -490,5 +493,14 @@ void CSPSourceList::addSourceHash(const ContentSecurityPolicyHashAlgorithm& algo
m_hashAlgorithmsUsed |= algorithm;
}
+bool CSPSourceList::hasSourceMatchInList(const KURL& url, ContentSecurityPolicy::RedirectStatus redirectStatus) const
+{
+ for (size_t i = 0; i < m_list.size(); ++i) {
+ if (m_list[i].matches(url, redirectStatus))
+ return true;
+ }
+
+ return false;
+}
} // namespace blink
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPSourceList.h ('k') | third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698