Issue 142113004: CSP 1.1: Ignore 'unsafe-inline' in presence of hashes or nonces.

Issue 142113004: CSP 1.1: Ignore 'unsafe-inline' in presence of hashes or nonces. (Closed)

Created:
6 years, 11 months ago by Mike West

Modified:
6 years, 11 months ago

Reviewers:
jochen (gone - plz use gerrit), abarth-chromium

CC:
blink-reviews, mkwst+watchlist_chromium.org

Base URL:
svn://svn.chromium.org/blink/trunk

Visibility:
Public.

More Reviews

Description

CSP 1.1: Ignore 'unsafe-inline' in presence of hashes or nonces. CL: https://github.com/w3c/webappsec/commit/ec8e8f46f1e9f3b3f7a0ee8aeb0c22a57f720c22 Thread: http://lists.w3.org/Archives/Public/public-webappsec/2014Jan/0084.html BUG=335489 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=165400

Patch Set 1 #

Total comments: 1

Created: 6 years, 11 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+28 lines, -8 lines)			Patch
A +	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html	View	1 chunk	+5 lines, -3 lines	0 comments	Download
A	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt	View	1 chunk	+4 lines, -0 lines	0 comments	Download
A +	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-ignore-unsafeinline.html	View	2 chunks	+5 lines, -3 lines	0 comments	Download
A	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-ignore-unsafeinline-expected.txt	View	1 chunk	+5 lines, -0 lines	0 comments	Download
M	Source/core/frame/ContentSecurityPolicy.cpp	View	4 chunks	+9 lines, -2 lines	1 comment	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

jochen (gone - plz use gerrit)

lgtm https://codereview.chromium.org/142113004/diff/1/Source/core/frame/ContentSecurityPolicy.cpp File Source/core/frame/ContentSecurityPolicy.cpp (right): https://codereview.chromium.org/142113004/diff/1/Source/core/frame/ContentSecurityPolicy.cpp#newcode1011 Source/core/frame/ContentSecurityPolicy.cpp:1011: return !directive || (directive->allowInline() && !directive->isHashOrNoncePresent()); just a ...

6 years, 11 months ago (2014-01-20 09:17:36 UTC) #2

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/142113004/1

6 years, 11 months ago (2014-01-20 09:21:11 UTC) #3

Message was sent while issue was closed.

Change committed as 165400

Expand Messages | Collapse Messages