CSP: "local schemes" should inherit policy when embedded.

third_party/WebKit/Source/core/dom/Document.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  *           (C) 2006 Alexey Proskuryakov (ap@webkit.org)
  * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All
  * rights reserved.
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
  * (http://www.torchmobile.com/)
  * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
@@ skipping 349 matching lines @@
     return false;
 
   // rule (d) above
   CharDecompositionType decompType = decompositionType(c);
   if (decompType == DecompositionFont || decompType == DecompositionCompat)
     return false;
 
   return true;
 }
 
-static bool shouldInheritSecurityOriginFromOwner(const KURL& url) {
-  // http://www.whatwg.org/specs/web-apps/current-work/#origin-0
-  //
-  // If a Document has the address "about:blank"
-  //     The origin of the Document is the origin it was assigned when its
-  //     browsing context was created.
-  //
-  // Note: We generalize this to all "blank" URLs and invalid URLs because we
-  // treat all of these URLs as about:blank.
-  //
-  return url.isEmpty() || url.protocolIsAbout();
-}
-
 static Widget* widgetForElement(const Element& focusedElement) {
   LayoutObject* layoutObject = focusedElement.layoutObject();
   if (!layoutObject || !layoutObject->isLayoutPart())
     return 0;
   return toLayoutPart(layoutObject)->widget();
 }
 
 static bool acceptsEditingFocus(const Element& element) {
   DCHECK(hasEditableStyle(element));
 
@@ skipping 5124 matching lines @@
     enforceSuborigin(*getSecurityOrigin()->suborigin());
 }
 
 void Document::initContentSecurityPolicy(ContentSecurityPolicy* csp) {
   setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create());
   if (m_frame && m_frame->tree().parent() &&
       m_frame->tree().parent()->isLocalFrame()) {
     ContentSecurityPolicy* parentCSP = toLocalFrame(m_frame->tree().parent())
                                            ->document()
                                            ->contentSecurityPolicy();
-    if (shouldInheritSecurityOriginFromOwner(m_url)) {
+
+    // We inherit the parent frame's CSP for documents with "local" schemes:
+    // 'about', 'blob', 'data', and 'filesystem'. We also inherit the parent
+    // frame's CSP for documents with empty/invalid URLs because we treat
+    // those URLs as 'about:blank' in Blink.
+    //
+    // https://w3c.github.io/webappsec-csp/#initialize-document-csp
+    if (m_url.isEmpty() || m_url.protocolIsAbout() || m_url.protocolIsData() ||
+        m_url.protocolIs("blob") || m_url.protocolIs("filesystem")) {
       contentSecurityPolicy()->copyStateFrom(parentCSP);
     } else if (isPluginDocument()) {
       // Per CSP2, plugin-types for plugin documents in nested browsing
       // contexts gets inherited from the parent.
       contentSecurityPolicy()->copyPluginTypesFrom(parentCSP);
     }
   }
   contentSecurityPolicy()->bindToExecutionContext(this);
 }
 
@@ skipping 1047 matching lines @@
 }
 
 void showLiveDocumentInstances() {
   WeakDocumentSet& set = liveDocumentSet();
   fprintf(stderr, "There are %u documents currently alive:\n", set.size());
   for (Document* document : set)
     fprintf(stderr, "- Document %p URL: %s\n", document,
             document->url().getString().utf8().data());
 }
 #endif