third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp - Issue 2519103005: Part 3.2: Is policy list subsumed under subsuming policy?

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp

Issue 2519103005: Part 3.2: Is policy list subsumed under subsuming policy? (Closed)

Patch Set: Changing meaning of 'self' Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp

diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp

index ef1173ec484a40c2ddcbbae85883cd3c2fd0a46b..223967d5bc2ee35e167789bfed7d86c1825245a3 100644

--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp

+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp

@@ -585,12 +585,17 @@ bool SourceListDirective::subsumes(

if (!m_list.size() || !other.size())

return !m_list.size();

- HeapVector<Member<CSPSource>> normalizedA = other[0]->m_list;

- for (size_t i = 1; i < other.size(); i++) {

- normalizedA = other[i]->getIntersectCSPSources(normalizedA);

- }

+ HeapVector<Member<CSPSource>> normalizedA = m_list;

+ if (m_allowSelf && other[0]->m_policy->getSelfSource())

+ normalizedA.append(other[0]->m_policy->getSelfSource());

amalika 2016/11/30 10:37:23 This way, we do not even have to set 'self' on Emb

+ HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list;

+ if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource())

+ normalizedB.append(other[0]->m_policy->getSelfSource());

+ for (size_t i = 1; i < other.size(); i++)

+ normalizedB = other[i]->getIntersectCSPSources(normalizedB);

- return CSPSource::firstSubsumesSecond(m_list, normalizedA);

+ return CSPSource::firstSubsumesSecond(normalizedA, normalizedB);

}

HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly(

@@ -630,7 +635,10 @@ HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources(

}

- for (const auto& sourceA : m_list) {

+ HeapVector<Member<CSPSource>> thisVector = m_list;

+ if (m_allowSelf)

+ thisVector.append(m_policy->getSelfSource());

+ for (const auto& sourceA : thisVector) {

if (schemesMap.contains(sourceA->getScheme()))

continue;