Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2785463002: CSP: Don't override the location set in reportViolationWithLocation. (Closed)
Patch Set: Do not use a default value because of forward declaration. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index da4e0a75325ce6819838e8841bd956d6f80967d5..eedff1b1ad5eb34ba7b16c4a603b6cc694f965a3 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -27,7 +27,6 @@
#include <memory>
#include "bindings/core/v8/ScriptController.h"
-#include "bindings/core/v8/SourceLocation.h"
#include "core/dom/DOMStringList.h"
#include "core/dom/Document.h"
#include "core/dom/Element.h"
@@ -1040,7 +1039,7 @@ static void gatherSecurityPolicyViolationEventData(
RedirectStatus redirectStatus,
ContentSecurityPolicyHeaderType headerType,
ContentSecurityPolicy::ViolationType violationType,
- int contextLine,
+ std::unique_ptr<SourceLocation> sourceLocation,
const String& scriptSource) {
if (effectiveType == ContentSecurityPolicy::DirectiveType::FrameAncestors) {
// If this load was blocked via 'frame-ancestors', then the URL of
@@ -1078,9 +1077,6 @@ static void gatherSecurityPolicyViolationEventData(
init.setDisposition(headerType == ContentSecurityPolicyHeaderTypeEnforce
? "enforce"
: "report");
- init.setSourceFile(String());
- init.setLineNumber(contextLine);
- init.setColumnNumber(0);
init.setStatusCode(0);
// TODO(mkwst): We only have referrer and status code information for
@@ -1093,13 +1089,19 @@ static void gatherSecurityPolicyViolationEventData(
init.setStatusCode(document->loader()->response().httpStatusCode());
}
- std::unique_ptr<SourceLocation> location = SourceLocation::capture(context);
- if (location->lineNumber()) {
- KURL source = KURL(ParsedURLString, location->url());
+ // If no source location is provided, use the source location of the context.
+ if (!sourceLocation)
+ sourceLocation = SourceLocation::capture(context);
+ if (sourceLocation->lineNumber()) {
+ KURL source = KURL(ParsedURLString, sourceLocation->url());
init.setSourceFile(
stripURLForUseInReport(context, source, redirectStatus, effectiveType));
- init.setLineNumber(location->lineNumber());
- init.setColumnNumber(location->columnNumber());
+ init.setLineNumber(sourceLocation->lineNumber());
+ init.setColumnNumber(sourceLocation->columnNumber());
+ } else {
+ init.setSourceFile(String());
+ init.setLineNumber(0);
+ init.setColumnNumber(0);
}
if (!scriptSource.isEmpty())
@@ -1115,9 +1117,9 @@ void ContentSecurityPolicy::reportViolation(
const String& header,
ContentSecurityPolicyHeaderType headerType,
ViolationType violationType,
+ std::unique_ptr<SourceLocation> sourceLocation,
LocalFrame* contextFrame,
RedirectStatus redirectStatus,
- int contextLine,
Element* element,
const String& source) {
ASSERT(violationType == URLViolation || blockedURL.isEmpty());
@@ -1144,7 +1146,8 @@ void ContentSecurityPolicy::reportViolation(
DCHECK(relevantContext);
gatherSecurityPolicyViolationEventData(
violationData, relevantContext, directiveText, effectiveType, blockedURL,
- header, redirectStatus, headerType, violationType, contextLine, source);
+ header, redirectStatus, headerType, violationType,
+ std::move(sourceLocation), source);
// TODO(mkwst): Obviously, we shouldn't hit this check, as extension-loaded
// resources should be allowed regardless. We apparently do, however, so
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | third_party/WebKit/Source/web/WebLocalFrameImpl.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698