[prev in list] [next in list] [prev in thread] [next in thread]
List: webkit-changes
Subject: [webkit-changes] [133095] trunk
From: mkwst () chromium ! org
Date: 2012-10-31 23:41:27
Message-ID: 20121031234128.06446301227 () svn ! webkit ! org
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[133095] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: \
verdana,arial,helvetica,sans-serif; font-size: 10pt; } #msg dl a { font-weight: \
bold} #msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: \
bold; } #msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: \
6px; } #logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em \
0; } #logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg \
h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; } \
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; \
} #logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: \
-1.5em; padding-left: 1.5em; } #logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em \
1em 0 1em; background: white;} #logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid \
#fa0; border-bottom: 1px solid #fa0; background: #fff; } #logmsg table th { \
text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted \
#fa0; } #logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: \
0.2em 0.5em; } #logmsg table thead th { text-align: center; border-bottom: 1px solid \
#fa0; } #logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: \
6px; } #patch { width: 100%; }
#patch h4 {font-family: \
verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, \
#patch .copfile {border:1px solid #ccc;margin:10px 0;} #patch ins \
{background:#dfd;text-decoration:none;display:block;padding:0 10px;} #patch del \
{background:#fdd;text-decoration:none;display:block;padding:0 10px;} #patch .lines, \
.info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a \
href="http://trac.webkit.org/projects/webkit/changeset/133095">133095</a></dd> \
<dt>Author</dt> <dd>mkwst@chromium.org</dd> <dt>Date</dt> <dd>2012-10-31 16:41:27 \
-0700 (Wed, 31 Oct 2012)</dd> </dl>
<h3>Log Message</h3>
<pre>Implement the canonical "Content-Security-Policy" header.
https://bugs.webkit.org/show_bug.cgi?id=96765
Reviewed by Adam Barth.
Source/WebCore:
The CSP 1.0 specification defines the "Content-Security-Policy" header
as the canonical mechanism of defining a resource's security policy. Up
through this patch, we've implemented the functionality behind a prefix
in order to ensure compatibility with the standard once it's released as
a recommendation. Both the specification and WebKit's implementation are
far enough along in that process that it makes sense to support the
unprefixed header for sites that wish to opt-in to CSP 1.0.
As discussed on public-webappsec[1], we'll keep the experimental 1.1
features behind the prefixed header ('X-WebKit-CSP') until that standard
is far enough along to justify moving them out to the canonical header.
This patch defines the 'Content-Security-Policy' header for all ports,
just as the 'X-WebKit-CSP' header is currently supported on all ports.
Ports that have not opted-in to the CSP_NEXT flag will see exactly the
same behavior with both headers. Ports that have opted-in will see much
of CSP 1.1's current definition on the prefixed header, and CSP 1.0 on
the canonical header.
The functionality in this change is covered by the changes made to
existing tests. No expectations changed, only the headers that are sent.
* dom/Document.cpp:
(WebCore::Document::processHttpEquiv):
Add canonical header support to 'meta' element definitions.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
Add canonical header support to FrameLoader.
* page/ContentSecurityPolicy.cpp:
(WebCore::CSPDirectiveList::headerType):
The ContentSecurityPolicy::HeaderType enum now has four values:
prefixed/report-only, unprefixed/report-only, prefixed/enforce, and
unprefixed/enforce. Instead of creating logic to output the proper
type based on internal flags, CSPDirectiveList now saves the value
provided at creation time, and returns it via this method.
(CSPDirectiveList):
(WebCore::CSPDirectiveList::CSPDirectiveList):
The constructor now accepts a type, which is stored on the object.
It also stores a new internal variable, 'm_experimental', which
defines whether or not experimental features ought to be available.
These features are still locked behind the CSP_NEXT flag, but that
might not be the case forever.
(WebCore::CSPDirectiveList::create):
The static constructor wrapper now passes the type into the real
constructor, which also now handles setting its internal variables.
(WebCore::CSPDirectiveList::parse):
'parse()' is given the header, so it makes sense to store it here as
well, rather than in the create wrapper.
(WebCore::CSPDirectiveList::addDirective):
1.1 directives remain locked behind CSP_NEXT, but now also require
that 'm_experimental' is set, signaling usage of the prefixed header
and an implicit opt-in to 1.1.
* page/ContentSecurityPolicy.h:
Added two new types to the HeaderTypes enum: PrefixedReportOnly, and
PrefixedEnforcePolicy. These map to 'X-WebKitCSP-Report-Only' and
'X-WebKit-CSP', respectively.
LayoutTests:
* http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid.html:
* http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html:
* http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html:
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html:
Updating these 1.1 tests along with the multiple-iframe-*.js test
"framework" to ensure that the experimental prefixed header is sent.
* http/tests/security/contentSecurityPolicy/blob-urls-match-self.html:
* http/tests/security/contentSecurityPolicy/combine-multiple-policies.html:
* http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html:
* http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html:
* http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html:
* http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html:
* http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html:
* http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html:
* http/tests/security/contentSecurityPolicy/default-src-inline-allowed.html:
* http/tests/security/contentSecurityPolicy/default-src-inline-blocked.html:
* http/tests/security/contentSecurityPolicy/duplicate-directive.html:
* http/tests/security/contentSecurityPolicy/eval-allowed.html:
* http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html:
* http/tests/security/contentSecurityPolicy/eval-blocked.html:
* http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-allowed.html:
* http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-blocked.html:
* http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-allowed.html:
* http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-blocked.html:
* http/tests/security/contentSecurityPolicy/filesystem-urls-match-self.html:
* http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html:
* http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-scheme.html:
* http/tests/security/contentSecurityPolicy/frame-src-allowed.html:
* http/tests/security/contentSecurityPolicy/frame-src-blocked.html:
* http/tests/security/contentSecurityPolicy/function-constructor-allowed.html:
* http/tests/security/contentSecurityPolicy/function-constructor-blocked.html:
* http/tests/security/contentSecurityPolicy/iframe-inside-csp.html:
* http/tests/security/contentSecurityPolicy/image-allowed.html:
* http/tests/security/contentSecurityPolicy/image-blocked.html:
* http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html:
* http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html:
* http/tests/security/contentSecurityPolicy/injected-inline-script-allowed.html:
* http/tests/security/contentSecurityPolicy/injected-inline-script-blocked.html:
* http/tests/security/contentSecurityPolicy/injected-inline-style-allowed.html:
* http/tests/security/contentSecurityPolicy/injected-inline-style-blocked.html:
* http/tests/security/contentSecurityPolicy/inline-script-allowed.html:
* http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html:
* http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url.html:
* http/tests/security/contentSecurityPolicy/inline-script-blocked.html:
* http/tests/security/contentSecurityPolicy/inline-style-allowed.html:
* http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html:
* http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html:
* http/tests/security/contentSecurityPolicy/inline-style-attribute-on-html.html:
* http/tests/security/contentSecurityPolicy/inline-style-blocked.html:
* http/tests/security/contentSecurityPolicy/media-src-allowed.html:
* http/tests/security/contentSecurityPolicy/media-src-blocked.html:
* http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html:
* http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html:
* http/tests/security/contentSecurityPolicy/object-src-url-allowed.html:
* http/tests/security/contentSecurityPolicy/object-src-url-blocked.html:
* http/tests/security/contentSecurityPolicy/policy-does-not-affect-child.html:
* http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html:
* http/tests/security/contentSecurityPolicy/report-and-enforce.html:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html:
* http/tests/security/contentSecurityPolicy/report-blocked-uri.html:
* http/tests/security/contentSecurityPolicy/report-only-from-header.php:
* http/tests/security/contentSecurityPolicy/report-only.html:
* http/tests/security/contentSecurityPolicy/report-uri.html:
* http/tests/security/contentSecurityPolicy/resources/echo-iframe.pl:
* http/tests/security/contentSecurityPolicy/resources/echo-multiple-headers.pl:
s/X-WebKit-CSP/Content-Security-Policy/g
* http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl:
* http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl:
Reworking these two scripts in order to support sending both
the experimental header and the canonical header, as required.
* http/tests/security/contentSecurityPolicy/resources/event-handler.pl:
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html:
* http/tests/security/contentSecurityPolicy/resources/javascript-url.pl:
* http/tests/security/contentSecurityPolicy/resources/mixed-content-with-csp.html:
s/X-WebKit-CSP/Content-Security-Policy/g
* http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js:
(testExperimentalPolicy):
(test):
(testImpl.iframe.onload):
(testImpl):
* http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js:
(testPreescapedPolicy):
(testExperimentalPolicy):
(test):
(testImpl.iframe.onload):
(testImpl):
Reworking these two "frameworks" in order to support sending both
the experimental header and the canonical header, as required.
* http/tests/security/contentSecurityPolicy/resources/sandbox.php:
* http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html:
* http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html:
* http/tests/security/contentSecurityPolicy/sandbox-empty.html:
* http/tests/security/contentSecurityPolicy/script-src-overrides-default-src.html:
* http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html:
* http/tests/security/contentSecurityPolicy/shared-worker-connect-src-blocked.html:
* http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta.html:
* http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html:
* http/tests/security/contentSecurityPolicy/style-allowed.html:
* http/tests/security/contentSecurityPolicy/style-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html:
* http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-eval-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-script-src.html:
* http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html:
* http/tests/security/contentSecurityPolicy/xsl-allowed.php:
* http/tests/security/contentSecurityPolicy/xsl-blocked.php:
* http/tests/security/contentSecurityPolicy/xsl-img-blocked.php:
* http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-1.php:
* http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-2.php:
s/X-WebKit-CSP/Content-Security-Policy/g</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11plugintypesinval \
idhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11plugintypesurl0 \
1html">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11plugintypesurl0 \
2html">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11scriptnonceinva \
lidnoncehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11scriptnoncescri \
ptsrcblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicy11scriptnoncesepa \
ratorsallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicybloburlsmatchself \
html">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicycombinemultiplepo \
licieshtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/combine-multiple-policies.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrceventso \
urceallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrceventso \
urceblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcwebsock \
etallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcwebsock \
etblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcxmlhttp \
requestallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcxmlhttp \
requestblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicydefaultsrcinlinea \
llowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicydefaultsrcinlineb \
lockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyduplicatedirectiv \
ehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/duplicate-directive.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalallowedhtml"> \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalblockedinabou \
tblankiframehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalblockedhtml"> \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetInt \
ervalallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetInt \
ervalblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetTim \
eoutallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetTim \
eoutblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyfilesystemurlsmat \
chselfhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/filesystem-urls-match-self.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcaboutblan \
kallowedbydefaulthtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcaboutblan \
kallowedbyschemehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-scheme.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcallowedht \
ml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcblockedht \
ml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyfunctionconstruct \
orallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyfunctionconstruct \
orblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyiframeinsidecspht \
ml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/iframe-inside-csp.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyimageallowedhtml" \
>trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-allowed.html</a></li>
>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyimageblockedhtml"> \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyimagefullhostwild \
cardallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyimagehostwildcard \
allowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinescr \
iptallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinescr \
iptblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinesty \
leallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinesty \
leblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptallow \
edhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptblock \
edgoofyhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptblock \
edjavascripturlhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptblock \
edhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleallowe \
dhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleattrib \
uteallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleattrib \
uteblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleattrib \
uteonhtmlhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-on-html.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleblocke \
dhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicymediasrcallowedht \
ml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicymediasrcblockedht \
ml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcnourlall \
owedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcnourlblo \
ckedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcurlallow \
edhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcurlblock \
edhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicypolicydoesnotaffe \
ctchildhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/policy-does-not-affect-child.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyregisterbypassing \
schemehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportandenforceh \
tml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeduric \
rossoriginhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedurih \
tml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyfromhea \
derphp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyhtml">t \
runk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only.html</a></li> \
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyreporturihtml">tru \
nk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.html</a></li> \
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoifram \
epl">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-iframe.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechomult \
ipleheaderspl">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-multiple-headers.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoobje \
ctdatapl">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoscri \
ptsrcpl">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourceseventhan \
dlerpl">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/event-handler.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgenerate \
cspreporthtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesjavascri \
pturlpl">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/javascript-url.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesmixedcon \
tentwithcsphtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/mixed-content-with-csp.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesmultiple \
iframeplugintestjs">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesmultiple \
iframetestjs">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcessandboxp \
hp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandbox.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcessandboxe \
devalphp">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxallowscrip \
tssubframehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxallowscrip \
tshtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxemptysubfr \
amehtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxemptyhtml" \
>trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty.html</a></li>
>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyscriptsrcoverrides \
defaultsrchtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-overrides-default-src.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysharedworkerconne \
ctsrcallowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysharedworkerconne \
ctsrcblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysourcelistparsing \
malformedmetahtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicysrcdocdoesntbypas \
sscriptsrchtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicystyleallowedhtml" \
>trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-allowed.html</a></li>
>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicystyleblockedhtml"> \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerconnectsrca \
llowedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerconnectsrcb \
lockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerevalblocked \
html">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-eval-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerfunctionfun \
ctionblockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerscriptsrcht \
ml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-script-src.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkersettimeoutb \
lockedhtml">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslallowedphp">tr \
unk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-allowed.php</a></li> \
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslblockedphp">tru \
nk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-blocked.php</a></li> \
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslimgblockedphp"> \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslunaffectedbyst \
ylesrc1php">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-1.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslunaffectedbyst \
ylesrc2php">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-2.php</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoredomDocumentcpp">trunk/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderFrameLoadercpp">trunk/Source/WebCore/loader/FrameLoader.cpp</a></li>
<li><a href="#trunkSourceWebCorepageContentSecurityPolicycpp">trunk/Source/WebCore/page/ContentSecurityPolicy.cpp</a></li>
<li><a href="#trunkSourceWebCorepageContentSecurityPolicyh">trunk/Source/WebCore/page/ContentSecurityPolicy.h</a></li>
<li><a href="#trunkSourceWebKitchromiumpublicWebContentSecurityPolicyh">trunk/Source/WebKit/chromium/public/WebContentSecurityPolicy.h</a></li>
<li><a href="#trunkSourceWebKitchromiumsrcAssertMatchingEnumscpp">trunk/Source/WebKit/chromium/src/AssertMatchingEnums.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (133094 => \
133095)</h4> <pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2012-10-31 23:27:04 UTC (rev \
133094)
+++ trunk/LayoutTests/ChangeLog 2012-10-31 23:41:27 UTC (rev 133095)
</span><span class="lines">@@ -1,3 +1,126 @@
</span><ins>+2012-10-31 Mike West <mkwst@chromium.org>
+
+ Implement the canonical "Content-Security-Policy" header.
+ https://bugs.webkit.org/show_bug.cgi?id=96765
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid.html:
+ * http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html:
+ * http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html:
+ Updating these 1.1 tests along with the multiple-iframe-*.js test
+ "framework" to ensure that the experimental prefixed header is \
sent. + * http/tests/security/contentSecurityPolicy/blob-urls-match-self.html:
+ * http/tests/security/contentSecurityPolicy/combine-multiple-policies.html:
+ * http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html:
+ * http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html:
+ * http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html:
+ * http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html:
+ * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html:
+ * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html:
+ * http/tests/security/contentSecurityPolicy/default-src-inline-allowed.html:
+ * http/tests/security/contentSecurityPolicy/default-src-inline-blocked.html:
+ * http/tests/security/contentSecurityPolicy/duplicate-directive.html:
+ * http/tests/security/contentSecurityPolicy/eval-allowed.html:
+ * http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html:
+ * http/tests/security/contentSecurityPolicy/eval-blocked.html:
+ * http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-allowed.html:
+ * http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-blocked.html:
+ * http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-allowed.html:
+ * http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-blocked.html:
+ * http/tests/security/contentSecurityPolicy/filesystem-urls-match-self.html:
+ * http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html:
+ * http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-scheme.html:
+ * http/tests/security/contentSecurityPolicy/frame-src-allowed.html:
+ * http/tests/security/contentSecurityPolicy/frame-src-blocked.html:
+ * http/tests/security/contentSecurityPolicy/function-constructor-allowed.html:
+ * http/tests/security/contentSecurityPolicy/function-constructor-blocked.html:
+ * http/tests/security/contentSecurityPolicy/iframe-inside-csp.html:
+ * http/tests/security/contentSecurityPolicy/image-allowed.html:
+ * http/tests/security/contentSecurityPolicy/image-blocked.html:
+ * http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html:
+ * http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html:
+ * http/tests/security/contentSecurityPolicy/injected-inline-script-allowed.html:
+ * http/tests/security/contentSecurityPolicy/injected-inline-script-blocked.html:
+ * http/tests/security/contentSecurityPolicy/injected-inline-style-allowed.html:
+ * http/tests/security/contentSecurityPolicy/injected-inline-style-blocked.html:
+ * http/tests/security/contentSecurityPolicy/inline-script-allowed.html:
+ * http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html:
+ * http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url.html:
+ * http/tests/security/contentSecurityPolicy/inline-script-blocked.html:
+ * http/tests/security/contentSecurityPolicy/inline-style-allowed.html:
+ * http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html:
+ * http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html:
+ * http/tests/security/contentSecurityPolicy/inline-style-attribute-on-html.html:
+ * http/tests/security/contentSecurityPolicy/inline-style-blocked.html:
+ * http/tests/security/contentSecurityPolicy/media-src-allowed.html:
+ * http/tests/security/contentSecurityPolicy/media-src-blocked.html:
+ * http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html:
+ * http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html:
+ * http/tests/security/contentSecurityPolicy/object-src-url-allowed.html:
+ * http/tests/security/contentSecurityPolicy/object-src-url-blocked.html:
+ * http/tests/security/contentSecurityPolicy/policy-does-not-affect-child.html:
+ * http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html:
+ * http/tests/security/contentSecurityPolicy/report-and-enforce.html:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri.html:
+ * http/tests/security/contentSecurityPolicy/report-only-from-header.php:
+ * http/tests/security/contentSecurityPolicy/report-only.html:
+ * http/tests/security/contentSecurityPolicy/report-uri.html:
+ * http/tests/security/contentSecurityPolicy/resources/echo-iframe.pl:
+ * http/tests/security/contentSecurityPolicy/resources/echo-multiple-headers.pl:
+ s/X-WebKit-CSP/Content-Security-Policy/g
+ * http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl:
+ * http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl:
+ Reworking these two scripts in order to support sending both
+ the experimental header and the canonical header, as required.
+ * http/tests/security/contentSecurityPolicy/resources/event-handler.pl:
+ * http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html:
+ * http/tests/security/contentSecurityPolicy/resources/javascript-url.pl:
+ * http/tests/security/contentSecurityPolicy/resources/mixed-content-with-csp.html:
+ s/X-WebKit-CSP/Content-Security-Policy/g
+ * http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js:
+ (testExperimentalPolicy):
+ (test):
+ (testImpl.iframe.onload):
+ (testImpl):
+ * http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js:
+ (testPreescapedPolicy):
+ (testExperimentalPolicy):
+ (test):
+ (testImpl.iframe.onload):
+ (testImpl):
+ Reworking these two "frameworks" in order to support sending \
both + the experimental header and the canonical header, as required.
+ * http/tests/security/contentSecurityPolicy/resources/sandbox.php:
+ * http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php:
+ * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html:
+ * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html:
+ * http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html:
+ * http/tests/security/contentSecurityPolicy/sandbox-empty.html:
+ * http/tests/security/contentSecurityPolicy/script-src-overrides-default-src.html:
+ * http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html:
+ * http/tests/security/contentSecurityPolicy/shared-worker-connect-src-blocked.html:
+ * http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta.html:
+ * http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html:
+ * http/tests/security/contentSecurityPolicy/style-allowed.html:
+ * http/tests/security/contentSecurityPolicy/style-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html:
+ * http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-eval-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html:
+ * http/tests/security/contentSecurityPolicy/worker-script-src.html:
+ * http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html:
+ * http/tests/security/contentSecurityPolicy/xsl-allowed.php:
+ * http/tests/security/contentSecurityPolicy/xsl-blocked.php:
+ * http/tests/security/contentSecurityPolicy/xsl-img-blocked.php:
+ * http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-1.php:
+ * http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-2.php:
+ s/X-WebKit-CSP/Content-Security-Policy/g
+
</ins><span class="cx"> 2012-10-31 Otto Derek Cheung <otcheung@rim.com>
</span><span class="cx">
</span><span class="cx"> [BlackBerry] Adding window.external to our port
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11plugintypesinvalidhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -15,7 +15,7 @@
</span><span class="cx"> ];
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><del>-<body onload="test()">
</del><ins>+<body onload="testExperimentalPolicy()">
</ins><span class="cx"> <p>
</span><span class="cx"> This tests our handling of invalid `plugin-types` \
CSP directives. </span><span class="cx"> Consider this test passing if each \
of the following frames contains </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11plugintypesurl01html"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -11,7 +11,7 @@
</span><span class="cx"> ];
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><del>-<body onload="test()">
</del><ins>+<body onload="testExperimentalPolicy()">
</ins><span class="cx"> <p>
</span><span class="cx"> This tests our handling of `data:` URLs, given a \
`plugin-types` CSP </span><span class="cx"> directive. Consider this test \
passing if each of the following frames </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11plugintypesurl02html"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> ];
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><del>-<body onload="test()">
</del><ins>+<body onload="testExperimentalPolicy()">
</ins><span class="cx"> <p>
</span><span class="cx"> This tests our handling of non-`data:` URLs, given a \
`plugin-types` CSP </span><span class="cx"> directive. Consider this test \
passing if none of the following frames </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11scriptnonceinvalidnoncehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -11,7 +11,7 @@
</span><span class="cx"> ];
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><del>-<body onload="test()">
</del><ins>+<body onload="testExperimentalPolicy()">
</ins><span class="cx"> <p>
</span><span class="cx"> None of these scripts should execute, as all the \
nonces are invalid. </span><span class="cx"> </p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11scriptnoncescriptsrcblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-scriptsrc-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -11,7 +11,7 @@
</span><span class="cx"> ];
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><del>-<body onload="test()">
</del><ins>+<body onload="testExperimentalPolicy()">
</ins><span class="cx"> <p>
</span><span class="cx"> None of these scripts should execute even though there \
are parse errors in the policy. </span><span class="cx"> </p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicy11scriptnonceseparatorsallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -10,7 +10,7 @@
</span><span class="cx"> ];
</span><span class="cx"> </script>
</span><span class="cx"> </head>
</span><del>-<body onload="test()">
</del><ins>+<body onload="testExperimentalPolicy()">
</ins><span class="cx"> <p>
</span><span class="cx"> All of these scripts should execute, as all the nonces \
are valid. </span><span class="cx"> </p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicybloburlsmatchselfhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/blob-urls-match-self.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>- <meta http-equiv="X-WebKit-CSP" \
content="script-src 'unsafe-inline' 'self'"> </del><ins>+ \
<meta http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline' 'self'"> </ins><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicycombinemultiplepolicieshtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/combine-multiple-policies.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/combine-multiple-policies.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/combine-multiple-policies.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,8 +1,8 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self'">
-<meta http-equiv="X-WebKit-CSP" content="style-src \
'none'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="script-src 'self'"> +<meta \
http-equiv="Content-Security-Policy" content="style-src \
'none'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrceventsourceallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
http://127.0.0.1:8000"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
http://127.0.0.1:8000"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrceventsourceblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
http://localhost:8000"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
http://localhost:8000"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcwebsocketallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
ws://127.0.0.1:8880"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
ws://127.0.0.1:8880"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcwebsocketblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
ws://127.0.0.1:8880"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
ws://127.0.0.1:8880"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcxmlhttprequestallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
http://127.0.0.1:8000"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
http://127.0.0.1:8000"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyconnectsrcxmlhttprequestblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
http://127.0.0.1:8000"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
http://127.0.0.1:8000"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicydefaultsrcinlineallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="default-src \
'self' about: 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="default-src 'self' \
about: 'unsafe-inline'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body onload="alert('PASS 3 of \
3')"> </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicydefaultsrcinlineblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/default-src-inline-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="default-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="default-src 'self'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyduplicatedirectivehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/duplicate-directive.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/duplicate-directive.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/duplicate-directive.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>- <meta http-equiv="X-WebKit-CSP" \
content="script-src 'unsafe-inline'; script-src 'none'"> </del><ins>+ \
<meta http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline'; script-src 'none'"> </ins><span class="cx"> \
<script> </span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed.html (133094 \
=> 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalblockedinaboutblankiframehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -2,7 +2,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline'"> </ins><span class="cx"> <iframe \
src="about:blank"></iframe> </span><span class="cx"> Eval should \
be blocked in the iframe, but inline script should be allowed. </span><span \
class="cx"> <script> </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked.html (133094 \
=> 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetIntervalallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </ins><span class="cx"> </head>
</span><span class="cx"> <pre>
</span><span class="cx"> <script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetIntervalblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setInterval-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline'"> </ins><span class="cx"> </head>
</span><span class="cx"> <pre>
</span><span class="cx"> <script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetTimeoutallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </ins><span class="cx"> </head>
</span><span class="cx"> <pre>
</span><span class="cx"> <script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyevalscriptssetTimeoutblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/eval-scripts-setTimeout-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline'"> </ins><span class="cx"> </head>
</span><span class="cx"> <pre>
</span><span class="cx"> <script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyfilesystemurlsmatchselfhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/filesystem-urls-match-self.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/filesystem-urls-match-self.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/filesystem-urls-match-self.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>- <meta http-equiv="X-WebKit-CSP" \
content="script-src 'unsafe-inline' 'self'"> </del><ins>+ \
<meta http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline' 'self'"> </ins><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> <p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcaboutblankallowedbydefaulthtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -2,7 +2,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="frame-src \
'none'; object-src 'none'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="frame-src 'none'; \
object-src 'none'"> </ins><span class="cx"> These frames should not be \
blocked by Content-Security-Policy. It's pointless </span><span class="cx"> to block \
about:blank iframes because blocking a frame just results in </span><span class="cx"> \
displaying about:blank anyway! </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcaboutblankallowedbyschemehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-scheme.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-scheme.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-scheme.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -2,6 +2,6 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="frame-src \
about:"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="frame-src about:"> </ins><span class="cx"> This iframe should \
not be blocked by Content-Security-Policy: </span><span class="cx"> <iframe \
src="about:blank"></iframe> </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="frame-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="frame-src 'self'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
<iframe src="resources/alert-pass.html"></iframe> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyframesrcblockedhtml"></a> \
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="frame-src \
'none'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="frame-src 'none'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
<iframe src="resources/alert-fail.html"></iframe> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyfunctionconstructorallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline' 'unsafe-eval'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyfunctionconstructorblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/function-constructor-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyiframeinsidecsphtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/iframe-inside-csp.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/iframe-inside-csp.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/iframe-inside-csp.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="script-src 'self'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
<iframe src="resources/sandboxed-eval.php"></iframe> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyimageallowedhtml"></a> <div \
class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="img-src *; \
script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="img-src *; script-src \
'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyimageblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="img-src \
'none'; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="img-src 'none'; \
script-src 'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyimagefullhostwildcardallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="img-src \
*.127.0.0.1:8000; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="img-src \
*.127.0.0.1:8000; script-src 'unsafe-inline'"> </ins><span class="cx"> \
<script> </span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyimagehostwildcardallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/image-host-wildcard-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="img-src \
*.0.1:8000; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="img-src *.0.1:8000; \
script-src 'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinescriptallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
http://127.0.0.1:* 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
http://127.0.0.1:* 'unsafe-inline'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinescriptblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
http://127.0.0.1:*"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
http://127.0.0.1:*"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinestyleallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src \
'unsafe-inline'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinjectedinlinestyleblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'none'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="style-src 'none'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
http://127.0.0.1:* 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
http://127.0.0.1:* 'unsafe-inline'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body onload="alert('PASS 3 of \
3')"> </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptblockedgoofyhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
http://127.0.0.1:*; options goofy"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
http://127.0.0.1:*; options goofy"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body onload="alert('FAIL 2 of \
2')"> </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptblockedjavascripturlhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
http://127.0.0.1:*; options goofy"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
http://127.0.0.1:*; options goofy"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> This test passes if it doesn't alert fail.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinescriptblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
http://127.0.0.1:*"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
http://127.0.0.1:*"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'unsafe-inline'; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src \
'unsafe-inline'; script-src 'unsafe-inline'"> </ins><span class="cx"> \
<style> </span><span class="cx"> .target {
</span><span class="cx"> background-color: blue;
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleattributeallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'unsafe-inline'; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src \
'unsafe-inline'; script-src 'unsafe-inline'"> </ins><span class="cx"> \
<script> </span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleattributeblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'none'; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src 'none'; \
script-src 'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleattributeonhtmlhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-on-html.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-on-html.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-on-html.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html style="background-color: blue;">
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'none'; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src 'none'; \
script-src 'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlinestyleblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'none'; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src 'none'; \
script-src 'unsafe-inline'"> </ins><span class="cx"> <style>
</span><span class="cx"> .target {
</span><span class="cx"> background-color: blue;
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicymediasrcallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="media-src \
http://127.0.0.1:8000"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="media-src \
http://127.0.0.1:8000"> </ins><span class="cx"> <video></video>
</span><span class="cx"> <script \
src=../../../media-resources/media-file.js></script> </span><span \
class="cx"> <script src=../../../media-resources/video-test.js></script> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicymediasrcblockedhtml"></a> \
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="media-src \
'none'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="media-src 'none'"> </ins><span class="cx"> \
<video></video> </span><span class="cx"> <script \
src=../../../media-resources/media-file.js></script> </span><span \
class="cx"> <script src=../../../media-resources/video-test.js></script> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcnourlallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="object-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="object-src 'self'"> </ins><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> This test passes if there isn't a console message saying the \
plugin was blocked. </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcnourlblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="object-src \
'none'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="object-src 'none'"> </ins><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> This test passes if there is a console message saying the \
plugin was blocked. </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcurlallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="object-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="object-src 'self'"> </ins><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> This test passes if there is no console message saying the \
plugin was blocked. </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyobjectsrcurlblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/object-src-url-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="object-src \
'none'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="object-src 'none'"> </ins><span class="cx"> </head>
</span><span class="cx"> <body>
</span><span class="cx"> This test passes if there is a console message saying the \
plugin was blocked. </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicypolicydoesnotaffectchildhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/policy-does-not-affect-child.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/policy-does-not-affect-child.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/policy-does-not-affect-child.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="script-src 'self'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
<iframe src="resources/alert-pass.html"></iframe> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyregisterbypassingschemehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="img-src \
https:; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="img-src https:; \
script-src 'unsafe-inline'"> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportandenforcehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,5 +1,5 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="img-src \
'none'">
-<meta http-equiv="X-WebKit-CSP-Report-Only" content="script-src \
'self'; report-uri resources/save-report.php"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="img-src 'none'"> \
+<meta http-equiv="Content-Security-Policy-Report-Only" \
content="script-src 'self'; report-uri resources/save-report.php"> \
</ins><span class="cx"> <script> </span><span class="cx"> // This script block \
will trigger a violation report but shouldn't be blocked. </span><span class="cx"> \
alert('PASS'); </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeduricrossoriginhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-<meta http-equiv="X-WebKit-CSP-Report-Only" \
content="img-src 'none'; report-uri resources/save-report.php"> \
</del><ins>+<meta http-equiv="Content-Security-Policy-Report-Only" \
content="img-src 'none'; report-uri resources/save-report.php"> \
</ins><span class="cx"> The origin of this image should show up in the violation \
report. </span><span class="cx"> <img \
src="http://localhost:8080/security/resources/abe.png"> </span><span \
class="cx"> <script \
src="resources/go-to-echo-report.js"></script> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedurihtml"></a> \
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-<meta http-equiv="X-WebKit-CSP-Report-Only" \
content="img-src 'none'; report-uri resources/save-report.php"> \
</del><ins>+<meta http-equiv="Content-Security-Policy-Report-Only" \
content="img-src 'none'; report-uri resources/save-report.php"> \
</ins><span class="cx"> The URI of this image should show up in the violation report. \
</span><span class="cx"> <img \
src="../resources/abe.png#the-fragment-should-not-be-in-report"> \
</span><span class="cx"> <script \
src="resources/go-to-echo-report.js"></script> \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyfromheaderphp"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header.php \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> <?php
</span><del>-header("X-WebKit-CSP-Report-Only: script-src 'self'; report-uri \
resources/save-report.php"); \
</del><ins>+header("Content-Security-Policy-Report-Only: script-src 'self'; \
report-uri resources/save-report.php"); </ins><span class="cx"> ?>
</span><span class="cx"> <script>
</span><span class="cx"> // This script block will trigger a violation report but \
shouldn't be blocked. </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only.html (133094 \
=> 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-<meta http-equiv="X-WebKit-CSP-Report-Only" \
content="script-src 'self'; report-uri resources/save-report.php"> \
</del><ins>+<meta http-equiv="Content-Security-Policy-Report-Only" \
content="script-src 'self'; report-uri resources/save-report.php"> \
</ins><span class="cx"> <script> </span><span class="cx"> // This script block \
will trigger a violation report but shouldn't be blocked. </span><span class="cx"> \
alert('PASS'); </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyreporturihtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.html (133094 \
=> 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self'; report-uri resources/save-report.php"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src 'self'; \
report-uri resources/save-report.php"> </ins><span class="cx"> <script>
</span><span class="cx"> // This script block will trigger a violation report.
</span><span class="cx"> alert('FAIL');
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoiframepl"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-iframe.pl \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-iframe.pl 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-iframe.pl 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> my $cgi = new CGI;
</span><span class="cx">
</span><span class="cx"> print "Content-Type: text/html; charset=UTF-8\n";
</span><del>-print "X-WebKit-CSP: ".$cgi->param('csp')."\n\n";
</del><ins>+print "Content-Security-Policy: \
".$cgi->param('csp')."\n\n"; </ins><span class="cx">
</span><span class="cx"> print "<!DOCTYPE html>\n";
</span><span class="cx"> print "<html>\n";
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechomultipleheaderspl"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-multiple-headers.pl \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-multiple-headers.pl 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-multiple-headers.pl 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,8 +5,8 @@
</span><span class="cx"> my $cgi = new CGI;
</span><span class="cx">
</span><span class="cx"> print "Content-Type: text/html; charset=UTF-8\n";
</span><del>-print "X-WebKit-CSP: ".$cgi->param('csp1')."\n";
-print "X-WebKit-CSP: ".$cgi->param('csp2')."\n\n";
</del><ins>+print "Content-Security-Policy: \
".$cgi->param('csp1')."\n"; +print "Content-Security-Policy: \
".$cgi->param('csp2')."\n\n"; </ins><span class="cx">
</span><span class="cx"> my ($text, $replacement) = ("FAIL", \
"PASS"); </span><span class="cx"> ($text, $replacement) = ($replacement, \
$text) if $cgi->param('should_run') eq 'no'; </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoobjectdatapl"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,11 @@
</span><span class="cx"> my $cgi = new CGI;
</span><span class="cx">
</span><span class="cx"> print "Content-Type: text/html; charset=UTF-8\n";
</span><del>-print "X-WebKit-CSP: ".$cgi->param('csp')."\n\n";
</del><ins>+if ($cgi->param('experimental') eq 'true') {
+ print "X-WebKit-CSP: ".$cgi->param('csp')."\n\n";
+} else {
+ print "Content-Security-Policy: \
".$cgi->param('csp')."\n\n"; +}
</ins><span class="cx">
</span><span class="cx"> print "<!DOCTYPE html>\n";
</span><span class="cx"> print "<html>\n";
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesechoscriptsrcpl"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,11 @@
</span><span class="cx"> my $cgi = new CGI;
</span><span class="cx">
</span><span class="cx"> print "Content-Type: text/html; charset=UTF-8\n";
</span><del>-print "X-WebKit-CSP: ".$cgi->param('csp')."\n\n";
</del><ins>+if ($cgi->param('experimental') eq 'true') {
+ print "X-WebKit-CSP: ".$cgi->param('csp')."\n\n";
+} else {
+ print "Content-Security-Policy: \
".$cgi->param('csp')."\n\n"; +}
</ins><span class="cx">
</span><span class="cx"> my ($text, $replacement) = ("FAIL", \
"PASS"); </span><span class="cx"> ($text, $replacement) = ($replacement, \
$text) if $cgi->param('should_run') eq 'no'; </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourceseventhandlerpl"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/event-handler.pl \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/event-handler.pl 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/event-handler.pl 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> my $cgi = new CGI;
</span><span class="cx">
</span><span class="cx"> print "Content-Type: text/html; charset=UTF-8\n";
</span><del>-print "X-WebKit-CSP: ".$cgi->param('csp')."\n\n";
</del><ins>+print "Content-Security-Policy: \
".$cgi->param('csp')."\n\n"; </ins><span class="cx">
</span><span class="cx"> my ($text, $replacement) = ("FAIL", \
"PASS"); </span><span class="cx"> ($text, $replacement) = ($replacement, \
$text) if $cgi->param('should_run') eq 'no'; </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesgeneratecspreporthtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self'; report-uri save-report.php"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src 'self'; \
report-uri save-report.php"> </ins><span class="cx"> <script>
</span><span class="cx"> // This script block will trigger a violation report.
</span><span class="cx"> alert('FAIL');
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesjavascripturlpl"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/javascript-url.pl \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/javascript-url.pl 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/javascript-url.pl 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> my $cgi = new CGI;
</span><span class="cx">
</span><span class="cx"> print "Content-Type: text/html; charset=UTF-8\n";
</span><del>-print "X-WebKit-CSP: ".$cgi->param('csp')."\n\n";
</del><ins>+print "Content-Security-Policy: \
".$cgi->param('csp')."\n\n"; </ins><span class="cx">
</span><span class="cx"> my $text = "PASS";
</span><span class="cx"> $text = "FAIL" if $cgi->param('should_run') eq \
'no'; </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesmixedcontentwithcsphtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/mixed-content-with-csp.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/mixed-content-with-csp.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/mixed-content-with-csp.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,3 +1,3 @@
</span><del>-<meta http-equiv="X-WebKit-CSP" content="default-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="default-src 'self'"> </ins><span class="cx"> This page includes \
an insecure script that alerts "FAIL", but that script is blocked by CSP. \
</span><span class="cx"> <script \
src="http://127.0.0.1:8080/security/contentSecurityPolicy/resources/alert-fail.js"></script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesmultipleiframeplugintestjs"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -4,13 +4,22 @@
</span><span class="cx"> testRunner.dumpChildFramesAsText();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+function testExperimentalPolicy() {
+ testImpl(true);
+}
+
</ins><span class="cx"> function test() {
</span><ins>+ testImpl(false);
+}
+
+function testImpl(experimental) {
</ins><span class="cx"> if (tests.length === 0)
</span><span class="cx"> return finishTesting();
</span><del>- var baseURL = \
"http://127.0.0.1:8000/security/contentSecurityPolicy/"; </del><ins>+ \
var baseURL = "/security/contentSecurityPolicy/"; </ins><span class="cx"> \
var current = tests.shift(); </span><span class="cx"> var iframe = \
document.createElement("iframe"); </span><span class="cx"> iframe.src = \
baseURL + "resources/echo-object-data.pl?" + </span><ins>+ \
"experimental=" + (experimental ? "true" : "false") + \
</ins><span class="cx"> "&csp=" + escape(current[1]); \
</span><span class="cx"> </span><span class="cx"> if (current[0])
</span><span class="lines">@@ -29,7 +38,7 @@
</span><span class="cx"> else
</span><span class="cx"> iframe.src += \
"&type=application/x-webkit-test-netscape"; </span><span class="cx">
</span><del>- iframe.onload = test;
</del><ins>+ iframe.onload = function() { testImpl(experimental); };
</ins><span class="cx"> document.body.appendChild(iframe);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcesmultipleiframetestjs"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -5,18 +5,22 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function testPreescapedPolicy() {
</span><del>- testImpl(true);
</del><ins>+ testImpl(false, true);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+function testExperimentalPolicy() {
+ testImpl(true, false);
+}
+
</ins><span class="cx"> function test() {
</span><del>- testImpl(false);
</del><ins>+ testImpl(false, false);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-function testImpl(preescapedPolicy) {
</del><ins>+function testImpl(experimental, preescapedPolicy) {
</ins><span class="cx"> if (tests.length === 0)
</span><span class="cx"> return finishTesting();
</span><span class="cx">
</span><del>- var baseURL = \
"http://127.0.0.1:8000/security/contentSecurityPolicy/"; </del><ins>+ \
var baseURL = "/security/contentSecurityPolicy/"; </ins><span class="cx"> \
var current = tests.shift(); </span><span class="cx"> var iframe = \
document.createElement("iframe"); </span><span class="cx">
</span><span class="lines">@@ -29,12 +33,13 @@
</span><span class="cx"> scriptToLoad = encodeURIComponent(current[2]);
</span><span class="cx">
</span><span class="cx"> iframe.src = baseURL + \
"resources/echo-script-src.pl?" + </span><del>- \
"should_run=" + encodeURIComponent(current[0]) + </del><ins>+ \
"experimental=" + (experimental ? "true" : "false") + + \
"&should_run=" + encodeURIComponent(current[0]) + </ins><span \
class="cx"> "&csp=" + policy + "&q=" + \
scriptToLoad; </span><span class="cx"> if (current[3])
</span><span class="cx"> iframe.src += "&nonce=" + \
encodeURIComponent(current[3]); </span><span class="cx">
</span><del>- iframe.onload = test;
</del><ins>+ iframe.onload = function() { testImpl(experimental, \
preescapedPolicy); }; </ins><span class="cx"> document.body.appendChild(iframe);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcessandboxphp"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandbox.php \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandbox.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandbox.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> <?php
</span><del>-header("X-WebKit-CSP: sandbox " . $_GET["sandbox"]);
</del><ins>+header("Content-Security-Policy: sandbox " . \
$_GET["sandbox"]); </ins><span class="cx"> ?>
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <p>Ready</p>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyresourcessandboxedevalphp"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> <?php
</span><del>-header("X-WebKit-CSP: sandbox allow-scripts");
</del><ins>+header("Content-Security-Policy: sandbox allow-scripts");
</ins><span class="cx"> ?>
</span><span class="cx"> <script>
</span><span class="cx"> alert('PASS (1/2): Script can execute');
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxallowscriptssubframehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -2,6 +2,6 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="sandbox \
allow-scripts"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="sandbox \
allow-scripts"> </ins><span class="cx"> This test passes if it does alert \
pass. </span><span class="cx"> <iframe \
src="data:text/html,<script>alert('PASS');</script>"></iframe>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxallowscriptshtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -2,7 +2,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="sandbox \
allow-scripts"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="sandbox \
allow-scripts"> </ins><span class="cx"> This test passes if it does alert \
pass. </span><span class="cx"> <script>
</span><span class="cx"> alert('PASS');
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxemptysubframehtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -2,6 +2,6 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" \
content="sandbox"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="sandbox"> \
</ins><span class="cx"> This test passes if it doesn't alert fail. </span><span \
class="cx"> <iframe \
src="data:text/html,<script>alert('FAIL');</script>"></iframe>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysandboxemptyhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -2,7 +2,7 @@
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span><span class="cx"> </script>
</span><del>-<meta http-equiv="X-WebKit-CSP" \
content="sandbox"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="sandbox"> \
</ins><span class="cx"> This test passes if it doesn't alert fail. </span><span \
class="cx"> <script> </span><span class="cx"> alert('FAIL');
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyscriptsrcoverridesdefaultsrchtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-overrides-default-src.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-overrides-default-src.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-overrides-default-src.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="default-src \
about:; script-src 'self' 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="default-src about:; \
script-src 'self' 'unsafe-inline'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body onload="alert('PASS 3 of \
3')"> </span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysharedworkerconnectsrcallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
http://127.0.0.1:8000"/> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
http://127.0.0.1:8000"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysharedworkerconnectsrcblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
'none'"/> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="connect-src 'none'"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysourcelistparsingmalformedmetahtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
http://localhost:8000"<script> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
http://localhost:8000"<script> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicysrcdocdoesntbypassscriptsrchtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self'"> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="script-src 'self'"> </ins><span class="cx"> <script \
src="resources/dump-as-text.js"></script> </span><span class="cx"> \
</head> </span><span class="cx"> <body>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicystyleallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src *; \
script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src *; script-src \
'unsafe-inline'"> </ins><span class="cx"> <link rel="stylesheet" \
href="resources/blue.css"> </span><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner)
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicystyleblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/style-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="style-src \
'none'; script-src 'unsafe-inline'"> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="style-src 'none'; \
script-src 'unsafe-inline'"> </ins><span class="cx"> <link \
rel="stylesheet" href="resources/blue.css"> </span><span \
class="cx"> <script> </span><span class="cx"> if (window.testRunner)
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerconnectsrcallowedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-allowed.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
http://127.0.0.1:8000"/> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="connect-src \
http://127.0.0.1:8000"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerconnectsrcblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="connect-src \
'none'"/> </del><ins>+<meta http-equiv="Content-Security-Policy" \
content="connect-src 'none'"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerevalblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-eval-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-eval-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-eval-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self' 'unsafe-inline'"/> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src 'self' \
'unsafe-inline'"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerfunctionfunctionblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self' 'unsafe-inline'"/> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src 'self' \
'unsafe-inline'"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkerscriptsrchtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-script-src.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-script-src.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-script-src.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'unsafe-inline'"/> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src \
'unsafe-inline'"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.dumpAsText();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyworkersettimeoutblockedhtml"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked.html 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> <!DOCTYPE html>
</span><span class="cx"> <html>
</span><span class="cx"> <head>
</span><del>-<meta http-equiv="X-WebKit-CSP" content="script-src \
'self' 'unsafe-inline'"/> </del><ins>+<meta \
http-equiv="Content-Security-Policy" content="script-src 'self' \
'unsafe-inline'"/> </ins><span class="cx"> <script>
</span><span class="cx"> if (window.testRunner) {
</span><span class="cx"> testRunner.waitUntilDone();
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslallowedphp"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-allowed.php (133094 \
=> 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-allowed.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-allowed.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> <?php
</span><span class="cx"> header("Content-Type: application/xhtml+xml");
</span><del>-header("X-WebKit-CSP: script-src * 'unsafe-inline'");
</del><ins>+header("Content-Security-Policy: script-src * \
'unsafe-inline'"); </ins><span class="cx">
</span><span class="cx"> echo '<?xml version="1.0" \
encoding="UTF-8"?>'; </span><span class="cx"> echo '<?xml-stylesheet \
type="text/xsl" href="resources/style.xsl"?>'; \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslblockedphp"></a> <div \
class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-blocked.php (133094 \
=> 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-blocked.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-blocked.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> <?php
</span><span class="cx"> header("Content-Type: application/xhtml+xml");
</span><del>-header("X-WebKit-CSP: script-src 'unsafe-inline'");
</del><ins>+header("Content-Security-Policy: script-src 'unsafe-inline'");
</ins><span class="cx">
</span><span class="cx"> echo '<?xml version="1.0" \
encoding="UTF-8"?>'; </span><span class="cx"> echo '<?xml-stylesheet \
type="text/xsl" href="resources/style.xsl"?>'; \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslimgblockedphp"></a> <div \
class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked.php \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-img-blocked.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> <?php
</span><span class="cx"> header("Content-Type: text/xml");
</span><del>-header("X-WebKit-CSP: img-src 'none'");
</del><ins>+header("Content-Security-Policy: img-src 'none'");
</ins><span class="cx">
</span><span class="cx"> echo '<?xml version="1.0" \
encoding="UTF-8"?>'; </span><span class="cx"> echo '<?xml-stylesheet \
type="text/xsl" href="resources/transform-to-img.xsl"?>'; \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslunaffectedbystylesrc1php"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-1.php \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-1.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-1.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> <?php
</span><span class="cx"> header("Content-Type: application/xhtml+xml");
</span><del>-header("X-WebKit-CSP: style-src *; script-src \
'unsafe-inline'"); </del><ins>+header("Content-Security-Policy: style-src \
*; script-src 'unsafe-inline'"); </ins><span class="cx">
</span><span class="cx"> echo '<?xml version="1.0" \
encoding="UTF-8"?>'; </span><span class="cx"> echo '<?xml-stylesheet \
type="text/xsl" href="resources/style.xsl"?>'; \
</span></span></pre></div> <a \
id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyxslunaffectedbystylesrc2php"></a>
<div class="modfile"><h4>Modified: \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-2.php \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-2.php 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-unaffected-by-style-src-2.php 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> <?php
</span><span class="cx"> header("Content-Type: application/xhtml+xml");
</span><del>-header("X-WebKit-CSP: style-src 'none'; script-src * \
'unsafe-inline'"); </del><ins>+header("Content-Security-Policy: style-src \
'none'; script-src * 'unsafe-inline'"); </ins><span class="cx">
</span><span class="cx"> echo '<?xml version="1.0" \
encoding="UTF-8"?>'; </span><span class="cx"> echo '<?xml-stylesheet \
type="text/xsl" href="resources/style.xsl"?>'; \
</span></span></pre></div> <a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (133094 => \
133095)</h4> <pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2012-10-31 23:27:04 UTC (rev \
133094)
+++ trunk/Source/WebCore/ChangeLog 2012-10-31 23:41:27 UTC (rev 133095)
</span><span class="lines">@@ -1,3 +1,67 @@
</span><ins>+2012-10-31 Mike West <mkwst@chromium.org>
+
+ Implement the canonical "Content-Security-Policy" header.
+ https://bugs.webkit.org/show_bug.cgi?id=96765
+
+ Reviewed by Adam Barth.
+
+ The CSP 1.0 specification defines the "Content-Security-Policy" \
header + as the canonical mechanism of defining a resource's security policy. \
Up + through this patch, we've implemented the functionality behind a prefix
+ in order to ensure compatibility with the standard once it's released as
+ a recommendation. Both the specification and WebKit's implementation are
+ far enough along in that process that it makes sense to support the
+ unprefixed header for sites that wish to opt-in to CSP 1.0.
+
+ As discussed on public-webappsec[1], we'll keep the experimental 1.1
+ features behind the prefixed header ('X-WebKit-CSP') until that standard
+ is far enough along to justify moving them out to the canonical header.
+
+ This patch defines the 'Content-Security-Policy' header for all ports,
+ just as the 'X-WebKit-CSP' header is currently supported on all ports.
+ Ports that have not opted-in to the CSP_NEXT flag will see exactly the
+ same behavior with both headers. Ports that have opted-in will see much
+ of CSP 1.1's current definition on the prefixed header, and CSP 1.0 on
+ the canonical header.
+
+ The functionality in this change is covered by the changes made to
+ existing tests. No expectations changed, only the headers that are sent.
+
+ * dom/Document.cpp:
+ (WebCore::Document::processHttpEquiv):
+ Add canonical header support to 'meta' element definitions.
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::didBeginDocument):
+ Add canonical header support to FrameLoader.
+ * page/ContentSecurityPolicy.cpp:
+ (WebCore::CSPDirectiveList::headerType):
+ The ContentSecurityPolicy::HeaderType enum now has four values:
+ prefixed/report-only, unprefixed/report-only, prefixed/enforce, and
+ unprefixed/enforce. Instead of creating logic to output the proper
+ type based on internal flags, CSPDirectiveList now saves the value
+ provided at creation time, and returns it via this method.
+ (CSPDirectiveList):
+ (WebCore::CSPDirectiveList::CSPDirectiveList):
+ The constructor now accepts a type, which is stored on the object.
+ It also stores a new internal variable, 'm_experimental', which
+ defines whether or not experimental features ought to be available.
+ These features are still locked behind the CSP_NEXT flag, but that
+ might not be the case forever.
+ (WebCore::CSPDirectiveList::create):
+ The static constructor wrapper now passes the type into the real
+ constructor, which also now handles setting its internal variables.
+ (WebCore::CSPDirectiveList::parse):
+ 'parse()' is given the header, so it makes sense to store it here as
+ well, rather than in the create wrapper.
+ (WebCore::CSPDirectiveList::addDirective):
+ 1.1 directives remain locked behind CSP_NEXT, but now also require
+ that 'm_experimental' is set, signaling usage of the prefixed header
+ and an implicit opt-in to 1.1.
+ * page/ContentSecurityPolicy.h:
+ Added two new types to the HeaderTypes enum: PrefixedReportOnly, and
+ PrefixedEnforcePolicy. These map to 'X-WebKitCSP-Report-Only' and
+ 'X-WebKit-CSP', respectively.
+
</ins><span class="cx"> 2012-10-31 Roger Fong <roger_fong@apple.com>
</span><span class="cx">
</span><span class="cx"> Change PopupMenu positioning on Windows such that \
behaviour on multiple monitors matches Windows standards. </span></span></pre></div>
<a id="trunkSourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Document.cpp (133094 => \
133095)</h4> <pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Document.cpp 2012-10-31 23:27:04 UTC \
(rev 133094)
+++ trunk/Source/WebCore/dom/Document.cpp 2012-10-31 23:41:27 UTC (rev 133095)
</span><span class="lines">@@ -2966,10 +2966,14 @@
</span><span class="cx"> addConsoleMessage(JSMessageSource, \
LogMessageType, ErrorMessageLevel, message, url().string(), 0, 0, requestIdentifier); \
</span><span class="cx"> } </span><span class="cx"> }
</span><del>- } else if (equalIgnoringCase(equiv, "x-webkit-csp"))
- contentSecurityPolicy()->didReceiveHeader(content, \
ContentSecurityPolicy::EnforcePolicy); </del><ins>+ } else if \
(equalIgnoringCase(equiv, "content-security-policy")) + \
contentSecurityPolicy()->didReceiveHeader(content, \
ContentSecurityPolicy::EnforceStableDirectives); + else if \
(equalIgnoringCase(equiv, "content-security-policy-report-only")) + \
contentSecurityPolicy()->didReceiveHeader(content, \
ContentSecurityPolicy::ReportStableDirectives); + else if \
(equalIgnoringCase(equiv, "x-webkit-csp")) + \
contentSecurityPolicy()->didReceiveHeader(content, \
ContentSecurityPolicy::EnforceAllDirectives); </ins><span class="cx"> else if \
(equalIgnoringCase(equiv, "x-webkit-csp-report-only")) </span><del>- \
contentSecurityPolicy()->didReceiveHeader(content, \
ContentSecurityPolicy::ReportOnly); </del><ins>+ \
contentSecurityPolicy()->didReceiveHeader(content, \
ContentSecurityPolicy::ReportAllDirectives); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Though isspace() considers \t and \v to be whitespace, \
Win IE doesn't. </span></span></pre></div>
<a id="trunkSourceWebCoreloaderFrameLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/FrameLoader.cpp \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/FrameLoader.cpp 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2012-10-31 23:41:27 UTC (rev 133095)
</span><span class="lines">@@ -660,14 +660,22 @@
</span><span class="cx"> if (!dnsPrefetchControl.isEmpty())
</span><span class="cx"> \
m_frame->document()->parseDNSPrefetchControlHeader(dnsPrefetchControl); \
</span><span class="cx"> </span><del>- String contentSecurityPolicy = \
m_documentLoader->response().httpHeaderField("X-WebKit-CSP");
- if (!contentSecurityPolicy.isEmpty())
- m_frame->document()->contentSecurityPolicy()->didReceiveHeader(contentSecurityPolicy, \
ContentSecurityPolicy::EnforcePolicy); </del><ins>+ String policyValue = \
m_documentLoader->response().httpHeaderField("Content-Security-Policy"); \
+ if (!policyValue.isEmpty()) + \
m_frame->document()->contentSecurityPolicy()->didReceiveHeader(policyValue, \
ContentSecurityPolicy::EnforceStableDirectives); </ins><span class="cx">
</span><del>- String reportOnlyContentSecurityPolicy = \
m_documentLoader->response().httpHeaderField("X-WebKit-CSP-Report-Only");
- if (!reportOnlyContentSecurityPolicy.isEmpty())
- m_frame->document()->contentSecurityPolicy()->didReceiveHeader(reportOnlyContentSecurityPolicy, \
ContentSecurityPolicy::ReportOnly); </del><ins>+ policyValue = \
m_documentLoader->response().httpHeaderField("Content-Security-Policy-Report-Only");
+ if (!policyValue.isEmpty())
+ m_frame->document()->contentSecurityPolicy()->didReceiveHeader(policyValue, \
ContentSecurityPolicy::ReportStableDirectives); </ins><span class="cx">
</span><ins>+ policyValue = \
m_documentLoader->response().httpHeaderField("X-WebKit-CSP"); + \
if (!policyValue.isEmpty()) + \
m_frame->document()->contentSecurityPolicy()->didReceiveHeader(policyValue, \
ContentSecurityPolicy::EnforceAllDirectives); +
+ policyValue = \
m_documentLoader->response().httpHeaderField("X-WebKit-CSP-Report-Only");
+ if (!policyValue.isEmpty())
+ m_frame->document()->contentSecurityPolicy()->didReceiveHeader(policyValue, \
ContentSecurityPolicy::ReportAllDirectives); +
</ins><span class="cx"> String headerContentLanguage = \
m_documentLoader->response().httpHeaderField("Content-Language"); \
</span><span class="cx"> if (!headerContentLanguage.isEmpty()) { </span><span \
class="cx"> size_t commaIndex = headerContentLanguage.find(','); \
</span></span></pre></div> <a \
id="trunkSourceWebCorepageContentSecurityPolicycpp"></a> <div \
class="modfile"><h4>Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-10-31 23:41:27 UTC (rev \
133095) </span><span class="lines">@@ -772,7 +772,7 @@
</span><span class="cx"> static PassOwnPtr<CSPDirectiveList> \
create(ContentSecurityPolicy*, const String&, ContentSecurityPolicy::HeaderType); \
</span><span class="cx"> </span><span class="cx"> const String& header() \
const { return m_header; } </span><del>- ContentSecurityPolicy::HeaderType \
headerType() const { return m_reportOnly ? ContentSecurityPolicy::ReportOnly : \
ContentSecurityPolicy::EnforcePolicy; } </del><ins>+ \
ContentSecurityPolicy::HeaderType headerType() const { return m_headerType; } \
</ins><span class="cx"> </span><span class="cx"> bool allowJavaScriptURLs(const \
String& contextURL, const WTF::OrdinalNumber& contextLine, \
ContentSecurityPolicy::ReportingStatus) const; </span><span class="cx"> bool \
allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& \
contextLine, ContentSecurityPolicy::ReportingStatus) const; </span><span \
class="lines">@@ -796,7 +796,7 @@ </span><span class="cx"> const String& \
evalDisabledErrorMessage() { return m_evalDisabledErrorMessage; } </span><span \
class="cx"> </span><span class="cx"> private:
</span><del>- explicit CSPDirectiveList(ContentSecurityPolicy*);
</del><ins>+ CSPDirectiveList(ContentSecurityPolicy*, \
ContentSecurityPolicy::HeaderType); </ins><span class="cx">
</span><span class="cx"> void parse(const String&);
</span><span class="cx">
</span><span class="lines">@@ -833,7 +833,9 @@
</span><span class="cx"> ContentSecurityPolicy* m_policy;
</span><span class="cx">
</span><span class="cx"> String m_header;
</span><ins>+ ContentSecurityPolicy::HeaderType m_headerType;
</ins><span class="cx">
</span><ins>+ bool m_experimental;
</ins><span class="cx"> bool m_reportOnly;
</span><span class="cx"> bool m_haveSandboxPolicy;
</span><span class="cx">
</span><span class="lines">@@ -855,28 +857,22 @@
</span><span class="cx"> String m_evalDisabledErrorMessage;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy)
</del><ins>+CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, \
ContentSecurityPolicy::HeaderType type) </ins><span class="cx"> : \
m_policy(policy) </span><ins>+ , m_headerType(type)
+ , m_experimental(false)
</ins><span class="cx"> , m_reportOnly(false)
</span><span class="cx"> , m_haveSandboxPolicy(false)
</span><span class="cx"> {
</span><ins>+ m_reportOnly = (type == \
ContentSecurityPolicy::ReportStableDirectives || type == \
ContentSecurityPolicy::ReportAllDirectives); + m_experimental = (type == \
ContentSecurityPolicy::ReportAllDirectives || type == \
ContentSecurityPolicy::EnforceAllDirectives); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> PassOwnPtr<CSPDirectiveList> \
CSPDirectiveList::create(ContentSecurityPolicy* policy, const String& header, \
ContentSecurityPolicy::HeaderType type) </span><span class="cx"> {
</span><del>- OwnPtr<CSPDirectiveList> directives = adoptPtr(new \
CSPDirectiveList(policy)); </del><ins>+ OwnPtr<CSPDirectiveList> directives \
= adoptPtr(new CSPDirectiveList(policy, type)); </ins><span class="cx"> \
directives->parse(header); </span><del>- directives->m_header = header;
</del><span class="cx">
</span><del>- switch (type) {
- case ContentSecurityPolicy::ReportOnly:
- directives->m_reportOnly = true;
- return directives.release();
- case ContentSecurityPolicy::EnforcePolicy:
- ASSERT(!directives->m_reportOnly);
- break;
- }
-
</del><span class="cx"> if \
(!directives->checkEval(directives->operativeDirective(directives->m_scriptSrc.get()))) \
{ </span><span class="cx"> String message = makeString("Refused to \
evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of \
script in the following Content Security Policy directive: \"", \
directives->operativeDirective(directives->m_scriptSrc.get())->text(), \
"\".\n"); </span><span class="cx"> \
directives->setEvalDisabledErrorMessage(message); </span><span class="lines">@@ \
-1151,6 +1147,7 @@ </span><span class="cx"> //
</span><span class="cx"> void CSPDirectiveList::parse(const String& policy)
</span><span class="cx"> {
</span><ins>+ m_header = policy;
</ins><span class="cx"> if (policy.isEmpty())
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -1297,12 +1294,14 @@
</span><span class="cx"> else if (equalIgnoringCase(name, reportURI))
</span><span class="cx"> parseReportURI(name, value);
</span><span class="cx"> #if ENABLE(CSP_NEXT)
</span><del>- else if (equalIgnoringCase(name, formAction))
- setCSPDirective<SourceListDirective>(name, value, m_formAction);
- else if (equalIgnoringCase(name, pluginTypes))
- setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
- else if (equalIgnoringCase(name, scriptNonce))
- setCSPDirective<NonceDirective>(name, value, m_scriptNonce);
</del><ins>+ else if (m_experimental) {
+ if (equalIgnoringCase(name, formAction))
+ setCSPDirective<SourceListDirective>(name, value, m_formAction);
+ else if (equalIgnoringCase(name, pluginTypes))
+ setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
+ else if (equalIgnoringCase(name, scriptNonce))
+ setCSPDirective<NonceDirective>(name, value, m_scriptNonce);
+ }
</ins><span class="cx"> #endif
</span><span class="cx"> else
</span><span class="cx"> m_policy->reportUnrecognizedDirective(name);
</span><span class="lines">@@ -1368,7 +1367,7 @@
</span><span class="cx">
</span><span class="cx"> ContentSecurityPolicy::HeaderType \
ContentSecurityPolicy::deprecatedHeaderType() const </span><span class="cx"> {
</span><del>- return m_policies.isEmpty() ? EnforcePolicy : \
m_policies[0]->headerType(); </del><ins>+ return m_policies.isEmpty() ? \
EnforceStableDirectives : m_policies[0]->headerType(); </ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<bool \
(CSPDirectiveList::*allowed)(ContentSecurityPolicy::ReportingStatus) const> \
</span></span></pre></div> <a id="trunkSourceWebCorepageContentSecurityPolicyh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.h \
(133094 => 133095)</h4> <pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-10-31 \
23:27:04 UTC (rev 133094)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-10-31 23:41:27 UTC (rev \
133095) </span><span class="lines">@@ -60,8 +60,10 @@
</span><span class="cx"> void copyStateFrom(const ContentSecurityPolicy*);
</span><span class="cx">
</span><span class="cx"> enum HeaderType {
</span><del>- ReportOnly,
- EnforcePolicy
</del><ins>+ ReportStableDirectives,
+ EnforceStableDirectives,
+ ReportAllDirectives,
+ EnforceAllDirectives
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> enum ReportingStatus {
</span></span></pre></div>
<a id="trunkSourceWebKitchromiumpublicWebContentSecurityPolicyh"></a>
<div class="modfile"><h4>Modified: \
trunk/Source/WebKit/chromium/public/WebContentSecurityPolicy.h (133094 => \
133095)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/Source/WebKit/chromium/public/WebContentSecurityPolicy.h 2012-10-31 23:27:04 \
UTC (rev 133094)
+++ trunk/Source/WebKit/chromium/public/WebContentSecurityPolicy.h 2012-10-31 \
23:41:27 UTC (rev 133095) </span><span class="lines">@@ -34,8 +34,10 @@
</span><span class="cx"> namespace WebKit {
</span><span class="cx">
</span><span class="cx"> enum WebContentSecurityPolicyType {
</span><del>- WebContentSecurityPolicyTypeReportOnly,
- WebContentSecurityPolicyTypeEnforcePolicy
</del><ins>+ WebContentSecurityPolicyTypeReportStableDirectives,
+ WebContentSecurityPolicyTypeEnforceStableDirectives,
+ WebContentSecurityPolicyTypeReportAllDirectives,
+ WebContentSecurityPolicyTypeEnforceAllDirectives,
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebKit
</span></span></pre></div>
<a id="trunkSourceWebKitchromiumsrcAssertMatchingEnumscpp"></a>
<div class="modfile"><h4>Modified: \
trunk/Source/WebKit/chromium/src/AssertMatchingEnums.cpp (133094 => 133095)</h4> <pre \
class="diff"><span> <span class="info">--- \
trunk/Source/WebKit/chromium/src/AssertMatchingEnums.cpp 2012-10-31 23:27:04 UTC (rev \
133094)
+++ trunk/Source/WebKit/chromium/src/AssertMatchingEnums.cpp 2012-10-31 23:41:27 UTC \
(rev 133095) </span><span class="lines">@@ -620,8 +620,10 @@
</span><span class="cx"> COMPILE_ASSERT_MATCHING_ENUM(WebReferrerPolicyNever, \
ReferrerPolicyNever); </span><span class="cx"> \
COMPILE_ASSERT_MATCHING_ENUM(WebReferrerPolicyOrigin, ReferrerPolicyOrigin); \
</span><span class="cx"> \
</span><del>-COMPILE_ASSERT_MATCHING_ENUM(WebContentSecurityPolicyTypeReportOnly, \
ContentSecurityPolicy::ReportOnly);
-COMPILE_ASSERT_MATCHING_ENUM(WebContentSecurityPolicyTypeEnforcePolicy, \
ContentSecurityPolicy::EnforcePolicy); \
</del><ins>+COMPILE_ASSERT_MATCHING_ENUM(WebContentSecurityPolicyTypeReportStableDirectives, \
ContentSecurityPolicy::ReportStableDirectives); \
+COMPILE_ASSERT_MATCHING_ENUM(WebContentSecurityPolicyTypeEnforceStableDirectives, \
ContentSecurityPolicy::EnforceStableDirectives); \
+COMPILE_ASSERT_MATCHING_ENUM(WebContentSecurityPolicyTypeReportAllDirectives, \
ContentSecurityPolicy::ReportAllDirectives); \
+COMPILE_ASSERT_MATCHING_ENUM(WebContentSecurityPolicyTypeEnforceAllDirectives, \
ContentSecurityPolicy::EnforceAllDirectives); </ins><span class="cx">
</span><span class="cx"> COMPILE_ASSERT_MATCHING_ENUM(WebURLResponse::Unknown, \
ResourceResponse::Unknown); </span><span class="cx"> \
COMPILE_ASSERT_MATCHING_ENUM(WebURLResponse::HTTP_0_9, ResourceResponse::HTTP_0_9); \
</span></span></pre> </div>
</div>
</body>
</html>
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic