Diff
Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (197083 => 197084)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-02-25 10:26:03 UTC (rev 197083)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-02-25 10:26:22 UTC (rev 197084)
@@ -1,5 +1,19 @@
2016-02-21 Daniel Bates <daba...@apple.com>
+ CSP: Violation report should include column number
+ https://bugs.webkit.org/show_bug.cgi?id=154418
+ <rdar://problem/24729525>
+
+ Reviewed by Brent Fulgham.
+
+ Update expected results to include source file column information where the violation occurred.
+
+ * http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-inline-_javascript_-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-_javascript_-expected.txt:
+
+2016-02-21 Daniel Bates <daba...@apple.com>
+
CSP: Violation report should include HTTP status code and effective-directive of protected resource
https://bugs.webkit.org/show_bug.cgi?id=154288
<rdar://problem/24674982>
Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt (197083 => 197084)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt 2016-02-25 10:26:03 UTC (rev 197083)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt 2016-02-25 10:26:22 UTC (rev 197084)
@@ -5,4 +5,4 @@
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php
REQUEST_METHOD: POST
=== POST DATA =""
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"file","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php","line-number":9}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"file","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php","line-number":9,"column-number":26}}
Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-_javascript_-expected.txt (197083 => 197084)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-_javascript_-expected.txt 2016-02-25 10:26:03 UTC (rev 197083)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-_javascript_-expected.txt 2016-02-25 10:26:22 UTC (rev 197084)
@@ -5,4 +5,4 @@
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-_javascript_.php
REQUEST_METHOD: POST
=== POST DATA =""
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-_javascript_.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-_javascript_.php","line-number":7}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-_javascript_.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-_javascript_.php","line-number":7,"column-number":10}}
Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-_javascript_-expected.txt (197083 => 197084)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-_javascript_-expected.txt 2016-02-25 10:26:03 UTC (rev 197083)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-_javascript_-expected.txt 2016-02-25 10:26:22 UTC (rev 197084)
@@ -5,4 +5,4 @@
HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-_javascript_.php
REQUEST_METHOD: POST
=== POST DATA =""
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-_javascript_.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js","line-number":3}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-_javascript_.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js","line-number":3,"column-number":2}}
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (197083 => 197084)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-02-25 10:26:03 UTC (rev 197083)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-02-25 10:26:22 UTC (rev 197084)
@@ -1,5 +1,25 @@
2016-02-21 Daniel Bates <daba...@apple.com>
+ CSP: Violation report should include column number
+ https://bugs.webkit.org/show_bug.cgi?id=154418
+ <rdar://problem/24729525>
+
+ Reviewed by Brent Fulgham.
+
+ Include column-number in the Content Security Policy violation report for the column number
+ in the source script where the violation occurred (for a script violation) as per section
+ Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
+
+ When a CSP report is created for a script violation the source file and line number of the
+ source code line where the violation occurred are included in the report. We now include
+ the column number in the source file where the violation occurred so as to help narrow
+ down the operation that triggered the violation in a complicated source code line.
+
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::reportViolation):
+
+2016-02-21 Daniel Bates <daba...@apple.com>
+
CSP: Violation report should include HTTP status code and effective-directive of protected resource
https://bugs.webkit.org/show_bug.cgi?id=154288
<rdar://problem/24674982>
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (197083 => 197084)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-02-25 10:26:03 UTC (rev 197083)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-02-25 10:26:22 UTC (rev 197084)
@@ -395,6 +395,7 @@
URL source = URL(URL(), callFrame->sourceURL());
cspReport->setString(ASCIILiteral("source-file"), stripURLForUseInReport(document, source));
cspReport->setInteger(ASCIILiteral("line-number"), callFrame->lineNumber());
+ cspReport->setInteger(ASCIILiteral("column-number"), callFrame->columnNumber());
}
RefPtr<InspectorObject> reportObject = InspectorObject::create();
