Diff
Modified: trunk/LayoutTests/ChangeLog (287269 => 287270)
--- trunk/LayoutTests/ChangeLog 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/ChangeLog 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,3 +1,17 @@
+2021-12-20 Patrick Griffis <pgrif...@igalia.com>
+
+ CSP: Always use UTF-8 encoded content when checking hashes
+ https://bugs.webkit.org/show_bug.cgi?id=234159
+
+ Reviewed by Kate Cheney.
+
+ Remove normalization tests that are counter to WPT's CSP normalization tests.
+
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-tests-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html: Removed.
+
2021-12-20 Tim Nguyen <n...@apple.com>
Re-import the-dialog-element WPT
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests-expected.txt (287269 => 287270)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests-expected.txt 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests-expected.txt 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA=''. It will be ignored.
CONSOLE MESSAGE: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-dummy''. It will be ignored.
@@ -41,8 +42,7 @@
PASS "Script that contains HTML entity >" did run inline script.
PASS "Script that contains Unicode code point U+00C5" did run inline script.
PASS "Unicode code point U+00C5 is not equivalent to U+212B" did not run inline script.
-PASS "Unicode code point U+212B is equivalent to U+00C5" did run inline script.
-PASS "Big-5 page with Big-5 hash" did run inline script.
+PASS "Big-5 page with Big-5 hash" did not run inline script.
PASS "Big-5 page with UTF-8 hash" did not run inline script.
PASS "Hash source with invalid prefix" did not run inline script.
PASS "Invalid prefix" did not run inline script.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html (287269 => 287270)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html 2021-12-20 20:12:52 UTC (rev 287270)
@@ -82,13 +82,6 @@
hashSource: "'sha256-rrdh0QCl46qqHxfnnk08ydh/rkhVi2JvD6DLuUP30MI='", // Hash of "didRunInlineScript+%3D+true%3B+//+%E2%84%AB"
expectedResult: DoNotRunInlineScript,
},
-{
- name: "Unicode code point U+212B is equivalent to U+00C5",
- charset: "UTF8",
- script: "didRunInlineScript+%3D+true%3B+//+%E2%84%AB", // %E2%84%AB is the URL encoded UTF-8 byte sequence for U+212B.
- hashSource: "'sha256-K3oo3dJj28X47TIh/UinhDWS3C5DfcQVCRzw4JM7SWE='", // Intentionally not 'sha256-rrdh0QCl46qqHxfnnk08ydh/rkhVi2JvD6DLuUP30MI='
- expectedResult: RunInlineScript,
-},
// Big-5 encoding test cases
{
name: "Big-5 page with Big-5 hash",
@@ -95,7 +88,7 @@
charset: "Big5",
script: "didRunInlineScript+%3D+true%3B+//+%A4%F4",
hashSource: "'sha256-CAEkHFV/oUoz+L2Oa6gIFelb73og89vCbxrz4u/jAY4='",
- expectedResult: RunInlineScript,
+ expectedResult: DoNotRunInlineScript,
},
{
name: "Big-5 page with UTF-8 hash",
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt (287269 => 287270)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,3 +0,0 @@
-ALERT: PASS
-ALERT: PASS
-This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points, but through normalization, should be the same when the hash is taken.
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html (287269 => 287270)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta http-equiv="Content-Security-Policy" content="script-src 'sha256-OBpkpZD3ME366d9wfdsWwYSvYORUMfT+bvUVI5XJzBw=' 'sha256-bYf1lsJFPmWnm4DhDJwwaEKKonw7TN3KLz5M8J0PpIE='">
- <script>
- if (window.testRunner)
- testRunner.dumpAsText();
- </script>
- <!-- The following two scripts contain two separate code points (U+00C5
- and U+212B, respectively) which, depending on your text editor, might be
- rendered the same. However, their difference is important as they should
- be NFC normalized to the same code point, thus they should hash to the
- same value.-->
- <script>
- 'Å';
- alert('PASS');
- </script>
- <script>
- 'Å';
- alert('PASS');
- </script>
- </head>
- <body>
- <p>
- This tests Unicode normalization. While appearing the same, the
- strings in the scripts are different Unicode points, but through
- normalization, should be the same when the hash is taken.
- </p>
- </body>
-</html>
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (287269 => 287270)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,3 +1,15 @@
+2021-12-20 Patrick Griffis <pgrif...@igalia.com>
+
+ CSP: Always use UTF-8 encoded content when checking hashes
+ https://bugs.webkit.org/show_bug.cgi?id=234159
+
+ Reviewed by Kate Cheney.
+
+ Update expectations as passing.
+
+ * web-platform-tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate-expected.txt:
+ * web-platform-tests/content-security-policy/script-src/scripthash-unicode-normalization.sub-expected.txt:
+
2021-12-20 Tim Nguyen <n...@apple.com>
Re-import the-dialog-element WPT
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate-expected.txt (287269 => 287270)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate-expected.txt 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate-expected.txt 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,3 +1,3 @@
-FAIL Should convert the script contents to UTF-8 before hashing assert_unreached: Should not have fired a spv Reached unreachable code
+PASS Should convert the script contents to UTF-8 before hashing
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/scripthash-unicode-normalization.sub-expected.txt (287269 => 287270)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/scripthash-unicode-normalization.sub-expected.txt 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/scripthash-unicode-normalization.sub-expected.txt 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,8 +1,6 @@
This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points, but through normalization, should be the same when the hash is taken.
-Harness Error (TIMEOUT), message = null
+PASS Should fire securitypolicyviolation
+PASS Only matching content runs even with NFC normalization.
-NOTRUN Should fire securitypolicyviolation
-FAIL Only matching content runs even with NFC normalization. assert_unreached: nonMatchingContent script ran Reached unreachable code
-
Modified: trunk/Source/WebCore/ChangeLog (287269 => 287270)
--- trunk/Source/WebCore/ChangeLog 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/Source/WebCore/ChangeLog 2021-12-20 20:12:52 UTC (rev 287270)
@@ -1,3 +1,19 @@
+2021-12-20 Patrick Griffis <pgrif...@igalia.com>
+
+ CSP: Always use UTF-8 encoded content when checking hashes
+ https://bugs.webkit.org/show_bug.cgi?id=234159
+
+ Reviewed by Kate Cheney.
+
+ As per the spec: https://www.w3.org/TR/CSP3/#match-element-to-source-list
+ > Regardless of the encoding of the document, source will be converted to UTF-8
+ before applying any hashing algorithms.
+
+ StrictConversionReplacingUnpairedSurrogatesWithFFFD matches Chromiums behavior.
+
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies const):
+
2021-12-20 Fujii Hironori <hironori.fu...@sony.com>
[Win] MSVC reports "DragImageCairoWin.cpp(142): error C2362: initialization of 'cr' is skipped by 'goto exit'" with /std:c++20
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (287269 => 287270)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-20 19:58:28 UTC (rev 287269)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-20 20:12:52 UTC (rev 287270)
@@ -362,20 +362,12 @@
if (algorithms.isEmpty() || content.isEmpty())
return { false, false };
- // FIXME: We should compute the document encoding once and cache it instead of computing it on each invocation.
- PAL::TextEncoding documentEncoding;
- if (is<Document>(m_scriptExecutionContext))
- documentEncoding = downcast<Document>(*m_scriptExecutionContext).textEncoding();
- const PAL::TextEncoding& encodingToUse = documentEncoding.isValid() ? documentEncoding : PAL::UTF8Encoding();
-
- // FIXME: Compute the digest with respect to the raw bytes received from the page.
- // See <https://bugs.webkit.org/show_bug.cgi?id=155184>.
- auto encodedContent = encodingToUse.encode(content, PAL::UnencodableHandling::Entities);
+ CString utf8Content = content.utf8(StrictConversionReplacingUnpairedSurrogatesWithFFFD);
bool foundHashInEnforcedPolicies = false;
bool foundHashInReportOnlyPolicies = false;
Vector<ContentSecurityPolicyHash> hashes;
for (auto algorithm : algorithms) {
- auto hash = cryptographicDigestForBytes(algorithm, encodedContent.data(), encodedContent.size());
+ auto hash = cryptographicDigestForBytes(algorithm, utf8Content.data(), utf8Content.length());
hashes.append(hash);
}
if (!foundHashInEnforcedPolicies && allPoliciesWithDispositionAllow(ContentSecurityPolicy::Disposition::Enforce, predicate, hashes))