Title: [138820] trunk
- Revision
- 138820
- Author
- mk...@chromium.org
- Date
- 2013-01-04 11:32:56 -0800 (Fri, 04 Jan 2013)
Log Message
CSP: Blocked 'track' sources should only log once to the console.
https://bugs.webkit.org/show_bug.cgi?id=106091
Reviewed by Eric Carlson.
Source/WebCore:
HTMLTrackElement posts a message to the console when track data is
blocked by Content Security Policy. Now that we're logging inside the
ContentSecurityPolicy object itself, there's no need for the
duplication. This patch drops the extra log message (and, as a
side-effect, adds a test that ensures that 'track' content is governed
by the 'media-src' directive).
Test: http/tests/security/contentSecurityPolicy/media-src-track-block.html
* html/HTMLTrackElement.cpp:
(WebCore::HTMLTrackElement::canLoadUrl):
LayoutTests:
* http/tests/security/contentSecurityPolicy/media-src-track-block-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/media-src-track-block.html: Added.
* http/tests/security/contentSecurityPolicy/resources/track.srt: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (138819 => 138820)
--- trunk/LayoutTests/ChangeLog 2013-01-04 19:18:10 UTC (rev 138819)
+++ trunk/LayoutTests/ChangeLog 2013-01-04 19:32:56 UTC (rev 138820)
@@ -1,5 +1,16 @@
2013-01-04 Mike West <mk...@chromium.org>
+ CSP: Blocked 'track' sources should only log once to the console.
+ https://bugs.webkit.org/show_bug.cgi?id=106091
+
+ Reviewed by Eric Carlson.
+
+ * http/tests/security/contentSecurityPolicy/media-src-track-block-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/media-src-track-block.html: Added.
+ * http/tests/security/contentSecurityPolicy/resources/track.srt: Added.
+
+2013-01-04 Mike West <mk...@chromium.org>
+
CSP: 'frame-src' should block redirects to invalid sources.
https://bugs.webkit.org/show_bug.cgi?id=106084
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block-expected.txt (0 => 138820)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block-expected.txt 2013-01-04 19:32:56 UTC (rev 138820)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to load the media 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/track.vtt' because it violates the following Content Security Policy directive: "media-src 'none'".
+
+ALERT: PASS
+
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html (0 => 138820)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/media-src-track-block.html 2013-01-04 19:32:56 UTC (rev 138820)
@@ -0,0 +1,31 @@
+<html>
+<head>
+ <meta http-equiv="Content-Security-Policy" content="media-src 'none'">
+ <script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+ function loaded() {
+ alert("FAIL");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+ function errored() {
+ alert("PASS");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+ function start() {
+ var track = document.querySelector('track');
+ track.track.mode = "hidden";
+ track.setAttribute('src', 'resources/track.vtt');
+ }
+ </script>
+</head>
+<body _onload_="start()">
+ <video>
+ <track kind="captions" _onload_="loaded()" _onerror_="errored()">
+ </video>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/track.vtt (0 => 138820)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/track.vtt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/track.vtt 2013-01-04 19:32:56 UTC (rev 138820)
@@ -0,0 +1 @@
+Subtitles!
Modified: trunk/Source/WebCore/ChangeLog (138819 => 138820)
--- trunk/Source/WebCore/ChangeLog 2013-01-04 19:18:10 UTC (rev 138819)
+++ trunk/Source/WebCore/ChangeLog 2013-01-04 19:32:56 UTC (rev 138820)
@@ -1,3 +1,22 @@
+2013-01-04 Mike West <mk...@chromium.org>
+
+ CSP: Blocked 'track' sources should only log once to the console.
+ https://bugs.webkit.org/show_bug.cgi?id=106091
+
+ Reviewed by Eric Carlson.
+
+ HTMLTrackElement posts a message to the console when track data is
+ blocked by Content Security Policy. Now that we're logging inside the
+ ContentSecurityPolicy object itself, there's no need for the
+ duplication. This patch drops the extra log message (and, as a
+ side-effect, adds a test that ensures that 'track' content is governed
+ by the 'media-src' directive).
+
+ Test: http/tests/security/contentSecurityPolicy/media-src-track-block.html
+
+ * html/HTMLTrackElement.cpp:
+ (WebCore::HTMLTrackElement::canLoadUrl):
+
2013-01-03 Jer Noble <jer.no...@apple.com>
Crash in media/unsupported-rtsp.html.
Modified: trunk/Source/WebCore/html/HTMLTrackElement.cpp (138819 => 138820)
--- trunk/Source/WebCore/html/HTMLTrackElement.cpp 2013-01-04 19:18:10 UTC (rev 138819)
+++ trunk/Source/WebCore/html/HTMLTrackElement.cpp 2013-01-04 19:32:56 UTC (rev 138820)
@@ -254,8 +254,6 @@
return false;
if (!document()->contentSecurityPolicy()->allowMediaFromSource(url)) {
- DEFINE_STATIC_LOCAL(String, consoleMessage, (ASCIILiteral("Text track load denied by Content Security Policy.")));
- document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, consoleMessage);
LOG(Media, "HTMLTrackElement::canLoadUrl(%s) -> rejected by Content Security Policy", urlForLoggingTrack(url).utf8().data());
return false;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
