Diff
Modified: trunk/LayoutTests/ChangeLog (197141 => 197142)
--- trunk/LayoutTests/ChangeLog 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/ChangeLog 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +1,47 @@
+2016-02-25 Daniel Bates <daba...@apple.com>
+
+ CSP: Remove SecurityPolicy script interface
+ https://bugs.webkit.org/show_bug.cgi?id=154694
+ <rdar://problem/24846482>
+
+ Reviewed by Andy Estes.
+
+ Remove SecurityPolicy tests and update platform-specific expected results as needed.
+
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt: Removed.
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html: Removed.
+ * http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js: Removed.
+ * platform/gtk/js/dom/global-constructors-attributes-expected.txt: Update expected result as needed.
+ * platform/win/js/dom/global-constructors-attributes-expected.txt: Ditto.
+
2016-02-25 Chris Dumez <cdu...@apple.com>
Drop [TreatReturnedNullStringAs=Undefined] WebKit-specific IDL attribute
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS connection is allowed when no policy exists.
-PASS connection is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsConnectionTo('http://example.com/'))
- log('PASS connection is allowed when no policy exists.');
- else
- log('FAIL connection is not allowed when no policy exists.');
-
-
- injectPolicy("connect-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsConnectionTo('http://example.com/'))
- log('PASS connection is not allowed when policy exists.');
- else
- log('FAIL connection is allowed when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS eval is allowed when no policy exists.
-PASS eval is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,19 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsEval)
- log('PASS eval is allowed when no policy exists.');
- else
- log('FAIL eval is not allowed when no policy exists.');
-
- injectPolicy("script-src 'unsafe-inline';");
-
- if (!document.securityPolicy.allowsEval)
- log('PASS eval is not allowed when policy exists.');
- else
- log('FAIL eval is allowed when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS font is allowed when no policy exists.
-PASS font is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsFontFrom('http://example.com/'))
- log('PASS font is allowed when no policy exists.');
- else
- log('FAIL font is not allowed when no policy exists.');
-
- injectPolicy("font-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsFontFrom('http://example.com/'))
- log('PASS font is not allowed when policy exists.');
- else
- log('PASS font is allowed when policy exists.');
- </script>
- </body>
-</html>
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS form action is allowed when no policy exists.
-PASS form action is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsFormAction('http://example.com/'))
- log('PASS form action is allowed when no policy exists.');
- else
- log('FAIL form action is not allowed when no policy exists.');
-
-
- injectPolicy("form-action http://notexample.com;");
-
- if (!document.securityPolicy.allowsFormAction('http://example.com/'))
- log('PASS form action is not allowed when policy exists.');
- else
- log('FAIL form action is allowed when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS frame is allowed when no policy exists.
-PASS frame is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsFrameFrom('http://example.com/'))
- log('PASS frame is allowed when no policy exists.');
- else
- log('FAIL frame is not allowed when no policy exists.');
-
- injectPolicy("frame-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsFrameFrom('http://example.com/'))
- log('PASS frame is not allowed when policy exists.');
- else
- log('FAIL frame is allowed when policy exists.');
- </script>
- </body>
-</html>
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS image is allowed when no policy exists.
-PASS image is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsImageFrom('http://example.com/'))
- log('PASS image is allowed when no policy exists.');
- else
- log('FAIL image is not allowed when no policy exists.');
-
- injectPolicy("img-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsImageFrom('http://example.com/'))
- log('PASS image is not allowed when policy exists.');
- else
- log('FAIL image is allowed when policy exists.');
- </script>
- </body>
-</html>
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS inline script is allowed when no policy exists.
-PASS inline script is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,19 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsInlineScript)
- log('PASS inline script is allowed when no policy exists.');
- else
- log('FAIL inline script is not allowed when no policy exists.');
-
- injectPolicy("script-src 'unsafe-eval';");
-
- if (!document.securityPolicy.allowsInlineScript)
- log('PASS inline script is not allowed when policy exists.');
- else
- log('FAIL inline script is allowed when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS inline style is allowed when no policy exists.
-PASS inline style is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,19 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsInlineStyle)
- log('PASS inline style is allowed when no policy exists.');
- else
- log('FAIL inline style is not allowed when no policy exists.');
-
- injectPolicy("style-src 'none';");
-
- if (!document.securityPolicy.allowsInlineStyle)
- log('PASS inline style is not allowed when policy exists.');
- else
- log('FAIL inline style is allowed when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS media is allowed when no policy exists.
-PASS media is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsMediaFrom('http://example.com/'))
- log('PASS media is allowed when no policy exists.');
- else
- log('FAIL media is not allowed when no policy exists.');
-
- injectPolicy("media-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsMediaFrom('http://example.com/'))
- log('PASS media is not allowed when policy exists.');
- else
- log('FAIL media is allowed when policy exists.');
- </script>
- </body>
-</html>
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS object is allowed when no policy exists.
-PASS object is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsObjectFrom('http://example.com/'))
- log('PASS object is allowed when no policy exists.');
- else
- log('FAIL object is not allowed when no policy exists.');
-
- injectPolicy("object-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsObjectFrom('http://example.com/'))
- log('PASS object is not allowed when policy exists.');
- else
- log('FAIL object is allowed when policy exists.');
- </script>
- </body>
-</html>
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS plugin type is allowed when no policy exists.
-PASS plugin type is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsPluginType('application/x-shockwave-flash'))
- log('PASS plugin type is allowed when no policy exists.');
- else
- log('FAIL plugin type is not allowed when no policy exists.');
-
-
- injectPolicy("plugin-types application/x-webkit-test-netscape;");
-
- if (!document.securityPolicy.allowsPluginType('application/x-shockwave-flash'))
- log('PASS plugin type is not allowed when policy exists.');
- else
- log('FAIL plugin type is allowed when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS script is allowed when no policy exists.
-PASS script is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsScriptFrom('http://example.com/'))
- log('PASS script is allowed when no policy exists.');
- else
- log('FAIL script is not allowed when no policy exists.');
-
- injectPolicy("script-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsScriptFrom('http://example.com/'))
- log('PASS script is not allowed when policy exists.');
- else
- log('FAIL script is allowed when policy exists.');
- </script>
- </body>
-</html>
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS style is allowed when no policy exists.
-PASS style is not allowed when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,19 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.allowsStyleFrom('http://example.com/'))
- log('PASS style is allowed when no policy exists.');
- else
- log('FAIL style is not allowed when no policy exists.');
-
- injectPolicy("style-src http://notexample.com;");
-
- if (!document.securityPolicy.allowsStyleFrom('http://example.com/'))
- log('PASS style is not allowed when policy exists.');
- else
- log('FAIL style is allowed when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +0,0 @@
-PASS document.securityPolicy.active is false when no policy exists.
-PASS document.securityPolicy.active is true when policy exists.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,19 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (!document.securityPolicy.isActive)
- log('PASS document.securityPolicy.active is false when no policy exists.');
- else
- log('FAIL document.securityPolicy.active is truw when no policy exists.');
-
- injectPolicy("script-src 'unsafe-inline';");
-
- if (document.securityPolicy.isActive)
- log('PASS document.securityPolicy.active is true when policy exists.');
- else
- log('FAIL document.securityPolicy.active is false when policy exists.');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,4 +0,0 @@
-PASS document.securityPolicy.reportURIs has length 0 when no policy exists.
-PASS document.securityPolicy.reportURIs has length 1 when policy exists.
-PASS document.securityPolicy.reportURIs[0] is correct.
-
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,24 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
- <body>
- <script src=""
- <script>
- if (document.securityPolicy.reportURIs.length === 0)
- log('PASS document.securityPolicy.reportURIs has length 0 when no policy exists.');
- else
- log('FAIL document.securityPolicy.reportURIs has length ' + document.securityPolicy.reportURIs.length + ' when no policy exists.');
-
- injectPolicy('report-uri http://example.com');
-
- if (document.securityPolicy.reportURIs.length === 1)
- log('PASS document.securityPolicy.reportURIs has length 1 when policy exists.');
- else
- log('FAIL document.securityPolicy.reportURIs has length ' + document.securityPolicy.reportURIs.length + ' when policy exists.');
-
- if (document.securityPolicy.reportURIs[0] === "http://example.com/")
- log('PASS document.securityPolicy.reportURIs[0] is correct.');
- else
- log('FAIL document.securityPolicy.reportURIs[0] is ' + document.securityPolicy.reportURIs[0] + ' (should be `http://example.com/`).');
- </script>
- </body>
-</html>
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js (197141 => 197142)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,19 +0,0 @@
-if (window.testRunner)
- testRunner.dumpAsText();
-
-function log(msg) {
- var txt = document.createTextNode(msg);
- document.querySelector('body').appendChild(txt);
- document.querySelector('body').appendChild(document.createElement('br'));
-}
-
-function injectPolicy(policy) {
- var meta = document.createElement('meta');
- meta.setAttribute('http-equiv', 'X-WebKit-CSP');
- meta.setAttribute('content', policy);
- document.head.appendChild(meta);
-}
-
-if (!document.securityPolicy)
- log('FAIL document.securityPolicy is not defined.')
-
Modified: trunk/LayoutTests/platform/gtk/js/dom/global-constructors-attributes-expected.txt (197141 => 197142)
--- trunk/LayoutTests/platform/gtk/js/dom/global-constructors-attributes-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/platform/gtk/js/dom/global-constructors-attributes-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1808,11 +1808,6 @@
PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').hasOwnProperty('set') is false
PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').enumerable is false
PASS Object.getOwnPropertyDescriptor(global, 'ScriptProcessorNode').configurable is true
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').value is SecurityPolicy
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').hasOwnProperty('get') is false
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').hasOwnProperty('set') is false
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').enumerable is false
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').configurable is true
PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').value is SecurityPolicyViolationEvent
PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('get') is false
PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('set') is false
Modified: trunk/LayoutTests/platform/win/js/dom/global-constructors-attributes-expected.txt (197141 => 197142)
--- trunk/LayoutTests/platform/win/js/dom/global-constructors-attributes-expected.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/LayoutTests/platform/win/js/dom/global-constructors-attributes-expected.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1633,11 +1633,6 @@
PASS Object.getOwnPropertyDescriptor(global, 'Screen').hasOwnProperty('set') is false
PASS Object.getOwnPropertyDescriptor(global, 'Screen').enumerable is false
PASS Object.getOwnPropertyDescriptor(global, 'Screen').configurable is true
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').value is SecurityPolicy
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').hasOwnProperty('get') is false
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').hasOwnProperty('set') is false
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').enumerable is false
-PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicy').configurable is true
PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').value is SecurityPolicyViolationEvent
PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('get') is false
PASS Object.getOwnPropertyDescriptor(global, 'SecurityPolicyViolationEvent').hasOwnProperty('set') is false
Modified: trunk/Source/WebCore/CMakeLists.txt (197141 => 197142)
--- trunk/Source/WebCore/CMakeLists.txt 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/CMakeLists.txt 2016-02-25 23:52:07 UTC (rev 197142)
@@ -595,7 +595,6 @@
page/AbstractView.idl
page/BarProp.idl
page/Crypto.idl
- page/DOMSecurityPolicy.idl
page/DOMSelection.idl
page/DOMWindow.idl
page/EventSource.idl
@@ -1986,7 +1985,6 @@
page/ContextMenuContext.cpp
page/ContextMenuController.cpp
page/Crypto.cpp
- page/DOMSecurityPolicy.cpp
page/DOMSelection.cpp
page/DOMTimer.cpp
page/DOMWindow.cpp
Modified: trunk/Source/WebCore/ChangeLog (197141 => 197142)
--- trunk/Source/WebCore/ChangeLog 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/ChangeLog 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,3 +1,32 @@
+2016-02-25 Daniel Bates <daba...@apple.com>
+
+ CSP: Remove SecurityPolicy script interface
+ https://bugs.webkit.org/show_bug.cgi?id=154694
+ <rdar://problem/24846482>
+
+ Reviewed by Andy Estes.
+
+ Remove the Content Security Policy script interface, SecurityPolicy. This interface was only
+ enabled when building with ENABLE(CSP_NEXT) (disabled by default).
+
+ For completeness, the SecurityPolicy interface was removed from the Content Security Policy 1.1 spec.
+ in <https://github.com/w3c/webappsec/commit/18882953ce2d8afca25f685557fef0e0471b2c9a> (12/26/2013).
+
+ * CMakeLists.txt: Remove files to DOMSecurityPolicy.{cpp, idl}.
+ * DerivedSources.cpp: Remove file JSDOMSecurityPolicy.cpp.
+ * DerivedSources.make: Remove file DOMSecurityPolicy.idl.
+ * PlatformGTK.cmake: Ditto.
+ * PlatformMac.cmake: Ditto.
+ * WebCore.xcodeproj/project.pbxproj: Remove files DOMSecurityPolicy files.
+ * bindings/scripts/CodeGeneratorGObject.pm: Remove reference to DOMSecurityPolicy.
+ * dom/Document.cpp:
+ (WebCore::Document::securityPolicy): Deleted.
+ * dom/Document.h:
+ * dom/Document.idl: Remove attribute securityPolicy.
+ * page/DOMSecurityPolicy.cpp: Removed.
+ * page/DOMSecurityPolicy.h: Removed.
+ * page/DOMSecurityPolicy.idl: Removed.
+
2016-02-25 Andreas Kling <akl...@apple.com>
Don't clear the weak JSString cache on memory pressure.
Modified: trunk/Source/WebCore/DerivedSources.cpp (197141 => 197142)
--- trunk/Source/WebCore/DerivedSources.cpp 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/DerivedSources.cpp 2016-02-25 23:52:07 UTC (rev 197142)
@@ -140,7 +140,6 @@
#include "JSDOMPath.cpp"
#include "JSDOMPlugin.cpp"
#include "JSDOMPluginArray.cpp"
-#include "JSDOMSecurityPolicy.cpp"
#include "JSDOMSelection.cpp"
#include "JSDOMStringList.cpp"
#include "JSDOMStringMap.cpp"
Modified: trunk/Source/WebCore/DerivedSources.make (197141 => 197142)
--- trunk/Source/WebCore/DerivedSources.make 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/DerivedSources.make 2016-02-25 23:52:07 UTC (rev 197142)
@@ -509,7 +509,6 @@
$(WebCore)/page/AbstractView.idl \
$(WebCore)/page/BarProp.idl \
$(WebCore)/page/Crypto.idl \
- $(WebCore)/page/DOMSecurityPolicy.idl \
$(WebCore)/page/DOMSelection.idl \
$(WebCore)/page/DOMWindow.idl \
$(WebCore)/page/EventSource.idl \
Modified: trunk/Source/WebCore/PlatformGTK.cmake (197141 => 197142)
--- trunk/Source/WebCore/PlatformGTK.cmake 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/PlatformGTK.cmake 2016-02-25 23:52:07 UTC (rev 197142)
@@ -557,7 +557,6 @@
loader/appcache/DOMApplicationCache.idl
page/BarProp.idl
- page/DOMSecurityPolicy.idl
page/DOMSelection.idl
page/History.idl
page/Location.idl
Modified: trunk/Source/WebCore/PlatformMac.cmake (197141 => 197142)
--- trunk/Source/WebCore/PlatformMac.cmake 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/PlatformMac.cmake 2016-02-25 23:52:07 UTC (rev 197142)
@@ -856,7 +856,6 @@
html/ValidityState.idl
page/AbstractView.idl
- page/DOMSecurityPolicy.idl
xml/XPathExpression.idl
xml/XPathNSResolver.idl
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (197141 => 197142)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1190,12 +1190,6 @@
2D93AEE419DF5641002A86C3 /* ServicesOverlayController.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D93AEE219DF5641002A86C3 /* ServicesOverlayController.mm */; };
2D97F04719DD413C001EE9C3 /* MockPageOverlayClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2DAAE32C19DCAF6000E002D2 /* MockPageOverlayClient.cpp */; };
2D97F04819DD4140001EE9C3 /* MockPageOverlayClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DAAE32D19DCAF6000E002D2 /* MockPageOverlayClient.h */; };
- 2D9A246E15B9BD0000D34527 /* DOMSecurityPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D9A246B15B9BBDD00D34527 /* DOMSecurityPolicy.h */; };
- 2D9A246F15B9BD2F00D34527 /* DOMSecurityPolicy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2D9A246A15B9BBDD00D34527 /* DOMSecurityPolicy.cpp */; };
- 2D9A247315B9C2D100D34527 /* DOMDOMSecurityPolicy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D9A247215B9C2C700D34527 /* DOMDOMSecurityPolicy.mm */; };
- 2D9A247415B9C2E300D34527 /* DOMDOMSecurityPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D9A247015B9C29500D34527 /* DOMDOMSecurityPolicy.h */; };
- 2D9A247515B9C2E300D34527 /* DOMDOMSecurityPolicyInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D9A247115B9C29500D34527 /* DOMDOMSecurityPolicyInternal.h */; };
- 2D9A247615B9C2F400D34527 /* DOMDOMSecurityPolicy.h in Copy Generated Headers */ = {isa = PBXBuildFile; fileRef = 2D9A247015B9C29500D34527 /* DOMDOMSecurityPolicy.h */; };
2D9F0E1314FF1CBF00BA0FF7 /* linearSRGB.icc in Resources */ = {isa = PBXBuildFile; fileRef = 2D9F0E1214FF1CBF00BA0FF7 /* linearSRGB.icc */; };
2DB9C4AA1B3231F40070F27F /* NSEventSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DB9C4A91B3231F40070F27F /* NSEventSPI.h */; settings = {ATTRIBUTES = (Private, ); }; };
2DCB837919F99BBA00A7FBE4 /* NSSharingServicePickerSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DCB837719F99BBA00A7FBE4 /* NSSharingServicePickerSPI.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -7203,7 +7197,6 @@
44311CD812E4E24B000A8D19 /* DOMDocumentPrivate.h in Copy Generated Headers */,
1C11CCC00AA6093700DADB20 /* DOMDocumentType.h in Copy Generated Headers */,
1C11CCC10AA6093700DADB20 /* DOMDOMImplementation.h in Copy Generated Headers */,
- 2D9A247615B9C2F400D34527 /* DOMDOMSecurityPolicy.h in Copy Generated Headers */,
1C11CCC40AA6093700DADB20 /* DOMElement.h in Copy Generated Headers */,
1CB4214B0AF2B2CA0085AD91 /* DOMElementInternal.h in Copy Generated Headers */,
1C11CCBF0AA6093700DADB20 /* DOMEntity.h in Copy Generated Headers */,
@@ -8632,11 +8625,6 @@
2D90660C0665D937006B6F1A /* DataTransferMac.mm */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DataTransferMac.mm; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; };
2D93AEE119DF5641002A86C3 /* ServicesOverlayController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServicesOverlayController.h; sourceTree = "<group>"; };
2D93AEE219DF5641002A86C3 /* ServicesOverlayController.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ServicesOverlayController.mm; sourceTree = "<group>"; };
- 2D9A246A15B9BBDD00D34527 /* DOMSecurityPolicy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMSecurityPolicy.cpp; sourceTree = "<group>"; };
- 2D9A246B15B9BBDD00D34527 /* DOMSecurityPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMSecurityPolicy.h; sourceTree = "<group>"; };
- 2D9A247015B9C29500D34527 /* DOMDOMSecurityPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMDOMSecurityPolicy.h; sourceTree = "<group>"; };
- 2D9A247115B9C29500D34527 /* DOMDOMSecurityPolicyInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMDOMSecurityPolicyInternal.h; sourceTree = "<group>"; };
- 2D9A247215B9C2C700D34527 /* DOMDOMSecurityPolicy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DOMDOMSecurityPolicy.mm; sourceTree = "<group>"; };
2D9F0E1214FF1CBF00BA0FF7 /* linearSRGB.icc */ = {isa = PBXFileReference; lastKnownFileType = file; path = linearSRGB.icc; sourceTree = "<group>"; };
2DAAE32C19DCAF6000E002D2 /* MockPageOverlayClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MockPageOverlayClient.cpp; sourceTree = "<group>"; };
2DAAE32D19DCAF6000E002D2 /* MockPageOverlayClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MockPageOverlayClient.h; sourceTree = "<group>"; };
@@ -17892,8 +17880,6 @@
CD37B37415C1A7E1006DC898 /* DiagnosticLoggingKeys.cpp */,
CD37B37515C1A7E1006DC898 /* DiagnosticLoggingKeys.h */,
8372DB301A6780A800C697C5 /* DiagnosticLoggingResultType.h */,
- 2D9A246A15B9BBDD00D34527 /* DOMSecurityPolicy.cpp */,
- 2D9A246B15B9BBDD00D34527 /* DOMSecurityPolicy.h */,
BC5A86810C33676000EEA649 /* DOMSelection.cpp */,
BC5A86820C33676000EEA649 /* DOMSelection.h */,
BC5A86830C33676000EEA649 /* DOMSelection.idl */,
@@ -18221,9 +18207,6 @@
52CCA9E515E3F64C0053C77F /* DOMDOMNamedFlowCollection.h */,
52CCA9E615E3F64C0053C77F /* DOMDOMNamedFlowCollection.mm */,
52CCA9E715E3F64C0053C77F /* DOMDOMNamedFlowCollectionInternal.h */,
- 2D9A247015B9C29500D34527 /* DOMDOMSecurityPolicy.h */,
- 2D9A247215B9C2C700D34527 /* DOMDOMSecurityPolicy.mm */,
- 2D9A247115B9C29500D34527 /* DOMDOMSecurityPolicyInternal.h */,
85ACA9BE0A9B5FA500671E90 /* DOMElement.h */,
85ACA9BF0A9B5FA500671E90 /* DOMElement.mm */,
85CA96B60A9621A600690CCF /* DOMEntity.h */,
@@ -25500,8 +25483,6 @@
85E711970AC5D5350053270F /* DOMDOMImplementationInternal.h in Headers */,
52CCA9E815E3F64C0053C77F /* DOMDOMNamedFlowCollection.h in Headers */,
52CCA9EA15E3F64C0053C77F /* DOMDOMNamedFlowCollectionInternal.h in Headers */,
- 2D9A247415B9C2E300D34527 /* DOMDOMSecurityPolicy.h in Headers */,
- 2D9A247515B9C2E300D34527 /* DOMDOMSecurityPolicyInternal.h in Headers */,
9B3A8872145632F9003AE8F5 /* DOMDOMSettableTokenList.h in Headers */,
7694565B1214DB630007CBAE /* DOMDOMTokenList.h in Headers */,
7AABA25A14BC613300AA9A11 /* DOMEditor.h in Headers */,
@@ -25707,7 +25688,6 @@
8367587F1C56E99B008A1087 /* JSHTMLDataElement.h in Headers */,
855D358A0AD707310019AAC7 /* DOMRGBColor.h in Headers */,
BCD0FC4F0DBD720B00B2F630 /* DOMRGBColorInternal.h in Headers */,
- 2D9A246E15B9BD0000D34527 /* DOMSecurityPolicy.h in Headers */,
BC5A86850C33676000EEA649 /* DOMSelection.h in Headers */,
4ACBC0C412713CCA0094F9B2 /* DOMSettableTokenList.h in Headers */,
C544274B11A57E7A0063A749 /* DOMStringList.h in Headers */,
@@ -29334,7 +29314,6 @@
85CA975D0A962E5400690CCF /* DOMDocumentType.mm in Sources */,
8518DCEA0A9CC80D0091B7A6 /* DOMDOMImplementation.mm in Sources */,
52CCA9E915E3F64C0053C77F /* DOMDOMNamedFlowCollection.mm in Sources */,
- 2D9A247315B9C2D100D34527 /* DOMDOMSecurityPolicy.mm in Sources */,
7694565C1214DB630007CBAE /* DOMDOMTokenList.mm in Sources */,
7AABA25914BC613300AA9A11 /* DOMEditor.cpp in Sources */,
85ACA9C10A9B5FA500671E90 /* DOMElement.mm in Sources */,
@@ -29440,7 +29419,6 @@
8538F05C0AD722F1006A81D1 /* DOMRange.mm in Sources */,
858C38A80AA8F20400B187A4 /* DOMRect.mm in Sources */,
BCAEFCAE1016CE4A0040D34E /* DOMRGBColor.mm in Sources */,
- 2D9A246F15B9BD2F00D34527 /* DOMSecurityPolicy.cpp in Sources */,
BC5A86840C33676000EEA649 /* DOMSelection.cpp in Sources */,
C55610F111A704EB00B82D27 /* DOMStringList.cpp in Sources */,
0FF5025C102BA9010066F39A /* DOMStyleMedia.mm in Sources */,
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorGObject.pm (197141 => 197142)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorGObject.pm 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorGObject.pm 2016-02-25 23:52:07 UTC (rev 197142)
@@ -58,7 +58,7 @@
my %transferFullTypeHash = ("AudioTrack" => 1, "AudioTrackList" => 1, "BarProp" => 1, "BatteryManager" => 1,
"CSSRuleList" => 1, "CSSStyleDeclaration" => 1, "CSSStyleSheet" => 1, "DocumentTimeline" => 1,
"DOMApplicationCache" => 1, "DOMMimeType" => 1, "DOMMimeTypeArray" => 1, "DOMNamedFlowCollection" => 1,
- "DOMPlugin" => 1, "DOMPluginArray" => 1, "DOMSecurityPolicy" => 1,
+ "DOMPlugin" => 1, "DOMPluginArray" => 1,
"DOMSelection" => 1, "DOMSettableTokenList" => 1, "DOMStringList" => 1,
"DOMWindow" => 1, "DOMWindowCSS" => 1, "EventTarget" => 1,
"File" => 1, "FileList" => 1, "Gamepad" => 1, "GamepadList" => 1,
Modified: trunk/Source/WebCore/dom/Document.cpp (197141 => 197142)
--- trunk/Source/WebCore/dom/Document.cpp 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/dom/Document.cpp 2016-02-25 23:52:07 UTC (rev 197142)
@@ -189,10 +189,6 @@
#include <wtf/text/StringBuffer.h>
#include <yarr/RegularExpression.h>
-#if ENABLE(CSP_NEXT)
-#include "DOMSecurityPolicy.h"
-#endif
-
#if ENABLE(DEVICE_ORIENTATION)
#include "DeviceMotionEvent.h"
#include "DeviceOrientationEvent.h"
@@ -1687,15 +1683,6 @@
}
#endif
-#if ENABLE(CSP_NEXT)
-DOMSecurityPolicy& Document::securityPolicy()
-{
- if (!m_domSecurityPolicy)
- m_domSecurityPolicy = DOMSecurityPolicy::create(this);
- return *m_domSecurityPolicy;
-}
-#endif
-
String Document::nodeName() const
{
return "#document";
Modified: trunk/Source/WebCore/dom/Document.h (197141 => 197142)
--- trunk/Source/WebCore/dom/Document.h 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/dom/Document.h 2016-02-25 23:52:07 UTC (rev 197142)
@@ -198,10 +198,6 @@
class TextAutosizer;
#endif
-#if ENABLE(CSP_NEXT)
-class DOMSecurityPolicy;
-#endif
-
class FontFaceSet;
typedef int ExceptionCode;
@@ -462,10 +458,6 @@
void setTimerThrottlingEnabled(bool);
bool isTimerThrottlingEnabled() const { return m_isTimerThrottlingEnabled; }
-#if ENABLE(CSP_NEXT)
- DOMSecurityPolicy& securityPolicy();
-#endif
-
RefPtr<Node> adoptNode(Node* source, ExceptionCode&);
Ref<HTMLCollection> images();
@@ -1726,10 +1718,6 @@
RefPtr<NamedFlowCollection> m_namedFlows;
-#if ENABLE(CSP_NEXT)
- RefPtr<DOMSecurityPolicy> m_domSecurityPolicy;
-#endif
-
void sharedObjectPoolClearTimerFired();
Timer m_sharedObjectPoolClearTimer;
Modified: trunk/Source/WebCore/dom/Document.idl (197141 => 197142)
--- trunk/Source/WebCore/dom/Document.idl 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/dom/Document.idl 2016-02-25 23:52:07 UTC (rev 197142)
@@ -294,9 +294,6 @@
readonly attribute DOMString visibilityState;
readonly attribute boolean hidden;
- // Security Policy API: http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-interfaces
- [Conditional=CSP_NEXT] readonly attribute DOMSecurityPolicy securityPolicy;
-
// currentscript API: http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#dom-document-currentscript
readonly attribute HTMLScriptElement currentScript;
Deleted: trunk/Source/WebCore/page/DOMSecurityPolicy.cpp (197141 => 197142)
--- trunk/Source/WebCore/page/DOMSecurityPolicy.cpp 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/page/DOMSecurityPolicy.cpp 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2012 Google, Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "DOMSecurityPolicy.h"
-
-#include "ContentSecurityPolicy.h"
-#include "ContextDestructionObserver.h"
-#include "DOMStringList.h"
-#include "Frame.h"
-#include "ScriptExecutionContext.h"
-#include <wtf/text/TextPosition.h>
-#include <wtf/text/WTFString.h>
-
-namespace WebCore {
-
-namespace {
-
-bool isPolicyActiveInContext(ScriptExecutionContext* context)
-{
- // If the ScriptExecutionContext has been destroyed, there's no active policy.
- if (!context)
- return false;
-
- return context->contentSecurityPolicy()->isActive();
-}
-
-template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
-bool isAllowedWithType(ScriptExecutionContext* context, const String& type)
-{
- if (!isPolicyActiveInContext(context))
- return true;
-
- bool overrideContentSecurityPolicy = false;
- return (context->contentSecurityPolicy()->*allowWithType)(type, type, URL(), overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus::SuppressReport);
-}
-
-template<bool (ContentSecurityPolicy::*allowWithURL)(const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
-bool isAllowedWithURL(ScriptExecutionContext* context, const String& url)
-{
- if (!isPolicyActiveInContext(context))
- return true;
-
- URL parsedURL = context->completeURL(url);
- if (!parsedURL.isValid())
- return false; // FIXME: Figure out how to throw a _javascript_ error.
-
- bool overrideContentSecurityPolicy = false;
- return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus::SuppressReport);
-}
-
-template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
-bool isAllowed(ScriptExecutionContext* context)
-{
- if (!isPolicyActiveInContext(context))
- return true;
-
- bool overrideContentSecurityPolicy = false;
- return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus::SuppressReport);
-}
-
-} // namespace
-
-DOMSecurityPolicy::DOMSecurityPolicy(ScriptExecutionContext* context)
- : ContextDestructionObserver(context)
-{
-}
-
-DOMSecurityPolicy::~DOMSecurityPolicy()
-{
-}
-
-bool DOMSecurityPolicy::isActive() const
-{
- return isPolicyActiveInContext(scriptExecutionContext());
-}
-
-PassRefPtr<DOMStringList> DOMSecurityPolicy::reportURIs() const
-{
- RefPtr<DOMStringList> result = DOMStringList::create();
-
- if (isActive())
- scriptExecutionContext()->contentSecurityPolicy()->gatherReportURIs(*result.get());
-
- return result.release();
-}
-
-bool DOMSecurityPolicy::allowsInlineScript() const
-{
- return isAllowed<&ContentSecurityPolicy::allowInlineScript>(scriptExecutionContext());
-}
-
-bool DOMSecurityPolicy::allowsInlineStyle() const
-{
- return isAllowed<&ContentSecurityPolicy::allowInlineStyle>(scriptExecutionContext());
-}
-
-bool DOMSecurityPolicy::allowsEval() const
-{
- if (!isActive())
- return true;
-
- bool overrideContentSecurityPolicy = false;
- return scriptExecutionContext()->contentSecurityPolicy()->allowEval(0, overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus::SuppressReport);
-}
-
-
-bool DOMSecurityPolicy::allowsConnectionTo(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowConnectToSource>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsFontFrom(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowFontFromSource>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsFormAction(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowFormAction>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsFrameFrom(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowChildFrameFromSource>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsImageFrom(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowImageFromSource>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsMediaFrom(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowMediaFromSource>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsObjectFrom(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowObjectFromSource>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsPluginType(const String& type) const
-{
- return isAllowedWithType<&ContentSecurityPolicy::allowPluginType>(scriptExecutionContext(), type);
-}
-
-bool DOMSecurityPolicy::allowsScriptFrom(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowScriptFromSource>(scriptExecutionContext(), url);
-}
-
-bool DOMSecurityPolicy::allowsStyleFrom(const String& url) const
-{
- return isAllowedWithURL<&ContentSecurityPolicy::allowStyleFromSource>(scriptExecutionContext(), url);
-}
-
-} // namespace WebCore
Deleted: trunk/Source/WebCore/page/DOMSecurityPolicy.h (197141 => 197142)
--- trunk/Source/WebCore/page/DOMSecurityPolicy.h 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/page/DOMSecurityPolicy.h 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2011 Google, Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef DOMSecurityPolicy_h
-#define DOMSecurityPolicy_h
-
-#include "ContextDestructionObserver.h"
-#include <wtf/RefCounted.h>
-#include <wtf/Vector.h>
-#include <wtf/text/WTFString.h>
-
-namespace WebCore {
-
-class ContentSecurityPolicy;
-class DOMStringList;
-class Frame;
-
-class DOMSecurityPolicy : public RefCounted<DOMSecurityPolicy>, public ContextDestructionObserver {
-public:
- static Ref<DOMSecurityPolicy> create(ScriptExecutionContext* context)
- {
- return adoptRef(*new DOMSecurityPolicy(context));
- }
- ~DOMSecurityPolicy();
-
- bool isActive() const;
- PassRefPtr<DOMStringList> reportURIs() const;
-
- bool allowsInlineScript() const;
- bool allowsInlineStyle() const;
- bool allowsEval() const;
-
- bool allowsConnectionTo(const String& url) const;
- bool allowsFontFrom(const String& url) const;
- bool allowsFormAction(const String& url) const;
- bool allowsFrameFrom(const String& url) const;
- bool allowsImageFrom(const String& url) const;
- bool allowsMediaFrom(const String& url) const;
- bool allowsObjectFrom(const String& url) const;
- bool allowsPluginType(const String& type) const;
- bool allowsScriptFrom(const String& url) const;
- bool allowsStyleFrom(const String& url) const;
-
-private:
- explicit DOMSecurityPolicy(ScriptExecutionContext*);
-};
-
-}
-
-#endif
Deleted: trunk/Source/WebCore/page/DOMSecurityPolicy.idl (197141 => 197142)
--- trunk/Source/WebCore/page/DOMSecurityPolicy.idl 2016-02-25 23:24:41 UTC (rev 197141)
+++ trunk/Source/WebCore/page/DOMSecurityPolicy.idl 2016-02-25 23:52:07 UTC (rev 197142)
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2012 Google Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-[
- Conditional=CSP_NEXT,
- InterfaceName=SecurityPolicy,
-] interface DOMSecurityPolicy {
- readonly attribute boolean allowsEval;
- readonly attribute boolean allowsInlineScript;
- readonly attribute boolean allowsInlineStyle;
- readonly attribute boolean isActive;
-
- readonly attribute DOMStringList reportURIs;
-
- boolean allowsConnectionTo(DOMString url);
- boolean allowsFontFrom(DOMString url);
- boolean allowsFormAction(DOMString url);
- boolean allowsFrameFrom(DOMString url);
- boolean allowsImageFrom(DOMString url);
- boolean allowsMediaFrom(DOMString url);
- boolean allowsObjectFrom(DOMString url);
- boolean allowsPluginType(DOMString type);
- boolean allowsScriptFrom(DOMString url);
- boolean allowsStyleFrom(DOMString url);
-};
