Google Git
Sign in
chromium / chromium / src / 5d0e9f824e05523e03dabc0e341b9f8f17a72bb0
commit5d0e9f824e05523e03dabc0e341b9f8f17a72bb0[log] [tgz]
authorjww <jww@chromium.org>Fri Sep 25 23:45:36 2015
committerCommit bot <commit-bot@chromium.org>Fri Sep 25 23:46:26 2015
tree268f95b6f317f46986bf78a606546a5d424eb9da
parent4b86b23ef2edc67efd12a111ad4ddf83ca53329c [diff]
Disallow CSP source * matching of data:, blob:, and filesystem: URLs

The CSP spec specifically excludes matching of data:, blob:, and
filesystem: URLs with the source '*' wildcard. This adds checks to make
sure that doesn't happen, along with tests.

BUG=534570
R=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1361763005

Cr-Commit-Position: refs/heads/master@{#350950}
7 files changed
tree: 268f95b6f317f46986bf78a606546a5d424eb9da
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blimp/
  6. blink/
  7. breakpad/
  8. build/
  9. cc/
  10. chrome/
  11. chrome_elf/
  12. chromecast/
  13. chromeos/
  14. cloud_print/
  15. components/
  16. content/
  17. courgette/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. mandoline/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. sdch/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. sync/
  48. testing/
  49. third_party/
  50. tools/
  51. ui/
  52. url/
  53. win8/
  54. .clang-format
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. AUTHORS
  59. BUILD.gn
  60. codereview.settings
  61. DEPS
  62. LICENSE
  63. LICENSE.chromium_os
  64. OWNERS
  65. PRESUBMIT.py
  66. PRESUBMIT_test.py
  67. PRESUBMIT_test_mocks.py
  68. WATCHLISTS