commit | 5d0e9f824e05523e03dabc0e341b9f8f17a72bb0 | [log] [tgz] |
---|---|---|
author | jww <jww@chromium.org> | Fri Sep 25 23:45:36 2015 |
committer | Commit bot <commit-bot@chromium.org> | Fri Sep 25 23:46:26 2015 |
tree | 268f95b6f317f46986bf78a606546a5d424eb9da | |
parent | 4b86b23ef2edc67efd12a111ad4ddf83ca53329c [diff] |
Disallow CSP source * matching of data:, blob:, and filesystem: URLs The CSP spec specifically excludes matching of data:, blob:, and filesystem: URLs with the source '*' wildcard. This adds checks to make sure that doesn't happen, along with tests. BUG=534570 R=mkwst@chromium.org Review URL: https://codereview.chromium.org/1361763005 Cr-Commit-Position: refs/heads/master@{#350950}