Noticed two 'SecurityPolicyViolation' things while poking at other bits of CSP: 1. 'blockedURI' should be 'inline' or 'eval' when reporting inline or eval violations. It's currently ''. 2. The line number isn't populated for inline violations.
Patch up at https://codereview.chromium.org/2020053002. +hillbrad@ who might be able to keep me honest about adding these tests to WPT.
actually +hillbrad@.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b31cfe4547ff32305bf02f6fed28229466a0ddf3 commit b31cfe4547ff32305bf02f6fed28229466a0ddf3 Author: mkwst <mkwst@chromium.org> Date: Thu Jun 02 11:52:33 2016 'SecurityPolicyViolation' event data errors. This patch fixes two small bugs with the data delivered in the SecurityPolicyViolation event object: 1. 'blockedURI' is now 'inline' or 'eval' for those kinds of violations. 2. 'lineNumber' is populated correctly for inline violations. BUG= 615862 R=jochen@chromium.org Review-Url: https://codereview.chromium.org/2020053002 Cr-Commit-Position: refs/heads/master@{#397371} [add] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/blockeduri-eval.html [add] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/blockeduri-inline.html [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-basics-expected.txt [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-basics.html [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-expected.txt [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.html [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.html [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-expected.txt [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-from-script-expected.txt [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.html [rename] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image.html [modify] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp [modify] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp [modify] https://crrev.com/b31cfe4547ff32305bf02f6fed28229466a0ddf3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5b144f48b84c94de36d4bb842f5a72387beb4612 commit 5b144f48b84c94de36d4bb842f5a72387beb4612 Author: mkwst <mkwst@chromium.org> Date: Mon Jun 06 11:55:56 2016 CSP: Add line numbers to reports whenever we have them. Following up on https://codereview.chromium.org/2020053002, we have line numbers in a variety of cases today, but we're only dumping them into the reports when a script file generated the error. This patch ensures that line/column data is appended whenever it's available. BUG= 615862 Review-Url: https://codereview.chromium.org/2032793004 Cr-Commit-Position: refs/heads/master@{#398006} [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-reversed-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt [modify] https://crrev.com/5b144f48b84c94de36d4bb842f5a72387beb4612/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
Comment 1 by mkwst@chromium.org
, May 30 2016