New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 892570 link

Starred by 1 user
Status: Fixed
Owner:
andypaicu@chromium.org
Last visit > 30 days ago
Closed: Oct 9
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

We should have tests for different file encodings when computing inline script block hashes

Project Member Reported by andypaicu@chromium.org, Oct 5
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 9 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ac1f345109ebe4430916ee1886809e723b6e3792

commit ac1f345109ebe4430916ee1886809e723b6e3792
Author: Andy Paicu <andypaicu@chromium.org>
Date: Tue Oct 09 08:14:36 2018

Added tests to ensure that script blocks are converted to utf-8 before hashing

https://github.com/w3c/webappsec-csp/issues/109

Bug:  892570 
Change-Id: I52d0ff8ab6abd58de9503992f44ea42df50cb6b7
Reviewed-on: https://chromium-review.googlesource.com/c/1264536
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#597836}
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-1.html.sub.headers
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-3.html.sub.headers
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-7.html.sub.headers
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/iso-8859-9.html.sub.headers
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8-lone-surrogate.html.sub.headers
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html
[add] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.sub.headers
[modify] https://crrev.com/ac1f345109ebe4430916ee1886809e723b6e3792/third_party/blink/renderer/core/frame/csp/content_security_policy.cc

Comment 2 by andypaicu@chromium.org, Oct 9

Status: Fixed (was: Started)

Sign in to add a comment