angler-fishThe Vulnerability History Project

Disallow CSP source * matching of data:, blob:, and filesystem: URLs

      The CSP spec specifically excludes matching of data:, blob:, and
filesystem: URLs with the source '*' wildcard. This adds checks to make
sure that doesn't happen, along with tests.

BUG=534570
R=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1361763005

Cr-Commit-Position: refs/heads/master@{#350950}
by Alexander the Pony 2015-09-25 23:45:36 UTC
commit 5d0e9f824e05523e03dabc0e341b9f8f17a72bb0
Chromium Fix CVE-2015-6786
chrome/common/extensions/docs/templates/articles/app_csp.html
+2 -2
chrome/common/extensions/docs/templates/articles/offline_apps.html
+2 -2
extensions/common/manifest_handlers/csp_info.cc
+2 -2
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-wildcards-disallowed.html
-61
third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
+7 -19
third_party/WebKit/Source/core/frame/csp/CSPSourceList.h
-2
third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
-18
expand_less