Closed Bug 1464078 Opened 3 years ago Closed 2 years ago

[wpt-sync] Sync PR 11140 - Fixed CSP directive value parsing accepted character range

Categories

(Core :: DOM: Security, enhancement, P4)

enhancement

Tracking

()

RESOLVED FIXED
mozilla62
Tracking Status
firefox62 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 11140 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/w3c/web-platform-tests/pull/11140
Details from upstream follow.

Andy Paicu <andypaicu@chromium.org> wrote:
>  Fixed CSP directive value parsing accepted character range
>  
>  Bug: 845961
>  Change-Id: Ifc9609058cd7cbd268785db46534e3ed09da6ce3
>  Reviewed-on: https://chromium-review.googlesource.com/1071510
>  WPT-Export-Revision: 3ceccaa1797813deebfdd8be7bf03a41bc055321
Component: web-platform-tests → DOM: Security
Product: Testing → Core
Ran 1 tests and 90 subtests
OK     : 1
PASS   : 64
FAIL   : 26

New tests that have failures or other problems:
/content-security-policy/embedded-enforcement/required_csp-header.html
    Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - \n character after directive name: FAIL
    Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - \n character in directive value: FAIL
    Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - \r\n character after directive name: FAIL
    Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - \r\n character in directive value: FAIL
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/8a717234b858
[wpt PR 11140] - Fixed CSP directive value parsing accepted character range, a=testonly
https://hg.mozilla.org/integration/mozilla-inbound/rev/a9e1b4d220b1
[wpt PR 11140] - Update wpt metadata, a=testonly
https://hg.mozilla.org/mozilla-central/rev/8a717234b858
https://hg.mozilla.org/mozilla-central/rev/a9e1b4d220b1
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
You need to log in before you can comment on or make changes to this bug.