581980 - CSP - policy with trailing semi-colon generates an error

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect)

Description

[Brandon Sterne (:bsterne)]

Even though we are turning off most of the log spew, this error is still wrong and we should fix it.  A trailing semi-colon will probably be common for people generating policy programmatically.  AdBlockPlus users are noticing the console message:
http://forums.mozillazine.org/viewtopic.php?p=9656207#p9656207

CSP debug: CSP CREATED
CSP debug: CSP POLICY INITED TO 'allow *'
CSP debug: REFINE POLICY: allow 'self'; img-src *;  options inline-script;
CSP debug: SELF: https://adblockplus.org/devbuilds/update.rdf?reqVersion=2&id={d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}&version=1.3a.20100717&maxAppVersion=4.0b2pre&status=userEnabled,incompatible&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=4.0b3pre&appOS=WINNT&appABI=x86-msvc&locale=en-US&currentAppVersion=4.0b3pre&updateType=112
CSP WARN:  Couldn't process unknown directive ''

Comment 1

[Sid Stamm [:geekboy or :sstamm]]

Attachment: Fix

Yeah, that's the parser being stupid.  Added a check to ignore empty directives and skip them.  Policies with empty directives in the middle ("allow foo ; ; script-src bar ;") will not emit warnings, but I think that's okay -- these empty directives won't affect anything and don't have any possible meaning.

Comment 2

[Brandon Sterne (:bsterne)]

Comment on attachment 460266 [details] [diff] [review]
Fix

Verified the fix using Mozilla Security Blog.

Comment 3

[Brandon Sterne (:bsterne)]

http://hg.mozilla.org/mozilla-central/rev/a8738892ef46