Closed
Bug 581980
Opened 14 years ago
Closed 14 years ago
CSP - policy with trailing semi-colon generates an error
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
People
(Reporter: bsterne, Assigned: geekboy)
References
Details
Attachments
(1 file)
910 bytes,
patch
|
bsterne
:
review+
jst
:
approval2.0+
|
Details | Diff | Splinter Review |
Even though we are turning off most of the log spew, this error is still wrong and we should fix it. A trailing semi-colon will probably be common for people generating policy programmatically. AdBlockPlus users are noticing the console message: http://forums.mozillazine.org/viewtopic.php?p=9656207#p9656207 CSP debug: CSP CREATED CSP debug: CSP POLICY INITED TO 'allow *' CSP debug: REFINE POLICY: allow 'self'; img-src *; options inline-script; CSP debug: SELF: https://adblockplus.org/devbuilds/update.rdf?reqVersion=2&id={d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}&version=1.3a.20100717&maxAppVersion=4.0b2pre&status=userEnabled,incompatible&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=4.0b3pre&appOS=WINNT&appABI=x86-msvc&locale=en-US¤tAppVersion=4.0b3pre&updateType=112 CSP WARN: Couldn't process unknown directive ''
Assignee | ||
Comment 1•14 years ago
|
||
Yeah, that's the parser being stupid. Added a check to ignore empty directives and skip them. Policies with empty directives in the middle ("allow foo ; ; script-src bar ;") will not emit warnings, but I think that's okay -- these empty directives won't affect anything and don't have any possible meaning.
Attachment #460266 -
Flags: review?(bsterne)
Assignee | ||
Updated•14 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•14 years ago
|
||
Comment on attachment 460266 [details] [diff] [review] Fix Verified the fix using Mozilla Security Blog.
Attachment #460266 -
Flags: review?(bsterne) → review+
Reporter | ||
Updated•14 years ago
|
Attachment #460266 -
Flags: approval2.0?
Updated•14 years ago
|
Attachment #460266 -
Flags: approval2.0? → approval2.0+
Reporter | ||
Comment 3•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/a8738892ef46
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•