Skip to content

Commit

Permalink
[CSP] Added new policy violation source: wasm-eval
Browse files Browse the repository at this point in the history
This extends the suite of policy violation sources to include
a WebAssembly specific source: wasm-eval.

This has also been reflected in the PR
(w3c/webappsec-csp#293 (review))
against the CSP spec.

Added test for proper security violation event of the right form.

Bug: 948834
Change-Id: I0b76fd725136b7ddda92e629f147f5ba77c50ffb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3197842
Commit-Queue: Francis McCabe <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Reviewed-by: Mike West <[email protected]>
Reviewed-by: Antonio Sartori <[email protected]>
Reviewed-by: Andrey Kosyakov <[email protected]>
Reviewed-by: David Tseng <[email protected]>
Cr-Commit-Position: refs/heads/main@{#931206}
  • Loading branch information
fgmccabe authored and Gabisampaio committed Nov 18, 2021
1 parent 7ca0b6d commit 173a0d6
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// META: global=window,worker
let code = new Uint8Array([0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0]);
async_test(t => {
self.addEventListener('securitypolicyviolation', t.step_func_done(e => {
assert_equals(e.violatedDirective, "script-src");
assert_equals(e.originalPolicy, "default-src 'self' 'unsafe-inline'")
assert_equals(e.blockedURI, "wasm-eval")
}));
}, "Securitypolicyviolation event looks like it should");

promise_test(t => {
return promise_rejects_js(
t, WebAssembly.CompileError,
WebAssembly.instantiate(code));
});



Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Content-Security-Policy: default-src 'self' 'unsafe-inline'

0 comments on commit 173a0d6

Please sign in to comment.