corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 999656 - Fix mappings between content type and CSP directives and refactor permits functions in CSP. r=ckerschb

Browse Source
This commit is contained in:
Sid Stamm
2014-12-10 13:54:00 +01:00
parent a154601bde
commit acc2e51169
8 changed files with 312 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dom/html/HTMLFormElement.cpp
View File

@@ -1633,7 +1633,12 @@ HTMLFormElement::GetActionURL(nsIURI** aActionURL,
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
bool permitsFormAction = true;
rv = csp->PermitsFormAction(actionURL, &permitsFormAction);
// form-action is only enforced if explicitly defined in the
// policy - do *not* consult default-src, see:
// http://www.w3.org/TR/CSP2/#directive-default-src
rv = csp->Permits(actionURL, nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE,
true, &permitsFormAction);
NS_ENSURE_SUCCESS(rv, rv);
if (!permitsFormAction) {
rv = NS_ERROR_CSP_FORM_ACTION_VIOLATION;