Diff
Modified: trunk/LayoutTests/ChangeLog (198177 => 198178)
--- trunk/LayoutTests/ChangeLog 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/LayoutTests/ChangeLog 2016-03-15 00:39:59 UTC (rev 198178)
@@ -1,3 +1,19 @@
+2016-03-14 Daniel Bates <[email protected]>
+
+ Web Inspector: Display Content Security Policy hash in details sidebar for script and style elements
+ https://bugs.webkit.org/show_bug.cgi?id=155466
+ <rdar://problem/25152480>
+
+ Reviewed by Joseph Pecoraro and Timothy Hatcher.
+
+ Add tests to ensure that the WebInspector.DOMNode object associated with an HTML style element
+ or applicable HTML script element has a valid CSP hash.
+
+ * inspector/dom/csp-big5-hash-expected.txt: Added.
+ * inspector/dom/csp-big5-hash.html: Added.
+ * inspector/dom/csp-hash-expected.txt: Added.
+ * inspector/dom/csp-hash.html: Added.
+
2016-03-14 Filip Pizlo <[email protected]>
REGRESSION(r194394): >2x slow-down on CDjs
Added: trunk/LayoutTests/inspector/dom/csp-big5-hash-expected.txt (0 => 198178)
--- trunk/LayoutTests/inspector/dom/csp-big5-hash-expected.txt (rev 0)
+++ trunk/LayoutTests/inspector/dom/csp-big5-hash-expected.txt 2016-03-15 00:39:59 UTC (rev 198178)
@@ -0,0 +1,9 @@
+Test for Content Security Policy hash support on DOM.DOMNode in a document with character set Big5.
+
+
+PASS: Got DOMNode for #stylesheet-1
+PASS: DOMNode has hash sha256-duNBvCmzrFc3RVVqS8ufweBf2QOq1THuEh3UZWP7ZpU=
+
+PASS: Got DOMNode for #script-1
+PASS: DOMNode has hash sha256-0eDk4my9q3qcCQTZ02clVW0RxDNPW9n9lXTCdyGY4Js=
+
Added: trunk/LayoutTests/inspector/dom/csp-big5-hash.html (0 => 198178)
--- trunk/LayoutTests/inspector/dom/csp-big5-hash.html (rev 0)
+++ trunk/LayoutTests/inspector/dom/csp-big5-hash.html 2016-03-15 00:39:59 UTC (rev 198178)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="Big5">
+<script src=""
+<script>
+function test() {
+ let testCases = [
+ {selector: "#stylesheet-1", hash: "sha256-duNBvCmzrFc3RVVqS8ufweBf2QOq1THuEh3UZWP7ZpU="},
+ {selector: "#script-1", hash: "sha256-0eDk4my9q3qcCQTZ02clVW0RxDNPW9n9lXTCdyGY4Js="},
+ ];
+ WebInspector.domTreeManager.requestDocument(function(documentNode) {
+ for (let {selector, hash} of testCases) {
+ WebInspector.domTreeManager.querySelector(documentNode.id, selector, function(nodeId) {
+ let domNode = WebInspector.domTreeManager.nodeForId(nodeId);
+ InspectorTest.log("");
+ InspectorTest.expectThat(domNode, `Got DOMNode for ${selector}`);
+ InspectorTest.expectThat(domNode.contentSecurityPolicyHash() === hash, `DOMNode has hash ${hash}`);
+ });
+ }
+ InspectorTest.completeTest();
+ });
+}
+</script>
+</head>
+<body _onload_="runTest()">
+ <p>Test for Content Security Policy hash support on DOM.DOMNode in a document with character set Big5.</p>
+ <style id="stylesheet-1">#test1 { background-color: blue; } /* \xA4\xF4 */</style>
+ <script id="script-1">var thisIsAnInlineScript = true; // \xA4\xF4</script>
+</body>
+</html>
Added: trunk/LayoutTests/inspector/dom/csp-hash-expected.txt (0 => 198178)
--- trunk/LayoutTests/inspector/dom/csp-hash-expected.txt (rev 0)
+++ trunk/LayoutTests/inspector/dom/csp-hash-expected.txt 2016-03-15 00:39:59 UTC (rev 198178)
@@ -0,0 +1,36 @@
+Test for Content Security Policy hash support on DOM.DOMNode.
+
+
+PASS: Got DOMNode for #stylesheet-without-whitespace
+PASS: DOMNode has hash sha256-NW7+Fm6YV404pkklaopT0jgCBCmfOAn0K+NtIfyPN4A=
+
+PASS: Got DOMNode for #stylesheet-with-whitespace
+PASS: DOMNode has hash sha256-b5lOENncCyOGrTlLzIlify6a9ddSaiGTBFF/jcYcj0k=
+
+PASS: Got DOMNode for #stylesheet-with-ignored-charset
+PASS: DOMNode has hash sha256-Nyij5I3ne5qy0HQHZD8sKjbedAqMQDJ2riYqGniSYTc=
+
+PASS: Got DOMNode for #script-without-whitespace
+PASS: DOMNode has hash sha256-tVRjKJA9OYKEzYP5h7H2XbuSVgOjLD74/zqHyl+/xOM=
+
+PASS: Got DOMNode for #script-with-whitespace
+PASS: DOMNode has hash sha256-hSQRzSxNGYtVe272nNs1poXibikReR/Y+NfX6TsCqzo=
+
+PASS: Got DOMNode for #script-with-unicode-code-point-00C5
+PASS: DOMNode has hash sha256-YcKgriaBGkU6FsWZXgDLv4Wo5UZ5Qe5hNp6Psb3RJOE=
+
+PASS: Got DOMNode for #script-with-unicode-code-point-212B
+PASS: DOMNode has hash sha256-YcKgriaBGkU6FsWZXgDLv4Wo5UZ5Qe5hNp6Psb3RJOE=
+
+PASS: Got DOMNode for #external-stylesheet
+PASS: DOMNode has hash undefined
+
+PASS: Got DOMNode for #external-script
+PASS: DOMNode has hash undefined
+
+PASS: Got DOMNode for #external-stylesheet
+PASS: DOMNode has hash undefined
+
+PASS: Got DOMNode for #paragraph
+PASS: DOMNode has hash undefined
+
Added: trunk/LayoutTests/inspector/dom/csp-hash.html (0 => 198178)
--- trunk/LayoutTests/inspector/dom/csp-hash.html (rev 0)
+++ trunk/LayoutTests/inspector/dom/csp-hash.html 2016-03-15 00:39:59 UTC (rev 198178)
@@ -0,0 +1,71 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF8">
+<script src=""
+<script>
+function test() {
+ let testCases = [
+ {selector: "#stylesheet-without-whitespace", hash: "sha256-NW7+Fm6YV404pkklaopT0jgCBCmfOAn0K+NtIfyPN4A="},
+ {selector: "#stylesheet-with-whitespace", hash: "sha256-b5lOENncCyOGrTlLzIlify6a9ddSaiGTBFF/jcYcj0k="},
+ {selector: "#stylesheet-with-ignored-charset", hash: "sha256-Nyij5I3ne5qy0HQHZD8sKjbedAqMQDJ2riYqGniSYTc="},
+ {selector: "#script-without-whitespace", hash: "sha256-tVRjKJA9OYKEzYP5h7H2XbuSVgOjLD74/zqHyl+/xOM="},
+ {selector: "#script-with-whitespace", hash: "sha256-hSQRzSxNGYtVe272nNs1poXibikReR/Y+NfX6TsCqzo="},
+ {selector: "#script-with-unicode-code-point-00C5", hash: "sha256-YcKgriaBGkU6FsWZXgDLv4Wo5UZ5Qe5hNp6Psb3RJOE="},
+ {selector: "#script-with-unicode-code-point-212B", hash: "sha256-YcKgriaBGkU6FsWZXgDLv4Wo5UZ5Qe5hNp6Psb3RJOE="}, // Same hash as for script #script-with-unicode-code-point-00C5.
+ {selector: "#external-stylesheet", hash: undefined},
+ {selector: "#external-script", hash: undefined},
+ {selector: "#external-stylesheet", hash: undefined},
+ {selector: "#paragraph", hash: undefined},
+ ];
+
+ WebInspector.domTreeManager.requestDocument(function(documentNode) {
+ for (let {selector, hash} of testCases) {
+ WebInspector.domTreeManager.querySelector(documentNode.id, selector, function(nodeId) {
+ let domNode = WebInspector.domTreeManager.nodeForId(nodeId);
+ InspectorTest.log("");
+ InspectorTest.expectThat(domNode, `Got DOMNode for ${selector}`);
+ InspectorTest.expectThat(domNode.contentSecurityPolicyHash() === hash, `DOMNode has hash ${hash}`);
+ });
+ }
+ InspectorTest.completeTest();
+ });
+}
+</script>
+</head>
+<body _onload_="runTest()">
+ <p>Test for Content Security Policy hash support on DOM.DOMNode.</p>
+
+ <!-- Elements that can have a Content Security Policy hash -->
+ <style id="stylesheet-without-whitespace">#test1 { background-color: blue; }</style>
+ <style id="stylesheet-with-whitespace">
+ #test2 {
+ background-color: yellow;
+ }
+ </style>
+ <style id="stylesheet-with-ignored-charset">
+ @charset "Big5"; /* This should be ignored. */
+ #test3 {
+ background-color: magenta;
+ }
+ </style>
+
+ <script id="script-without-whitespace">var thisIsAnInlineScript = true;</script>
+ <script id="script-with-whitespace">
+ var thisIsAnotherInlineScript = true;
+ </script>
+ <script id="script-with-unicode-code-point-00C5">
+ // Å
+ </script>
+ <!-- Hash of this script should be equivalent to hash of script script-with-unicode-code-point-00C5. -->
+ <script id="script-with-unicode-code-point-212B">
+ // Å
+ </script>
+
+ <!-- Elements that cannot have a Content Security Policy hash -->
+ <!-- FIXME: We should make this more comprehensive. -->
+ <link id="external-stylesheet" rel="stylesheet" href=""
+ <script id="external-script" src=""
+ <p id="paragraph"></p>
+</body>
+</html>
Modified: trunk/Source/_javascript_Core/ChangeLog (198177 => 198178)
--- trunk/Source/_javascript_Core/ChangeLog 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-03-15 00:39:59 UTC (rev 198178)
@@ -1,3 +1,16 @@
+2016-03-14 Daniel Bates <[email protected]>
+
+ Web Inspector: Display Content Security Policy hash in details sidebar for script and style elements
+ https://bugs.webkit.org/show_bug.cgi?id=155466
+ <rdar://problem/25152480>
+
+ Reviewed by Joseph Pecoraro and Timothy Hatcher.
+
+ Add property contentSecurityPolicyHash to store the CSP hash for an HTML style element or an
+ applicable HTML script element.
+
+ * inspector/protocol/DOM.json:
+
2016-03-14 Joonghun Park <[email protected]>
Purge PassRefPtr from ArrayBuffer, ArchiveResource, Pasteboard, LegacyWebArchive and DataObjectGtk
Modified: trunk/Source/_javascript_Core/inspector/protocol/DOM.json (198177 => 198178)
--- trunk/Source/_javascript_Core/inspector/protocol/DOM.json 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/_javascript_Core/inspector/protocol/DOM.json 2016-03-15 00:39:59 UTC (rev 198178)
@@ -51,7 +51,8 @@
{ "name": "shadowRoots", "type": "array", "optional": true, "items": { "$ref": "Node" }, "description": "Shadow root list for given element host." },
{ "name": "templateContent", "$ref": "Node", "optional": true, "description": "Content document fragment for template elements" },
{ "name": "pseudoElements", "type": "array", "items": { "$ref": "Node" }, "optional": true, "description": "Pseudo elements associated with this node." },
- { "name": "role", "type": "string", "optional": true, "description": "Computed value for first recognized role token, default role per element, or overridden role." }
+ { "name": "role", "type": "string", "optional": true, "description": "Computed value for first recognized role token, default role per element, or overridden role." },
+ { "name": "contentSecurityPolicyHash", "type": "string", "optional": true, "description": "Computed SHA-256 Content Security Policy hash source for given element." }
],
"description": "DOM interaction is implemented in terms of mirror objects that represent the actual DOM nodes. DOMNode is a base node mirror type."
},
Modified: trunk/Source/WebCore/ChangeLog (198177 => 198178)
--- trunk/Source/WebCore/ChangeLog 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/WebCore/ChangeLog 2016-03-15 00:39:59 UTC (rev 198178)
@@ -1,3 +1,24 @@
+2016-03-14 Daniel Bates <[email protected]>
+
+ Web Inspector: Display Content Security Policy hash in details sidebar for script and style elements
+ https://bugs.webkit.org/show_bug.cgi?id=155466
+ <rdar://problem/25152480>
+
+ Reviewed by Joseph Pecoraro and Timothy Hatcher.
+
+ For convenience, display the SHA-256 Content Security Policy (CSP) hash in the node details
+ sidebar for the selected HTML script element or HTML style element. A CSP script hash is
+ only applicable to inline _javascript_ scripts. Therefore, we will display a hash for HTML
+ script elements only if they do not have a src attribute.
+
+ Tests: inspector/dom/csp-big5-hash.html
+ inspector/dom/csp-hash.html
+
+ * inspector/InspectorDOMAgent.cpp:
+ (WebCore::computeContentSecurityPolicySHA256Hash): Added.
+ (WebCore::InspectorDOMAgent::buildObjectForNode): For an applicable HTML script- or style-
+ element, pass the computed SHA-256 CSP hash to the Inspector front end.
+
2016-03-14 Joonghun Park <[email protected]>
Purge PassRefPtr from ArrayBuffer, ArchiveResource, Pasteboard, LegacyWebArchive and DataObjectGtk
Modified: trunk/Source/WebCore/inspector/InspectorDOMAgent.cpp (198177 => 198178)
--- trunk/Source/WebCore/inspector/InspectorDOMAgent.cpp 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/WebCore/inspector/InspectorDOMAgent.cpp 2016-03-15 00:39:59 UTC (rev 198178)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2009, 2015-2016 Apple Inc. All rights reserved.
* Copyright (C) 2011 Google Inc. All rights reserved.
* Copyright (C) 2009 Joseph Pecoraro
*
@@ -45,6 +45,7 @@
#include "ContainerNode.h"
#include "Cookie.h"
#include "CookieJar.h"
+#include "CryptoDigest.h"
#include "DOMEditor.h"
#include "DOMPatchSupport.h"
#include "DOMWindow.h"
@@ -86,6 +87,7 @@
#include "StyleResolver.h"
#include "StyleSheetList.h"
#include "Text.h"
+#include "TextNodeTraversal.h"
#include "XPathResult.h"
#include "htmlediting.h"
#include "markup.h"
@@ -93,6 +95,7 @@
#include <inspector/InjectedScript.h>
#include <inspector/InjectedScriptManager.h>
#include <runtime/JSCInlines.h>
+#include <wtf/text/Base64.h>
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
@@ -1268,6 +1271,19 @@
}
}
+static String computeContentSecurityPolicySHA256Hash(const Element& element)
+{
+ // FIXME: Compute the digest with respect to the raw bytes received from the page.
+ // See <https://bugs.webkit.org/show_bug.cgi?id=155184>.
+ TextEncoding documentEncoding = element.document().textEncoding();
+ const TextEncoding& encodingToUse = documentEncoding.isValid() ? documentEncoding : UTF8Encoding();
+ CString content = encodingToUse.encode(TextNodeTraversal::contentsAsString(element), EntitiesForUnencodables);
+ auto cryptoDigest = CryptoDigest::create(CryptoDigest::Algorithm::SHA_256);
+ cryptoDigest->addBytes(content.data(), content.length());
+ Vector<uint8_t> digest = cryptoDigest->computeHash();
+ return makeString("sha256-", base64Encode(digest.data(), digest.size()));
+}
+
Ref<Inspector::Protocol::DOM::Node> InspectorDOMAgent::buildObjectForNode(Node* node, int depth, NodeToIdMap* nodesMap)
{
int id = bind(node, nodesMap);
@@ -1341,6 +1357,9 @@
value->setTemplateContent(buildObjectForNode(downcast<HTMLTemplateElement>(element).content(), 0, nodesMap));
#endif
+ if (is<HTMLStyleElement>(element) || (is<HTMLScriptElement>(element) && !element.fastHasAttribute(HTMLNames::srcAttr)))
+ value->setContentSecurityPolicyHash(computeContentSecurityPolicySHA256Hash(element));
+
if (element.pseudoId()) {
Inspector::Protocol::DOM::PseudoType pseudoType;
if (pseudoElementType(element.pseudoId(), &pseudoType))
Modified: trunk/Source/WebInspectorUI/ChangeLog (198177 => 198178)
--- trunk/Source/WebInspectorUI/ChangeLog 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/WebInspectorUI/ChangeLog 2016-03-15 00:39:59 UTC (rev 198178)
@@ -1,3 +1,22 @@
+2016-03-14 Daniel Bates <[email protected]>
+
+ Web Inspector: Display Content Security Policy hash in details sidebar for script and style elements
+ https://bugs.webkit.org/show_bug.cgi?id=155466
+ <rdar://problem/25152480>
+
+ Reviewed by Joseph Pecoraro and Timothy Hatcher.
+
+ * Localizations/en.lproj/localizedStrings.js: Add English localized string for the CSP hash UI label.
+ * UserInterface/Models/DOMNode.js:
+ (WebInspector.DOMNode): Initialize the instance variable this._contentSecurityPolicyHash
+ with the value passed from the Inspector back end.
+ (WebInspector.DOMNode.prototype.contentSecurityPolicyHash): Returns the CSP hash for this node.
+ * UserInterface/Views/DOMNodeDetailsSidebarPanel.js:
+ (WebInspector.DOMNodeDetailsSidebarPanel): Append a row to the end of section Identity to display
+ the CSP hash (if applicable).
+ (WebInspector.DOMNodeDetailsSidebarPanel.prototype.refresh): Query the underlying WebInspector.DOMNode
+ for the CSP hash of the selected node.
+
2016-03-14 Joseph Pecoraro <[email protected]>
Web Inspector: REGRESSION(r197974): HeapAllocationsTimelineView broken, doesn't handle Timeline Sidebar Navigation removal
Modified: trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js (198177 => 198178)
--- trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js 2016-03-15 00:39:59 UTC (rev 198178)
@@ -188,6 +188,7 @@
localizedStrings["Container Regions"] = "Container Regions";
localizedStrings["Content"] = "Content";
localizedStrings["Content Flow"] = "Content Flow";
+localizedStrings["CSP Hash"] = "CSP Hash";
localizedStrings["Content Security Policy violation of directive: %s"] = "Content Security Policy violation of directive: %s";
localizedStrings["Continue script execution (%s or %s)"] = "Continue script execution (%s or %s)";
localizedStrings["Continue to Here"] = "Continue to Here";
Modified: trunk/Source/WebInspectorUI/UserInterface/Models/DOMNode.js (198177 => 198178)
--- trunk/Source/WebInspectorUI/UserInterface/Models/DOMNode.js 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/WebInspectorUI/UserInterface/Models/DOMNode.js 2016-03-15 00:39:59 UTC (rev 198178)
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2009, 2010 Google Inc. All rights reserved.
* Copyright (C) 2009 Joseph Pecoraro
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -48,6 +48,7 @@
this._nodeValue = payload.nodeValue;
this._pseudoType = payload.pseudoType;
this._computedRole = payload.role;
+ this._contentSecurityPolicyHash = payload.contentSecurityPolicyHash;
if (this._nodeType === Node.DOCUMENT_NODE)
this.ownerDocument = this;
@@ -228,6 +229,11 @@
return this._computedRole;
}
+ contentSecurityPolicyHash()
+ {
+ return this._contentSecurityPolicyHash;
+ }
+
hasAttributes()
{
return this._attributes.length > 0;
Modified: trunk/Source/WebInspectorUI/UserInterface/Views/DOMNodeDetailsSidebarPanel.js (198177 => 198178)
--- trunk/Source/WebInspectorUI/UserInterface/Views/DOMNodeDetailsSidebarPanel.js 2016-03-15 00:22:45 UTC (rev 198177)
+++ trunk/Source/WebInspectorUI/UserInterface/Views/DOMNodeDetailsSidebarPanel.js 2016-03-15 00:39:59 UTC (rev 198178)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -38,8 +38,9 @@
this._identityNodeTypeRow = new WebInspector.DetailsSectionSimpleRow(WebInspector.UIString("Type"));
this._identityNodeNameRow = new WebInspector.DetailsSectionSimpleRow(WebInspector.UIString("Name"));
this._identityNodeValueRow = new WebInspector.DetailsSectionSimpleRow(WebInspector.UIString("Value"));
+ this._identityNodeContentSecurityPolicyHashRow = new WebInspector.DetailsSectionSimpleRow(WebInspector.UIString("CSP Hash"));
- var identityGroup = new WebInspector.DetailsSectionGroup([this._identityNodeTypeRow, this._identityNodeNameRow, this._identityNodeValueRow]);
+ var identityGroup = new WebInspector.DetailsSectionGroup([this._identityNodeTypeRow, this._identityNodeNameRow, this._identityNodeValueRow, this._identityNodeContentSecurityPolicyHashRow]);
var identitySection = new WebInspector.DetailsSection("dom-node-identity", WebInspector.UIString("Identity"), [identityGroup]);
this._attributesDataGridRow = new WebInspector.DetailsSectionDataGridRow(null, WebInspector.UIString("No Attributes"));
@@ -104,6 +105,7 @@
this._identityNodeTypeRow.value = this._nodeTypeDisplayName();
this._identityNodeNameRow.value = domNode.nodeNameInCorrectCase();
this._identityNodeValueRow.value = domNode.nodeValue();
+ this._identityNodeContentSecurityPolicyHashRow.value = domNode.contentSecurityPolicyHash();
this._refreshAttributes();
this._refreshProperties();
