Bug 1439425 - Ignore empty CSP directives. r=ckerschb

MozReview-Commit-ID: 67Ach2vCs8A --HG-- rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html => dom/security/test/csp/file_empty_directive.html rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/security/test/csp/file_empty_directive.html^headers^ rename : dom/security/test/csp/test_self_none_as_hostname_confusion.html => dom/security/test/csp/test_empty_directive.html extra : rebase_source : 1270d3d1aa8d53389e8708d29d2e363e52c02029
2018-03-06 18:48:26 -08:00 · 2018-03-06 18:48:26 -08:00 · 0d79353b7d
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@ -1171,6 +1171,10 @@ nsCSPParser::directive()
    return;
  }

+  if (CSP_IsEmptyDirective(mCurValue, mCurToken)) {
+    return;
+  }
+
  // Try to create a new CSPDirective
  nsCSPDirective* cspDir = directiveName();
  if (!cspDir) {
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@ -307,6 +307,12 @@ CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI)
  return hostsrc;
 }

+bool
+CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir)
+{
+  return (aDir.Length() == 0 &&
+          aValue.Length() == 0);
+}
 bool
 CSP_IsValidDirective(const nsAString& aDir)
 {
--- a/dom/security/nsCSPUtils.h
+++ b/dom/security/nsCSPUtils.h
@ -211,6 +211,7 @@ nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
 class nsCSPHostSrc;

 nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI);
+bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir);
 bool CSP_IsValidDirective(const nsAString& aDir);
 bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir);
 bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey);
--- a/dom/security/test/csp/file_empty_directive.html
+++ b/dom/security/test/csp/file_empty_directive.html
@ -0,0 +1,11 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Bug 587377 - CSP keywords "'self'" and "'none'" are easy to confuse with host names "self" and "none"</title>
+    <!-- Any copyright is dedicated to the Public Domain.
+       - http://creativecommons.org/publicdomain/zero/1.0/ -->
+  </head>
+  <body>
+  </body>
+</html>
--- a/dom/security/test/csp/file_empty_directive.html^headers^
+++ b/dom/security/test/csp/file_empty_directive.html^headers^
@ -0,0 +1 @@
+Content-Security-Policy: ;
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@ -108,6 +108,8 @@ support-files =
  file_ignore_unsafe_inline_multiple_policies_server.sjs
  file_self_none_as_hostname_confusion.html
  file_self_none_as_hostname_confusion.html^headers^
+  file_empty_directive.html
+  file_empty_directive.html^headers^
  file_path_matching.html
  file_path_matching_incl_query.html
  file_path_matching.js
@ -268,6 +270,7 @@ skip-if = toolkit == 'android' # Times out, not sure why (bug 1008445)
 [test_scheme_relative_sources.html]
 [test_ignore_unsafe_inline.html]
 [test_self_none_as_hostname_confusion.html]
+[test_empty_directive.html]
 [test_path_matching.html]
 [test_path_matching_redirect.html]
 [test_report_uri_missing_in_report_only_header.html]
--- a/dom/security/test/csp/test_empty_directive.html
+++ b/dom/security/test/csp/test_empty_directive.html
@ -0,0 +1,51 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1439425
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1439425</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1439425">Mozilla Bug 1439425</a>
+<p id="display"></p>
+
+<iframe id="cspframe"></iframe>
+
+<pre id="test">
+
+<script class="testbody" type="text/javascript">
+let consoleCount = 0;
+
+function cleanup() {
+  SpecialPowers.postConsoleSentinel();
+}
+
+function finish() {
+  SimpleTest.finish();
+}
+
+SpecialPowers.registerConsoleListener(function ConsoleMsgListener(aMsg) {
+  if (aMsg.message == "SENTINEL") {
+    is(consoleCount, 0);
+    SimpleTest.executeSoon(finish);
+  } else {
+    ++consoleCount;
+    ok(false, "Must never see a console warning here");
+  }
+});
+
+// set up and start testing
+SimpleTest.waitForExplicitFinish();
+let frame = document.getElementById('cspframe');
+frame.onload = () => {
+  SimpleTest.executeSoon(cleanup);
+};
+frame.src = 'file_empty_directive.html';
+</script>
+</pre>
+</body>
+</html>