mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-06 09:01:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
68959 commits 1 branch 0 tags 477 MiB
Commit graph

11 commits

Author SHA1 Message Date
Shannon Booth
8a3c66d8a6 LibWeb: Make a bunch of CSP classes not realm associated 
These are not associated with a javascript realm, so to avoid
confusion about which realm these need to be created in, make
all of these objects a GC::Cell, and deal with the fallout.
 2025-04-28 12:41:28 +02:00
Andreas Kling
a6dfc74e93 LibWeb: Only set prototype once for object with IDL interface 
Before this change, we were going through the chain of base classes for
each IDL interface object and having them set the prototype to their
prototype.

Instead of doing that, reorder things so that we set the right prototype
immediately in Foo::initialize(), and then don't bother in all the base
class overrides.

This knocks off a ~1% profile item on Speedometer 3.
 2025-04-20 18:43:11 +02:00
Timothy Flynn
ee6b2db009 AK+LibURL+LibWeb: Use simdutf to validate ASCII strings 
simdutf provides a vectorized ASCII validator, so let's use that instead
of looping over strings manually.
 2025-04-06 11:05:58 -04:00
Luke Wilde
278666edcd LibWeb: Enforce Content Security Policy on navigation request/response
Some checks are pending
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (macos-14, macOS, macOS-universal2) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details
2025-04-01 04:01:28 +02:00
Luke Wilde
7643a079c0 LibWeb: Enforce Content Security Policy of Fetch responses 2025-03-19 00:55:14 +01:00
Luke Wilde
51796e2d3a LibWeb: Report CSP violations for request 2025-03-19 00:55:14 +01:00
Luke Wilde
6f771f45e2 LibWeb: Enforce Content Security Policy on Fetch requests 2025-03-19 00:55:14 +01:00
Luke Wilde
86170f4bfd LibWeb/CSP: Introduce the ability to create and report a violation 
A violation provides several details about an enforcement failing, such
as the URL of the document, the directive that returned "Blocked", etc.
 2025-03-19 00:55:14 +01:00
Luke Wilde
02236be737 LibWeb/CSP: Implement SecurityPolicyViolationEvent 
This is used to report violations of policies to the element/global
object that caused it.
 2025-03-19 00:55:14 +01:00
Aliaksandr Kalenik
56971a4201 LibWeb: Delete FIXME debug log in PolicyList 
It adds too much spam in test runner output.
 2025-03-13 22:16:47 +01:00
Luke Wilde
e34a6c86b9 LibWeb: Introduce Content Security Policy policies and directives 
These form the basis of Content Security Policy. A policy is a
collection of directives that are parsed from either the
Content-Security-Policy(-Report-Only) HTTP header, or the `<meta>`
element.

The directives are what restrict the operations can be performed in the
current global execution context. For example, "frame-ancestors: none"
tells us to prevent the page from being loaded in an embedded context,
such as `<iframe>`.

You can see it a bit like OpenBSD's pledge() functionality, but for the
web platform: https://man.openbsd.org/pledge.2
 2025-03-04 14:27:19 +01:00