mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-23 17:33:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
70447 commits 1 branch 0 tags 482 MiB
Commit graph

24 commits

Author SHA1 Message Date
Luke Wilde
8e999bca62 LibWeb/CSP: Implement the style-src-attr directive
Some checks are pending
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
Details
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details
2025-07-18 11:58:04 +12:00
Luke Wilde
574b736156 LibWeb/CSP: Implement the style-src-elem directive 2025-07-18 11:58:04 +12:00
Luke Wilde
8b0b3b186f LibWeb/CSP: Implement the style-src directive 2025-07-18 11:58:04 +12:00
Tim Ledbetter
941da11ece LibWeb: Avoid accessing opaque origin port during CSP checks 2025-07-13 14:33:33 +02:00
Luke Wilde
f50f23b19f LibWeb/CSP: Implement the script-src-attr directive 2025-07-12 13:06:33 +12:00
Luke Wilde
f382bccc3d LibWeb/CSP: Implement the script-src-elem directive 2025-07-12 13:06:33 +12:00
Luke Wilde
0cff47828d LibWeb/CSP: Implement the script-src directive 2025-07-09 15:52:54 -06:00
Luke Wilde
985a481b5a LibWeb/CSP: Implement the object-src directive
Some checks are pending
CI / macOS, arm64, Sanitizer_CI, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Fuzzers_CI, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Sanitizer_CI, GNU (push) Waiting to run
Details
CI / Linux, x86_64, Sanitizer_CI, Clang (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details
2025-07-06 13:40:04 +12:00
Luke Wilde
1b12aa4d8e LibWeb/CSP: Implement the media-src directive 2025-07-06 13:40:04 +12:00
Luke Wilde
5addbcd61b LibWeb/CSP: Implement the manifest-src directive 2025-07-06 13:40:04 +12:00
Luke Wilde
002e993f68 LibWeb/CSP: Add [[nodiscard]] to result enums 
This makes it so we don't have to remember to specify [[nodiscard]] on
functions that return them.
 2025-07-06 13:40:04 +12:00
Luke Wilde
715061fb79 LibWeb/CSP: Implement the img-src directive 2025-07-05 21:21:44 +12:00
Luke Wilde
1689353beb LibWeb/CSP: Implement the frame-src directive 2025-07-05 21:21:44 +12:00
Luke Wilde
e899438907 LibWeb/CSP: Implement the font-src directive 2025-07-05 21:21:44 +12:00
Luke Wilde
959bb5cc18 LibWeb/CSP: Implement the connect-src directive 2025-07-05 21:21:44 +12:00
Luke Wilde
203c2a6b30 LibWeb/CSP: Use GC::Heap instead of JS::Realm for directive checks 2025-07-05 21:21:44 +12:00
Luke Wilde
1edf7a8aa2 LibWeb/CSP: Implement URL matching algorithms 
These are used by all the *-src attributes, to check if a given URL,
origin and redirect count matches a source list entry specified in
the *-src attribute's values, if it's allowed to.
 2025-07-01 10:24:24 +12:00
Luke Wilde
38f80913a4 LibWeb: Implement Content Security Policy directive expression parser 
This follows the implementation method that was used for the
implementation of ISO8601 parsing for Temporal in LibJS. Doing it this
way allows us to have state transactions, and thus pick out individual
parse nodes that the specification steps want to use.
 2025-07-01 10:24:24 +12:00
Luke Wilde
050f984625 LibWeb/CSP: Add Keyword Sources FlyStrings 2025-07-01 10:24:24 +12:00
rmg-x
f5de4c3dd6 LibWeb/ContentSecurityPolicy: Remove noisy "unknown directive" log
Some checks are pending
CI / macOS, arm64, Sanitizer_CI, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Fuzzers_CI, Clang (push) Waiting to run
Details
CI / Linux, x86_64, Sanitizer_CI, GNU (push) Waiting to run
Details
CI / Linux, x86_64, Sanitizer_CI, Clang (push) Waiting to run
Details
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Details
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details
2025-06-08 00:46:49 +02:00
Shannon Booth
8a3c66d8a6 LibWeb: Make a bunch of CSP classes not realm associated 
These are not associated with a javascript realm, so to avoid
confusion about which realm these need to be created in, make
all of these objects a GC::Cell, and deal with the fallout.
 2025-04-28 12:41:28 +02:00
Luke Wilde
278666edcd LibWeb: Enforce Content Security Policy on navigation request/response
Some checks are pending
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (macos-14, macOS, macOS-universal2) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details
2025-04-01 04:01:28 +02:00
Luke Wilde
86170f4bfd LibWeb/CSP: Introduce the ability to create and report a violation 
A violation provides several details about an enforcement failing, such
as the URL of the document, the directive that returned "Blocked", etc.
 2025-03-19 00:55:14 +01:00
Luke Wilde
e34a6c86b9 LibWeb: Introduce Content Security Policy policies and directives 
These form the basis of Content Security Policy. A policy is a
collection of directives that are parsed from either the
Content-Security-Policy(-Report-Only) HTTP header, or the `<meta>`
element.

The directives are what restrict the operations can be performed in the
current global execution context. For example, "frame-ancestors: none"
tells us to prevent the page from being loaded in an embedded context,
such as `<iframe>`.

You can see it a bit like OpenBSD's pledge() functionality, but for the
web platform: https://man.openbsd.org/pledge.2
 2025-03-04 14:27:19 +01:00