Tete17
8df173e1bd
LibWeb: Add require-trusted-types-for Directive
...
This is meant to configure the behaviour of an injection sinks when a
string is passed.
2025-09-01 16:19:24 +01:00
Tim Ledbetter
cb1a1a5cb5
LibWeb: Replace is<T>() with as_if<T>() where possible
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
2025-08-25 18:45:00 +02:00
Tim Ledbetter
aadd563592
LibWeb: Replace usages of dynamic_cast with as and as_if
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
2025-08-22 20:26:09 +02:00
Callum Law
71b039a721
LibWeb: Use document's global object in is_base_allowed_for_document
...
Previously we were using the document's window - this was both contrary
to spec and causing crashes when the document did not have a window (for
instance the `temp_document` in `HTMLParser::parse_html_fragment`.
This means we no longer crash when navigating between pages on
https://rocketlabcorp.com
2025-08-16 14:19:05 +02:00
Kenneth Myhra
1228063a85
LibWeb: Enforce Integrity Policy on Fetch requests
2025-08-14 13:37:38 +01:00
Tete17
966e00fd69
LibWeb: Finish algorithm to block trusted type policy creation with CSP
...
This is the mechanism that should pages to determine what kind of
policies can be created on their domains mostly based around the HTTP
headers the server responds with.
2025-08-11 12:21:31 +01:00
Kenneth Myhra
70cafc558e
LibWeb: Replace request's "window" with "traversable for user prompts"
...
User prompts are not tied to specific Windows or the client's Window.
They are tied to a traversable navigable (browser tab).
2025-08-08 11:12:53 +01:00
Luke Wilde
1d57df6e26
LibWeb/CSP: Implement the sandbox directive
2025-08-07 19:24:39 +02:00
Luke Wilde
a5e2fd2e12
LibWeb/CSP: Implement the webrtc directive
2025-08-07 19:24:39 +02:00
Luke Wilde
855e17529c
LibWeb/CSP: Implement the report-to directive
...
This doesn't do anything by itself, the report a violation algorithm
will handle this directive itself.
2025-08-07 19:24:39 +02:00
Luke Wilde
ed0230bb93
LibWeb/CSP: Implement the report-uri directive
...
This doesn't do anything by itself, the report a violation algorithm
will handle this directive itself.
2025-08-07 19:24:39 +02:00
Luke Wilde
4aa355658f
LibWeb/CSP: Implement the base-uri directive
2025-08-07 00:45:31 +02:00
Luke Wilde
febe4fdb46
LibWeb/CSP: Implement the frame-ancestors directive
2025-08-07 00:45:31 +02:00
Luke Wilde
f9247116b1
LibWeb/CSP: Implement the form-action directive
2025-08-07 00:45:31 +02:00
Luke Wilde
5a1de8a187
LibWeb/CSP: Implement the child-src directive
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
2025-07-19 17:15:21 +12:00
Luke Wilde
c5748437db
LibWeb/CSP: Implement the default-src directive
2025-07-19 17:15:21 +12:00
Luke Wilde
25425f63ba
LibWeb/CSP: Implement the worker-src directive
2025-07-19 17:15:21 +12:00
Luke Wilde
8e999bca62
LibWeb/CSP: Implement the style-src-attr directive
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
2025-07-18 11:58:04 +12:00
Luke Wilde
574b736156
LibWeb/CSP: Implement the style-src-elem directive
2025-07-18 11:58:04 +12:00
Luke Wilde
8b0b3b186f
LibWeb/CSP: Implement the style-src directive
2025-07-18 11:58:04 +12:00
Tim Ledbetter
941da11ece
LibWeb: Avoid accessing opaque origin port during CSP checks
2025-07-13 14:33:33 +02:00
Luke Wilde
f50f23b19f
LibWeb/CSP: Implement the script-src-attr directive
2025-07-12 13:06:33 +12:00
Luke Wilde
f382bccc3d
LibWeb/CSP: Implement the script-src-elem directive
2025-07-12 13:06:33 +12:00
Luke Wilde
0cff47828d
LibWeb/CSP: Implement the script-src directive
2025-07-09 15:52:54 -06:00
Luke Wilde
985a481b5a
LibWeb/CSP: Implement the object-src directive
CI / macOS, arm64, Sanitizer_CI, Clang (push) Waiting to run
CI / Linux, x86_64, Fuzzers_CI, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer_CI, GNU (push) Waiting to run
CI / Linux, x86_64, Sanitizer_CI, Clang (push) Waiting to run
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
2025-07-06 13:40:04 +12:00
Luke Wilde
1b12aa4d8e
LibWeb/CSP: Implement the media-src directive
2025-07-06 13:40:04 +12:00
Luke Wilde
5addbcd61b
LibWeb/CSP: Implement the manifest-src directive
2025-07-06 13:40:04 +12:00
Luke Wilde
002e993f68
LibWeb/CSP: Add [[nodiscard]] to result enums
...
This makes it so we don't have to remember to specify [[nodiscard]] on
functions that return them.
2025-07-06 13:40:04 +12:00
Luke Wilde
715061fb79
LibWeb/CSP: Implement the img-src directive
2025-07-05 21:21:44 +12:00
Luke Wilde
1689353beb
LibWeb/CSP: Implement the frame-src directive
2025-07-05 21:21:44 +12:00
Luke Wilde
e899438907
LibWeb/CSP: Implement the font-src directive
2025-07-05 21:21:44 +12:00
Luke Wilde
959bb5cc18
LibWeb/CSP: Implement the connect-src directive
2025-07-05 21:21:44 +12:00
Luke Wilde
203c2a6b30
LibWeb/CSP: Use GC::Heap instead of JS::Realm for directive checks
2025-07-05 21:21:44 +12:00
Luke Wilde
1edf7a8aa2
LibWeb/CSP: Implement URL matching algorithms
...
These are used by all the *-src attributes, to check if a given URL,
origin and redirect count matches a source list entry specified in
the *-src attribute's values, if it's allowed to.
2025-07-01 10:24:24 +12:00
Luke Wilde
38f80913a4
LibWeb: Implement Content Security Policy directive expression parser
...
This follows the implementation method that was used for the
implementation of ISO8601 parsing for Temporal in LibJS. Doing it this
way allows us to have state transactions, and thus pick out individual
parse nodes that the specification steps want to use.
2025-07-01 10:24:24 +12:00
Luke Wilde
050f984625
LibWeb/CSP: Add Keyword Sources FlyStrings
2025-07-01 10:24:24 +12:00
Shannon Booth
e0d7278820
LibURL+LibWeb: Make URL::Origin default constructor private
...
Instead, porting over all users to use the newly created
Origin::create_opaque factory function. This also requires porting
over some users of Origin to avoid default construction.
2025-06-17 20:54:03 +02:00
rmg-x
f5de4c3dd6
LibWeb/ContentSecurityPolicy: Remove noisy "unknown directive" log
CI / macOS, arm64, Sanitizer_CI, Clang (push) Waiting to run
CI / Linux, x86_64, Fuzzers_CI, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer_CI, GNU (push) Waiting to run
CI / Linux, x86_64, Sanitizer_CI, Clang (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
2025-06-08 00:46:49 +02:00
Luke Wilde
e364443e60
LibWeb: Support Content-Security-Policy http-equiv state on meta element
2025-05-23 16:39:13 +02:00
Timothy Flynn
1c075d6039
LibWeb: Remove Web::Infra ASCII case conversion methods
...
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (arm64, macos-15, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (x86_64, ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
We have more optimized versions of these methods in AK.
2025-05-04 15:59:17 +02:00
Shannon Booth
8a3c66d8a6
LibWeb: Make a bunch of CSP classes not realm associated
...
These are not associated with a javascript realm, so to avoid
confusion about which realm these need to be created in, make
all of these objects a GC::Cell, and deal with the fallout.
2025-04-28 12:41:28 +02:00
Andreas Kling
a6dfc74e93
LibWeb: Only set prototype once for object with IDL interface
...
Before this change, we were going through the chain of base classes for
each IDL interface object and having them set the prototype to their
prototype.
Instead of doing that, reorder things so that we set the right prototype
immediately in Foo::initialize(), and then don't bother in all the base
class overrides.
This knocks off a ~1% profile item on Speedometer 3.
2025-04-20 18:43:11 +02:00
Timothy Flynn
ee6b2db009
AK+LibURL+LibWeb: Use simdutf to validate ASCII strings
...
simdutf provides a vectorized ASCII validator, so let's use that instead
of looping over strings manually.
2025-04-06 11:05:58 -04:00
Luke Wilde
278666edcd
LibWeb: Enforce Content Security Policy on navigation request/response
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (macos-14, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
2025-04-01 04:01:28 +02:00
Luke Wilde
7643a079c0
LibWeb: Enforce Content Security Policy of Fetch responses
2025-03-19 00:55:14 +01:00
Luke Wilde
51796e2d3a
LibWeb: Report CSP violations for request
2025-03-19 00:55:14 +01:00
Luke Wilde
6f771f45e2
LibWeb: Enforce Content Security Policy on Fetch requests
2025-03-19 00:55:14 +01:00
Luke Wilde
86170f4bfd
LibWeb/CSP: Introduce the ability to create and report a violation
...
A violation provides several details about an enforcement failing, such
as the URL of the document, the directive that returned "Blocked", etc.
2025-03-19 00:55:14 +01:00
Luke Wilde
02236be737
LibWeb/CSP: Implement SecurityPolicyViolationEvent
...
This is used to report violations of policies to the element/global
object that caused it.
2025-03-19 00:55:14 +01:00
Aliaksandr Kalenik
56971a4201
LibWeb: Delete FIXME debug log in PolicyList
...
It adds too much spam in test runner output.
2025-03-13 22:16:47 +01:00
