[Permissions Policy] Switch to CSP Parser

This is mostly plug and play, and many of the restrictions can be lifted in future if we expand the wildcard types supported here. The changes in the CSP code are just to move the function into exportable namespace. The test changes are mostly to evaluate new cases and to prevent domains like *.example.com from being parsed as %2A.example.com because that's not real or helpful anyway. The changes here have no impact on permissions for valid targets that we were already parsing. Bug: 1418009 Change-Id: I5031adecbe33decce720bb44f78e70d555e2e450 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4436090 Reviewed-by: Ian Clelland <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Daniel Murphy <[email protected]> Code-Coverage: Findit <[email protected]> Commit-Queue: Daniel Murphy <[email protected]> Cr-Commit-Position: refs/heads/main@{#1132524}
Tobias710219 · Apr 19, 2023 · b8715c0 · b8715c0
1 parent 20808bc
commit b8715c0
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/...ons-policy/permissions-policy-header-policy-allowed-for-malformed-wildcard.https.sub.html b/...ons-policy/permissions-policy-header-policy-allowed-for-malformed-wildcard.https.sub.html
@@ -18,7 +18,7 @@
   test(function() {
     assert_array_equals(
       document.featurePolicy.getAllowlistForFeature('fullscreen').sort(),
-      ["https://%2A.%2A.{{domains[]}}:{{ports[https][0]}}", "https://example.%2A.{{domains[]}}:{{ports[https][0]}}", "https://{{domains[]}}:{{ports[https][0]}}"].sort());
+      ["https://*.example.com", "https://{{domains[]}}:{{ports[https][0]}}"].sort());
   }, header_policy + ' -- test allowlist lists all the malformed wildcards and self.');
 
   // Test that fullscreen is allowed on same-origin subframes with or without an allow attribute.

diff --git a/...ermissions-policy-header-policy-allowed-for-malformed-wildcard.https.sub.html.sub.headers b/...ermissions-policy-header-policy-allowed-for-malformed-wildcard.https.sub.html.sub.headers
@@ -1 +1 @@
-Permissions-Policy: fullscreen=("*://{{domains[]}}:{{ports[https][0]}}" "https://{{domains[]}}:*" "https://*.*.{{domains[]}}:{{ports[https][0]}}" "https://example.*.{{domains[]}}:{{ports[https][0]}}" self)
+Permissions-Policy: fullscreen=("*://{{domains[]}}:{{ports[https][0]}}" "https://{{domains[]}}:*" "https://*.*.{{domains[]}}:{{ports[https][0]}}" "https://example.*.{{domains[]}}:{{ports[https][0]}}" "https://*.example.com" self)
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		Permissions-Policy: fullscreen=("://{{domains[]}}:{{ports[https][0]}}" "https://{{domains[]}}:" "https://..{{domains[]}}:{{ports[https][0]}}" "https://example.*.{{domains[]}}:{{ports[https][0]}}" self)
		Permissions-Policy: fullscreen=("://{{domains[]}}:{{ports[https][0]}}" "https://{{domains[]}}:" "https://..{{domains[]}}:{{ports[https][0]}}" "https://example..{{domains[]}}:{{ports[https][0]}}" "https://.example.com" self)