From 537a9e8015c28d516c1eb2ab8cd2aa82c2d2e32c Mon Sep 17 00:00:00 2001 From: edukisto <52005215+edukisto@users.noreply.github.com> Date: Sun, 5 Jul 2020 15:22:39 +0300 Subject: [PATCH] CSP: Fixed directives (#2461) --- components/prism-csp.js | 2 +- components/prism-csp.min.js | 2 +- tests/languages/csp/directive_no_value_feature.test | 3 ++- .../csp/directive_with_source_expression_feature.test | 4 ++-- tests/languages/csp/safe_feature.test | 4 ++-- tests/languages/csp/unsafe_feature.test | 2 +- 6 files changed, 9 insertions(+), 8 deletions(-) diff --git a/components/prism-csp.js b/components/prism-csp.js index 2c028a1db9..861f5a0972 100644 --- a/components/prism-csp.js +++ b/components/prism-csp.js @@ -11,7 +11,7 @@ Prism.languages.csp = { 'directive': { - pattern: /\b(?:(?:base-uri|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox) |(?:block-all-mixed-content|disown-opener|upgrade-insecure-requests)(?: |;)|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src )/i, + pattern: /\b(?:base-uri|block-all-mixed-content|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src|disown-opener|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox|upgrade-insecure-requests)\b/i, alias: 'keyword' }, 'safe': { diff --git a/components/prism-csp.min.js b/components/prism-csp.min.js index ce8999f577..b07a47aca1 100644 --- a/components/prism-csp.min.js +++ b/components/prism-csp.min.js @@ -1 +1 @@ -Prism.languages.csp={directive:{pattern:/\b(?:(?:base-uri|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox) |(?:block-all-mixed-content|disown-opener|upgrade-insecure-requests)(?: |;)|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src )/i,alias:"keyword"},safe:{pattern:/'(?:self|none|strict-dynamic|(?:nonce-|sha(?:256|384|512)-)[a-zA-Z\d+=/]+)'/,alias:"selector"},unsafe:{pattern:/(?:'unsafe-inline'|'unsafe-eval'|'unsafe-hashed-attributes'|\*)/,alias:"function"}}; \ No newline at end of file +Prism.languages.csp={directive:{pattern:/\b(?:base-uri|block-all-mixed-content|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src|disown-opener|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox|upgrade-insecure-requests)\b/i,alias:"keyword"},safe:{pattern:/'(?:self|none|strict-dynamic|(?:nonce-|sha(?:256|384|512)-)[a-zA-Z\d+=/]+)'/,alias:"selector"},unsafe:{pattern:/(?:'unsafe-inline'|'unsafe-eval'|'unsafe-hashed-attributes'|\*)/,alias:"function"}}; \ No newline at end of file diff --git a/tests/languages/csp/directive_no_value_feature.test b/tests/languages/csp/directive_no_value_feature.test index 5ae927df77..a45d608292 100644 --- a/tests/languages/csp/directive_no_value_feature.test +++ b/tests/languages/csp/directive_no_value_feature.test @@ -3,7 +3,8 @@ upgrade-insecure-requests; ---------------------------------------------------- [ - ["directive", "upgrade-insecure-requests;"] + ["directive", "upgrade-insecure-requests"], + ";" ] ---------------------------------------------------- diff --git a/tests/languages/csp/directive_with_source_expression_feature.test b/tests/languages/csp/directive_with_source_expression_feature.test index fc059f4246..a4db6cd64f 100644 --- a/tests/languages/csp/directive_with_source_expression_feature.test +++ b/tests/languages/csp/directive_with_source_expression_feature.test @@ -3,8 +3,8 @@ script-src example.com; ---------------------------------------------------- [ - ["directive", "script-src "], - "example.com;" + ["directive", "script-src"], + " example.com;" ] ---------------------------------------------------- diff --git a/tests/languages/csp/safe_feature.test b/tests/languages/csp/safe_feature.test index af31d1ac4d..13c9d837b7 100644 --- a/tests/languages/csp/safe_feature.test +++ b/tests/languages/csp/safe_feature.test @@ -3,10 +3,10 @@ default-src 'none'; style-src 'self' 'strict-dynamic' 'nonce-yeah' 'sha256-EpOpN ---------------------------------------------------- [ - ["directive", "default-src "], + ["directive", "default-src"], ["safe", "'none'"], "; ", - ["directive", "style-src "], + ["directive", "style-src"], ["safe", "'self'"], ["safe", "'strict-dynamic'"], ["safe", "'nonce-yeah'"], diff --git a/tests/languages/csp/unsafe_feature.test b/tests/languages/csp/unsafe_feature.test index 1fe7e478e3..e1cf98aa13 100644 --- a/tests/languages/csp/unsafe_feature.test +++ b/tests/languages/csp/unsafe_feature.test @@ -3,7 +3,7 @@ script-src 'unsafe-inline' 'unsafe-eval' 'unsafe-hashed-attributes'; ---------------------------------------------------- [ - ["directive", "script-src "], + ["directive", "script-src"], ["unsafe", "'unsafe-inline'"], ["unsafe", "'unsafe-eval'"], ["unsafe", "'unsafe-hashed-attributes'"],