Summary: | CSP: Permit exempting schemes only for certain policy areas | ||
---|---|---|---|
Product: | WebKit | Reporter: | Daniel Bates <dbates> |
Component: | WebCore Misc. | Assignee: | Daniel Bates <dbates> |
Status: | RESOLVED INVALID | ||
Severity: | Normal | CC: | bfulgham, webkit-bug-importer |
Priority: | P2 | Keywords: | BlinkMergeCandidate, InRadar |
Version: | WebKit Local Build | ||
Hardware: | All | ||
OS: | All |
Description
Daniel Bates
2016-01-15 15:15:20 PST
This issue is not applicable to WebKit as we do not have Blink-in-JS. In WebKit we make use of user agent shadow DOM and isolated worlds to implement browser features using markup and JavaScript, respectively. The Content Security Policy of a page applies to neither an isolated world nor to sub resource loads initiated from a user agent shadow DOM. |