Bug 156563

Summary: CSP: Nested browsing context created for <object> or <embed> should respect object-src directive
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, cdumez, commit-queue, japhet, mkwst, webkit-bug-importer
Priority: P2 Keywords: InRadar, WebExposed
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch and Layout Tests darin: review+

Daniel Bates
Reported 2016-04-13 16:30:27 PDT
Nested browsing contexts created for an HTML object or HTML embed element should respect the Content Security Policy object-src directive as per section object-src of the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015), Currently nested browsing contexts created for an HTML object or HTML embed element respect the Content Security Policy child-src/frame-src directive.
Attachments
Patch and Layout Tests (17.24 KB, patch)
2016-04-13 16:35 PDT, Daniel Bates 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2016-04-13 16:35:29 PDT
Created attachment 276364 [details] Patch and Layout Tests
Radar WebKit Bug Importer
Comment 2 2016-04-13 16:35:49 PDT
<rdar://problem/25715713>
Daniel Bates
Comment 3 2016-04-13 19:39:52 PDT
Committed r199527: <http://trac.webkit.org/changeset/199527>
Note You need to log in before you can comment on or make changes to this bug.