Bug 236092
| Summary: | [Win] object elements containing images don't go through object-src CSP checks | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Patrick Griffis <pgriffis> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Patrick Griffis
This is a port specific failure and in other ports this is handled by ImageLoader::updateFromElement() setting ResourceLoaderOptions.loadedFromPluginElement.
This causes these tests to fail:
- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
I'm not sure why the win port would be doing something different.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/88765166>