Bug 236092

Summary: [Win] object elements containing images don't go through object-src CSP checks
Product: WebKit Reporter: Patrick Griffis <pgriffis>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Patrick Griffis 2022-02-03 10:46:12 PST 
This is a port specific failure and in other ports this is handled by ImageLoader::updateFromElement() setting ResourceLoaderOptions.loadedFromPluginElement.

This causes these tests to fail:

- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html

I'm not sure why the win port would be doing something different.
Comment 1 Radar WebKit Bug Importer 2022-02-10 10:47:17 PST 
<rdar://problem/88765166>