Bug 250418
Summary: | Secure Contexts: Documents whose environment has a data: top-level creation URL are not considered a secure context. | ||
---|---|---|---|
Product: | WebKit | Reporter: | Ryan Reno <rreno> |
Component: | DOM | Assignee: | Ryan Reno <rreno> |
Status: | NEW | ||
Severity: | Normal | CC: | webkit-bug-importer |
Priority: | P2 | Keywords: | InRadar |
Version: | WebKit Nightly Build | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=11885 |
Ryan Reno
data:text/html,<h1>Hello World!</h1>
window.isSecureContext returns false.
My reading of https://html.spec.whatwg.org/multipage/webappapis.html#secure-contexts says we should get a result of "Potentially Trustworthy" which should imply a secure context (step 2 of the linked algorithm).
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/104096486>
Ryan Reno
We are intentionally treating data URLs as opaque origins.
https://bugs.webkit.org/show_bug.cgi?id=11885
Ryan Reno
Pull request: https://github.com/WebKit/WebKit/pull/8556