117286 – Reporting mode of Content Security Policy: eval() is not reported

RESOLVED DUPLICATE of bug 111869 117286

Reporting mode of Content Security Policy: eval() is not reported

https://bugs.webkit.org/show_bug.cgi?id=117286

Summary Reporting mode of Content Security Policy: eval() is not reported

masch

Reported 2013-06-06 00:59:33 PDT

Follow-up to bug 111867 which is solved with Chrome 27 (version 27.0.1453.110 m). Now any usage of eval() isn't reported anymore in reporting-mode (but still blocked in non-reporting-mode). Example: <!DOCTYPE html> <html> <meta http-equiv="Content-Security-Policy-Report-Only" content="default-src 'self' 'unsafe-inline'; report-uri /dummy.html"/> <head> <script src="CSP.js"></script> <script> eval('alert(2);'); </script> </head> <body> </body> </html> CSP.js: eval('alert(1);');

Attachments
Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2015-12-10 17:20:42 PST

*** This bug has been marked as a duplicate of bug 111869 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 111869

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2013-06-06 00:59 PDT

Modified

2015-12-10 17:20 PST History

CC List

1 user Show

URL

Keywords

Depends on

Blocks