156563 – CSP: Nested browsing context created for <object> or <embed> should respect object-src directive

RESOLVED FIXED 156563

CSP: Nested browsing context created for <object> or <embed> should respect object-src directive

https://bugs.webkit.org/show_bug.cgi?id=156563

Summary CSP: Nested browsing context created for <object> or <embed> should respect o...

Daniel Bates

Reported 2016-04-13 16:30:27 PDT

Nested browsing contexts created for an HTML object or HTML embed element should respect the Content Security Policy object-src directive as per section object-src of the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015), Currently nested browsing contexts created for an HTML object or HTML embed element respect the Content Security Policy child-src/frame-src directive.

Attachments
Patch and Layout Tests (17.24 KB, patch) 2016-04-13 16:35 PDT, Daniel Bates	darin: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-04-13 16:35:29 PDT

Created attachment 276364 [details] Patch and Layout Tests

Radar WebKit Bug Importer

Comment 2 2016-04-13 16:35:49 PDT

<rdar://problem/25715713>

Daniel Bates

Comment 3 2016-04-13 19:39:52 PDT

Committed r199527: <http://trac.webkit.org/changeset/199527>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Daniel Bates

Reported

2016-04-13 16:30 PDT

Modified

2016-04-13 19:39 PDT History

CC List

7 users Show

URL

Keywords InRadar, WebExposed

Depends on

Blocks