236092 – [Win] object elements containing images don't go through object-src CSP checks

NEW236092

[Win] object elements containing images don't go through object-src CSP checks

https://bugs.webkit.org/show_bug.cgi?id=236092

Summary [Win] object elements containing images don't go through object-src CSP checks

Patrick Griffis

Reported 2022-02-03 10:46:12 PST

This is a port specific failure and in other ports this is handled by ImageLoader::updateFromElement() setting ResourceLoaderOptions.loadedFromPluginElement. This causes these tests to fail: - http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html - http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html - http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html I'm not sure why the win port would be doing something different.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-02-10 10:47:17 PST

<rdar://problem/88765166>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2022-02-03 10:46 PST

Modified

2022-02-10 10:47 PST History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks