236092 – [Win] object elements containing images don't go through object-src CSP checks

Bug 236092 - [Win] object elements containing images don't go through object-src CSP checks

Summary: [Win] object elements containing images don't go through object-src CSP checks

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-02-03 10:46 PST by Patrick Griffis
Modified:	2022-02-10 10:47 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick Griffis 2022-02-03 10:46:12 PST

This is a port specific failure and in other ports this is handled by ImageLoader::updateFromElement() setting ResourceLoaderOptions.loadedFromPluginElement.

This causes these tests to fail:

- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
- http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html

I'm not sure why the win port would be doing something different.

Comment 1 Radar WebKit Bug Importer 2022-02-10 10:47:17 PST

<rdar://problem/88765166>