240136 – CSP: Fix incorrect blocked-uri for inline scripts and strict-dynamic policies

Bug 240136 - CSP: Fix incorrect blocked-uri for inline scripts and strict-dynamic policies

Summary: CSP: Fix incorrect blocked-uri for inline scripts and strict-dynamic policies

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Patrick Griffis

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-05-05 13:16 PDT by Patrick Griffis
Modified:	2022-05-06 09:42 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (4.75 KB, patch) 2022-05-05 13:16 PDT, Patrick Griffis	no flags	Details \| Formatted Diff \| Diff
Patch (4.79 KB, patch) 2022-05-05 13:17 PDT, Patrick Griffis	no flags	Details \| Formatted Diff \| Diff
Patch (4.74 KB, patch) 2022-05-05 13:24 PDT, Patrick Griffis	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick Griffis 2022-05-05 13:16:25 PDT

CSP: Fix incorrect blocked-uri for inline scripts and strict-dynamic policies

Comment 1 Patrick Griffis 2022-05-05 13:16:39 PDT Comment hidden (obsolete)

Created attachment 458906 [details]
Patch

Comment 2 Patrick Griffis 2022-05-05 13:17:18 PDT Comment hidden (obsolete)

Created attachment 458907 [details]
Patch

Comment 3 Kate Cheney 2022-05-05 13:23:52 PDT

Comment on attachment 458907 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=458907&action=review

> LayoutTests/ChangeLog:9
> +        * platform/gtk/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-inline-report-expected.txt: Added.

Would you be able to add expectations for other platforms as well?

Comment 4 Patrick Griffis 2022-05-05 13:24:27 PDT

Created attachment 458909 [details]
Patch

Comment 5 Patrick Griffis 2022-05-05 13:25:16 PDT

(In reply to Kate Cheney from comment #3)
> Comment on attachment 458907 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=458907&action=review
> 
> > LayoutTests/ChangeLog:9
> > +        * platform/gtk/http/tests/security/contentSecurityPolicy/script-src-strict-dynamic-inline-report-expected.txt: Added.
> 
> Would you be able to add expectations for other platforms as well?

Meant to be for all platforms, fixed.

Comment 6 Kate Cheney 2022-05-05 13:27:50 PDT

Comment on attachment 458909 [details]
Patch

r=me

Comment 7 EWS 2022-05-06 09:41:39 PDT

Committed r293897 (?): <https://commits.webkit.org/r293897>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 458909 [details].

Comment 8 Radar WebKit Bug Importer 2022-05-06 09:42:12 PDT

<rdar://problem/92865327>