RESOLVED DUPLICATE of bug 255990269156
Enforce conformant whitespace requirements for CSP policies 
https://bugs.webkit.org/show_bug.cgi?id=269156
Summary Enforce conformant whitespace requirements for CSP policies
sideshowbarker
Reported 2024-02-10 21:19:18 PST
Per https://w3c.github.io/webappsec-csp/#grammardef-optional-ascii-whitespace, the CSP spec throughout restricts allowed/required whitespace characters to the set of code points defined as “ASCII whitespace” in https://infra.spec.whatwg.org/#ascii-whitespace — which excludes the U+000B LINE TABULATION code point that some other specs additionally allow as whitespace. However, the current WebKit code currently allows the U+000B LINE TABULATION code point as whitespace in places where the CSP spec requirements disallow it.
Attachments
Add attachment proposed patch, testcase, etc.
sideshowbarker
Comment 1 2024-02-10 21:20:26 PST
I noticed this while working on the https://github.com/WebKit/WebKit/pull/24217 patch.
sideshowbarker
Comment 2 2024-02-10 21:31:02 PST
Pull request: https://github.com/WebKit/WebKit/pull/24222
sideshowbarker
Comment 3 2024-02-12 00:43:20 PST
*** This bug has been marked as a duplicate of bug 255990 ***
Note You need to log in before you can comment on or make changes to this bug.