273187 – Block Function constructor string arguments when trusted types enforced

RESOLVED FIXED 273187

Block Function constructor string arguments when trusted types enforced

https://bugs.webkit.org/show_bug.cgi?id=273187

Summary Block Function constructor string arguments when trusted types enforced

Luke Warlow

Reported 2024-04-24 07:51:14 PDT

When trusted types are enforced string arguments to new Function() should be blocked unless the default policy exists and allows them.

Attachments
Add attachment proposed patch, testcase, etc.

Luke Warlow

Comment 1 2024-04-29 09:50:07 PDT

Radar WebKit Bug Importer

Comment 2 2024-05-01 07:52:15 PDT

EWS

Comment 3 2024-12-16 13:00:54 PST

Committed 287909@main (152e920a5ac2): <https://commits.webkit.org/287909@main> Reviewed commits have been landed. Closing PR #27878 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari 17

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Luke Warlow

Reported

2024-04-24 07:51 PDT

Modified

2024-12-16 13:00 PST History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks

267694

Dependencies

tree graph