311728 – Page CSP blocks content script background image rendering in action popups

NEW311728

Page CSP blocks content script background image rendering in action popups

https://bugs.webkit.org/show_bug.cgi?id=311728

Summary Page CSP blocks content script background image rendering in action popups

Carlos J.

Reported 2026-04-08 06:41:10 PDT

Given the following: Extension opens extension popup The popup has an iframe The iframe is set to a document which declares a CSP with default-src The extension applied a css content script to that document with a data:image based background-image Somehow Webkit does not render this image properly. While other engines render it completely fine. It seems somehow Webkit interprets the CSP as if it should block the css image. See demo extension: http://jeurissen.co/webext-demos/action-popup-content-script-css-data-image

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-04-08 06:41:16 PDT

<rdar://problem/174316860>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Safari 26

Hardware Mac (Apple Silicon)

OS macOS 26

Product WebKit

Component WebKit Extensions

Assignee

Nobody

Reported

2026-04-08 06:41 PDT

Modified

2026-05-23 07:43 PDT History

CC List

2 users Show

URL

https://jeurissen.co/webext-demos/action-popup-content-script-css-data-image

Keywords InRadar

Depends on

Blocks