`script-src 'slef'`, `script-src http:/`, and so on should not only be ignored when parsing a page's Content Security Policy, but should also generate a warning so that the developer's expectations are correctly set.
Created attachment 157437 [details] Patch
This patch updates CSP to throw moar warnings. WDYT, Adam?
Comment on attachment 157437 [details] Patch Thanks. CQ? (soon...)
Comment on attachment 157437 [details] Patch Rejecting attachment 157437 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: CT (content): Merge conflict in LayoutTests/ChangeLog Failed to merge in the changes. Patch failed at 0001 (r125185) http/tests/images/jpg-img-partial-load.html timeout on Lion When you have resolved this problem run "git rebase --continue". If you would prefer to skip this patch, instead run "git rebase --skip". To restore the original branch and stop rebasing run "git rebase --abort". rebase refs/remotes/origin/master: command returned error: 1 Died at Tools/Scripts/update-webkit line 164. Full output: http://queues.webkit.org/results/13473067
Comment on attachment 157437 [details] Patch Clearing flags on attachment: 157437 Committed r125213: <http://trac.webkit.org/changeset/125213>
All reviewed patches have been landed. Closing bug.