[webkit-changes] [WebKit/WebKit] 572f10: Safari v14.1 CSP Violation - Usage of "element.rem...
Charlie Wolfe
noreply at github.com
Mon Sep 12 15:09:23 PDT 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 572f10393126fefe8d887573d2644b27931a2516
https://github.com/WebKit/WebKit/commit/572f10393126fefe8d887573d2644b27931a2516
Author: Charlie Wolfe <charles_wolfe at apple.com>
Date: 2022-09-12 (Mon, 12 Sep 2022)
Changed paths:
A LayoutTests/http/tests/security/contentSecurityPolicy/allow-inline-remove-attribute-expected.txt
A LayoutTests/http/tests/security/contentSecurityPolicy/allow-inline-remove-attribute.html
M Source/WebCore/dom/StyledElement.cpp
Log Message:
-----------
Safari v14.1 CSP Violation - Usage of "element.removeAttribute("style")" causes style-src CSP Violation.
https://bugs.webkit.org/show_bug.cgi?id=227349
<rdar://80020346>
Reviewed by Brent Fulgham.
If the new style string is null, clear the inline style without checking if the element's inline type should be blocked by CSP. This behavior matches Chrome and Firefox.
* Source/WebCore/dom/StyledElement.cpp:
(WebCore::StyledElement::styleAttributeChanged):
* LayoutTests/http/tests/security/contentSecurityPolicy/allow-inline-remove-attribute-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/allow-inline-remove-attribute.html: Added.
Canonical link: https://commits.webkit.org/254409@main
More information about the webkit-changes
mailing list