[webkit-reviews] review denied: [Bug 92675] CSP should correctly block plugin resources rendered in PluginDocuments. : [Attachment 155746] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 1 11:18:45 PDT 2012
Adam Barth <abarth at webkit.org> has denied Mike West <mkwst at chromium.org>'s
request for review:
Bug 92675: CSP should correctly block plugin resources rendered in
PluginDocuments.
https://bugs.webkit.org/show_bug.cgi?id=92675
Attachment 155746: Patch
https://bugs.webkit.org/attachment.cgi?id=155746&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=155746&action=review
> Source/WebCore/loader/DocumentWriter.cpp:145
> + if (document->isPluginDocument() && m_frame->ownerElement())
> +
document->contentSecurityPolicy()->copyStateFrom(m_frame->ownerElement()->docum
ent()->contentSecurityPolicy());
I wonder if we should do this work in Document::initContentSecurityPolicy. We
could check for isPluginDocument() there and centralize the logic for copying
the CSP policy from our parent.
More information about the webkit-reviews
mailing list