[webkit-reviews] review denied: [Bug 93777] Implement the form-action Content Security Policy directive. : [Attachment 157907] First pass.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 13 03:59:51 PDT 2012
jochen at chromium.org has denied Mike West <mkwst at chromium.org>'s request for
review:
Bug 93777: Implement the form-action Content Security Policy directive.
https://bugs.webkit.org/show_bug.cgi?id=93777
Attachment 157907: First pass.
https://bugs.webkit.org/attachment.cgi?id=157907&action=review
------- Additional Comments from jochen at chromium.org
I don't think the MainResourceLoader is the right place to do the check:
- submissions to javascript URls never hit the MainResourceLoader
- what about submissions using GET?
- what about XHRs using POST?
Can you add tests for all three cases?
I would either tell the MainResourceLoader that it's processing a form
submission, or have the main frame loader call back to the frame loader in
willSendRequest so it can do the check
ResourceLoader has a cancel method that takes a ResourceError. You can use this
to create a custom error code.
More information about the webkit-reviews
mailing list