[webkit-reviews] review granted: [Bug 91353] Invalid `script-nonce` directives should block script execution. : [Attachment 152539] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 16 08:45:46 PDT 2012
Adam Barth <abarth at webkit.org> has granted Mike West <mkwst at chromium.org>'s
request for review:
Bug 91353: Invalid `script-nonce` directives should block script execution.
https://bugs.webkit.org/show_bug.cgi?id=91353
Attachment 152539: Patch
https://bugs.webkit.org/attachment.cgi?id=152539&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=152539&action=review
> Source/WebCore/page/ContentSecurityPolicy.cpp:616
> + , m_scriptNonce(String())
No need for this line. String() is the default constructor. :)
> Source/WebCore/page/ContentSecurityPolicy.cpp:947
> + m_scriptNonce = emptyString();
We can't use emptyString() because this code runs in workers too. Let's just
use "".
> Source/WebCore/page/ContentSecurityPolicy.cpp:959
> + m_scriptNonce = emptyString();
ditto
> LayoutTests/ChangeLog:8
> + Additional information of the change such as approach, rationale.
Please add per-function descriptions below (OOPS!).
This line will prevent the patch from landing.
More information about the webkit-reviews
mailing list