[webkit-reviews] review requested: [Bug 224535] Blob URLs should use their owner origin for CSP navigation/download checks : [Attachment 426084] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 15 05:50:55 PDT 2021
youenn fablet <youennf at gmail.com> has asked for review:
Bug 224535: Blob URLs should use their owner origin for CSP navigation/download
checks
https://bugs.webkit.org/show_bug.cgi?id=224535
Attachment 426084: Patch
https://bugs.webkit.org/attachment.cgi?id=426084&action=review
--- Comment #5 from youenn fablet <youennf at gmail.com> ---
Comment on attachment 426084
--> https://bugs.webkit.org/attachment.cgi?id=426084
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=426084&action=review
> Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp:135
> + if (m_allowSelf && m_policy.urlMatchesSelf(url,
equalIgnoringASCIICase(m_directiveName,
ContentSecurityPolicyDirectiveNames::frameSrc)
Maybe we should store whether this is a frame src directive as a boolean.
More information about the webkit-reviews
mailing list