[webkit-reviews] review requested: [Bug 179728] CSP: Hide nonce values from the DOM : [Attachment 443599] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 8 13:46:52 PST 2021
Patrick Griffis <pgriffis at igalia.com> has asked for review:
Bug 179728: CSP: Hide nonce values from the DOM
https://bugs.webkit.org/show_bug.cgi?id=179728
Attachment 443599: Patch
https://bugs.webkit.org/attachment.cgi?id=443599&action=review
--- Comment #19 from Chris Dumez <cdumez at apple.com> ---
(In reply to Patrick Griffis from comment #18)
> (In reply to Chris Dumez from comment #17)
> > Comment on attachment 443596 [details]
> >
> > > Source/WebCore/html/HTMLElement.cpp:505
> > > + hideNonce();
> >
> > Just curious, would this work?
> > ```
> > hideNonce();
> > return Element::insertedIntoAncestor(insertionType, containerNode);
> > ```
> >
> > It would be simpler so I am wondering if there is a good reason to use the
> > ordering in your patch.
> >
>
> No it fails. I believe it updates state for `isConnected()` to be correct.
Ok, thanks for letting me know.
--- Comment #20 from Patrick Griffis <pgriffis at igalia.com> ---
Created attachment 443599
--> https://bugs.webkit.org/attachment.cgi?id=443599&action=review
Patch
More information about the webkit-reviews
mailing list