[webkit-reviews] review granted: [Bug 233135] CSP: Update URL stripping in reports to match other implementations : [Attachment 444822] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 19 09:12:31 PST 2021
Kate Cheney <katherine_cheney at apple.com> has granted review:
Bug 233135: CSP: Update URL stripping in reports to match other implementations
https://bugs.webkit.org/show_bug.cgi?id=233135
Attachment 444822: Patch
https://bugs.webkit.org/attachment.cgi?id=444822&action=review
--- Comment #13 from Kate Cheney <katherine_cheney at apple.com> ---
Comment on attachment 444822
--> https://bugs.webkit.org/attachment.cgi?id=444822
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=444822&action=review
r=me. Please adjust the CSP 1.1 tests that expect stripped cross origin URIs
for img-src and media-src and make sure EWS tests are passing before landing.
> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:720
> + // The fame-src, object-src, and block-all-mixed-content directives
would allow a website to put another in a frame
fame-src -> frame-src.
> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:721
> + // and listen to emitted securitypolicyviolation's.
I think securitypolicyviolation's -> securitypolicyviolations.
More information about the webkit-reviews
mailing list