[webkit-reviews] review granted: [Bug 234934] Implement CSP strict-dynamic for module scripts : [Attachment 448534] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 6 14:05:54 PST 2022


Brent Fulgham <bfulgham at webkit.org> has granted Kate Cheney
<katherine_cheney at apple.com>'s request for review:
Bug 234934: Implement CSP strict-dynamic for module scripts
https://bugs.webkit.org/show_bug.cgi?id=234934

Attachment 448534: Patch

https://bugs.webkit.org/attachment.cgi?id=448534&action=review




--- Comment #3 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 448534
  --> https://bugs.webkit.org/attachment.cgi?id=448534
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=448534&action=review

r=me

> Source/WebCore/dom/ScriptElement.cpp:379
> +    if
(!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(
), m_startLineNumber, m_element.nonce(), sourceCode.source(),
m_parserInserted))

Is there a specific CSP spec step we should reference for this decision? I know
most of the CSP code doesn't add such comments, but I find them helpful when
reviewing other areas of WebKit.

>
LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic-module-scr
ipt.html:6
> +	   <script src="/js-test-resources/testharnessreport.js"
nonce='dummy'></script>

Nit: Weird spacing here


More information about the webkit-reviews mailing list