[webkit-reviews] review granted: [Bug 234934] Implement CSP strict-dynamic for module scripts : [Attachment 448534] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 6 14:05:54 PST 2022
Brent Fulgham <bfulgham at webkit.org> has granted Kate Cheney
<katherine_cheney at apple.com>'s request for review:
Bug 234934: Implement CSP strict-dynamic for module scripts
https://bugs.webkit.org/show_bug.cgi?id=234934
Attachment 448534: Patch
https://bugs.webkit.org/attachment.cgi?id=448534&action=review
--- Comment #3 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 448534
--> https://bugs.webkit.org/attachment.cgi?id=448534
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=448534&action=review
r=me
> Source/WebCore/dom/ScriptElement.cpp:379
> + if
(!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(
), m_startLineNumber, m_element.nonce(), sourceCode.source(),
m_parserInserted))
Is there a specific CSP spec step we should reference for this decision? I know
most of the CSP code doesn't add such comments, but I find them helpful when
reviewing other areas of WebKit.
>
LayoutTests/http/tests/security/contentSecurityPolicy/strict-dynamic-module-scr
ipt.html:6
> + <script src="/js-test-resources/testharnessreport.js"
nonce='dummy'></script>
Nit: Weird spacing here
More information about the webkit-reviews
mailing list