[webkit-reviews] review granted: [Bug 235837] CSP: Properly block image content in object elements : [Attachment 450280] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 28 15:39:06 PST 2022
Kate Cheney <katherine_cheney at apple.com> has granted Patrick Griffis
<pgriffis at igalia.com>'s request for review:
Bug 235837: CSP: Properly block image content in object elements
https://bugs.webkit.org/show_bug.cgi?id=235837
Attachment 450280: Patch
https://bugs.webkit.org/attachment.cgi?id=450280&action=review
--- Comment #2 from Kate Cheney <katherine_cheney at apple.com> ---
Comment on attachment 450280
--> https://bugs.webkit.org/attachment.cgi?id=450280
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=450280&action=review
> Source/WebCore/loader/ResourceLoaderOptions.h:150
> +enum class LoadedFromPluginElement : uint8_t {
Usually we write enums for booleans like this:
enum class LoadedFromPluginElement : bool { No, Yes };
with a "bool" specifier and the 'No' value first. I am not sure why other enums
in this class do not follow that pattern, but I think we should stick with it.
> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:581
> + String consoleMessage =
consoleMessageForViolation(violatedDirective, blockedURL, "Refused to load");
We should log the target URL in the console here I think. It is helpful to
debug and I believe it also matches other browser behavior in general to log
the target URL in the console.
More information about the webkit-reviews
mailing list