[Webkit-unassigned] [Bug 92396] New: CSP directive `object-src 'none'` should block loading of content in objects.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 26 10:36:09 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=92396
Summary: CSP directive `object-src 'none'` should block loading
of content in objects.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mkwst at chromium.org
CC: abarth at webkit.org
The attached test gives results that I don't understand; I think that setting `object-src 'none'` should block the image from being loaded via the `object` tag (see the spec: "It is not required that the consumer of the element's data be a plugin in order for the object-src directive to be enforced. ...").
I'm not sure if the behavior I'm seeing is a bug in my understanding of plugins, or a bug in our CSP implementations (or a bug in my test, I suppose).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list