[Webkit-unassigned] [Bug 117286] New: Reporting mode of Content Security Policy: eval() is not reported
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 6 01:00:59 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=117286
Summary: Reporting mode of Content Security Policy: eval() is
not reported
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: masch at nc-online.de
Follow-up to bug 111867 which is solved with Chrome 27 (version 27.0.1453.110 m).
Now any usage of eval() isn't reported anymore in reporting-mode (but still blocked in non-reporting-mode).
Example:
<!DOCTYPE html>
<html>
<meta http-equiv="Content-Security-Policy-Report-Only" content="default-src 'self' 'unsafe-inline'; report-uri /dummy.html"/>
<head>
<script src="CSP.js"></script>
<script>
eval('alert(2);');
</script>
</head>
<body>
</body>
</html>
CSP.js:
eval('alert(1);');
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list