[Webkit-unassigned] [Bug 115700] New: CSP: Check inline event handlers on each run, not only the first
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 6 20:05:16 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=115700
Summary: CSP: Check inline event handlers on each run, not only
the first
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rniwa at webkit.org
CC: ap at webkit.org, beidson at apple.com
We should consider merging
https://chromium.googlesource.com/chromium/blink/+/eeb0b48e9f470edeca26452382c1d6381f23371b
CSP: Check inline event handlers on each run, not only the first.
Injecting a policy into an existing document currently allows inline event
handlers to continue executing as long as they were executed once before
the policy was injected. This patch adjusts the check to ensure that it
always blocks execution.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list