[Webkit-unassigned] [Bug 128990] New: CSP breaks soft-wrapping of plaintext documents unless unsafe-inline is used
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 18 12:50:18 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=128990
Summary: CSP breaks soft-wrapping of plaintext documents unless
unsafe-inline is used
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
OS/Version: Mac OS X 10.9
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at webkit.org
To reproduce:
1. Serve a plaintext document containing long lines with Content-Security-Policy header of "style-src 'none'" or stronger (like "default-src 'none'").
The lines should soft-wrap to match the browser width.
But the lines do not wrap. In the JS console there is a warning that says:
> Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
It looks like CSP is breaking the style attribute that WebKit puts on the <pre> element that wraps the plaintext contents.
We were running into this when serving raw file contents from raw.github.com (I'm a GitHub engineer), so we added a "style-src 'unsafe-inline'" directive.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list