[Webkit-unassigned] [Bug 141316] ScriptController::initScript should not subject to CSP if the world it is running in is isolated world
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 24 17:17:45 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=141316
Geoffrey Garen <ggaren at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #249304|review? |review+
Flags| |
--- Comment #8 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 249304
--> https://bugs.webkit.org/attachment.cgi?id=249304
Patch v2
I don't think this patch is any worse than the existing behavior in CachedResourceLoader::canRequest. That said, it looks like our approach to CSP is pretty badly broken in the face of extensions and browser JavaScript.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150325/315c1777/attachment-0002.html>
More information about the webkit-unassigned
mailing list