[Webkit-unassigned] [Bug 153150] New: CSP: Fire 'load' events even when blocking loads via 'frame-src'.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 15 14:55:04 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=153150
Bug ID: 153150
Summary: CSP: Fire 'load' events even when blocking loads via
'frame-src'.
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: All
OS: All
Status: NEW
Keywords: BlinkMergeCandidate
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
CC: dbates at webkit.org
We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=165743>.
CSP: Fire 'load' events even when blocking loads via 'frame-src'.
If we fire a 'load' event, the frame looks just like any other
cross-origin load that succeeded. If we don't fire a 'load' event,
timing attacks can gain knowledge about the URL in the frame by blocking
the URL in a page's CSP, and waiting long enough to be sure that a 'load'
event _would_ have fired if the load wasn't blocked.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160115/d7a9e80f/attachment-0001.html>
More information about the webkit-unassigned
mailing list