[Webkit-unassigned] [Bug 153150] New: CSP: Fire 'load' events even when blocking loads via 'frame-src'.

Fri Jan 15 14:55:04 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=153150

            Bug ID: 153150
           Summary: CSP: Fire 'load' events even when blocking loads via
                    'frame-src'.
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: BlinkMergeCandidate
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: dbates at webkit.org

We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=165743>.

CSP: Fire 'load' events even when blocking loads via 'frame-src'.

If we fire a 'load' event, the frame looks just like any other
cross-origin load that succeeded. If we don't fire a 'load' event,
timing attacks can gain knowledge about the URL in the frame by blocking
the URL in a page's CSP, and waiting long enough to be sure that a 'load'
event _would_ have fired if the load wasn't blocked.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160115/d7a9e80f/attachment-0001.html>