[Webkit-unassigned] [Bug 153153] New: CSP: Check <param> element values against the document's CSP before loading

Fri Jan 15 15:01:10 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=153153

            Bug ID: 153153
           Summary: CSP: Check <param> element values against the
                    document's CSP before loading
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: BlinkMergeCandidate
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: dbates at webkit.org

We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=164952>.

CSP: Check <param> element values against the document's CSP before loading.

We ought to take account of the 'param' element parsing behavior that happens in
'HTMLObjectElement'. This patch moves the pluginIsLoadable check to make that
happen.

To avoid 'setTimeout' in the test, and to align with the spec[1], this patch also
starts dispatching an 'error' event on load failure for 'object' elements.

[1]: #4.6 ("If the load failed...") of http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#the-object-element

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160115/e8aaac43/attachment.html>