[Webkit-unassigned] [Bug 155184] New: CSP: Compute digest with respect to the raw bytes received from the page

Tue Mar 8 12:59:39 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=155184

            Bug ID: 155184
           Summary: CSP: Compute digest with respect to the raw bytes
                    received from the page
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: bfulgham at webkit.org,
                    webkit-bug-importer at group.apple.com

Following up from Brent Fulgham's remark in bug #155007, comment 5, we should compute the digest for an inline script/stylesheet using the raw bytes from the page instead of the output from the parser to ensure that the computed hash matches the hash specified in the CSP. The output from the parser may differ in Unicode normalization and XML/HTML entity decoding from the raw byte representation of the inline script/stylesheet among other differences.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160308/5c70b2d3/attachment-0001.html>