[Webkit-unassigned] [Bug 104305] Scripts injected from an isolated world should bypass a page's CSP
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 23 11:31:45 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=104305
--- Comment #6 from Daniel Bates <dbates at webkit.org> ---
I marked this issue RESOLVED WONTFIX because I do not feel we should fix this bug as it encourages a bad idiom. I agree with Adam Barth's remarked in comment #1, we want extension authors to use scripts included in their extension bundle as opposed to programmatically injecting inline script that could make the page susceptible to an XSS vulnerability.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160323/c5478356/attachment.html>
More information about the webkit-unassigned
mailing list