[Webkit-unassigned] [Bug 179049] New: `<picture>` and `<img srcset>` ought to be treated as "blockable" mixed content.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 31 01:58:04 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=179049

            Bug ID: 179049
           Summary: `<picture>` and `<img srcset>` ought to be treated as
                    "blockable" mixed content.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mkwst at chromium.org

The Mixed Content spec carves out blockable subsets of `<img>` (step 4 of https://w3c.github.io/webappsec-mixed-content/#should-block-fetch) as a first step towards tightening mixed content restrictions more generally. WebKit currently treats these as optionally-blockable.

See, for example, tests at https://w3c-test.org/mixed-content/picture-tag/no-opt-in/same-host-http/top-level/swap-scheme-redirect/blockable/no-opt-in-blocks.https.html and https://w3c-test.org/mixed-content/imageset.https.sub.html, which Chrome and Firefox currently agree on.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171031/20a5c2a8/attachment.html>

More information about the webkit-unassigned mailing list