[Webkit-unassigned] [Bug 181846] New: CSP: object-src is propagated to iframed HTML documents without CSP meta-refreshing to a PDF URI

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 19 04:02:26 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=181846

            Bug ID: 181846
           Summary: CSP: object-src is propagated to iframed HTML
                    documents without CSP meta-refreshing to a PDF URI
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mikispag at gmail.com

The object-src directive of an embedding HTML document is propagated to iframed HTML documents without CSP meta-refreshing to a PDF URI.

PoC: https://poc.miki.it/CSP/safari_object_src_iframe/

The third case should not be blocked according to the CSP specification (cross-test with Chromium), because the intermediate HTML page does not have a CSP.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180119/dcfd4703/attachment-0001.html>


More information about the webkit-unassigned mailing list