[Webkit-unassigned] [Bug 237281] Sandbox CSP directives allows websites to block execution of browser features implemented in JavaScript
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 2 09:12:57 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=237281
--- Comment #5 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Michael Catanzaro from comment #4)
> Somebody is complaining on Matrix that this also breaks WebKit's
> HTMLMediaElement controls. So it's not just browser-level features, but also
> WebKit features that are affected.
And it means the strategy suggested in my comment #3 would be insufficient to fully fix this. We'd need to identify other places within WebKit that use internal JavaScript and fix those too. I'm not sure what else there would be besides media controls, but I bet there's more I don't know about....
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220702/49d851ac/attachment.htm>
More information about the webkit-unassigned
mailing list