[Webkit-unassigned] [Bug 265158] New: Regression: Safari 17.1 blocking JS reading nonce for <style> and <link>

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 20 14:16:21 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=265158

            Bug ID: 265158
           Summary: Regression: Safari 17.1 blocking JS reading nonce for
                    <style> and <link>
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: chrisjshull at gmail.com

Created attachment 468689

  --> https://bugs.webkit.org/attachment.cgi?id=468689&action=review

Safari 17.0 (working)

The Google Maps JavaScript API reads the nonce value of an existing <style> or <link rel="stylesheet"> in order to inject more stylesheets with the same nonce. This worked in Safari 17.0

Starting in Safari 17.1, we are unable to read the nonce value in JS anymore, causing the Google Maps JavaScript API to render incorrectly on websites. Here is a test page reported by one of our customers: https://maps-bug-1a422.web.app/index.html

(We do the same thing for <script> elements, and that still works.)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231120/0f72a74d/attachment.htm>

More information about the webkit-unassigned mailing list