[Webkit-unassigned] [Bug 264355] Content Security Policy for previous load should not apply to subsequent alternate HTML load
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 21 13:13:34 PST 2024
https://bugs.webkit.org/show_bug.cgi?id=264355
--- Comment #6 from Michael Catanzaro <mcatanzaro at redhat.com> ---
Here is an inadequate fix:
diff --git a/Source/WebCore/style/StylePendingResources.cpp b/Source/WebCore/style/StylePendingResources.cpp
index 59a00d94a967..05fdc303d062 100644
--- a/Source/WebCore/style/StylePendingResources.cpp
+++ b/Source/WebCore/style/StylePendingResources.cpp
@@ -32,6 +32,7 @@
#include "CursorData.h"
#include "CursorList.h"
#include "DocumentInlines.h"
+#include "DocumentLoader.h"
#include "FillLayer.h"
#include "RenderStyleInlines.h"
#include "SVGURIReference.h"
@@ -53,7 +54,7 @@ static void loadPendingImage(Document& document, const StyleImage* styleImage, c
bool isInUserAgentShadowTree = element && element->isInUserAgentShadowTree();
ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
- options.contentSecurityPolicyImposition = isInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
+ options.contentSecurityPolicyImposition = isInUserAgentShadowTree || document.loader()->substituteData().isValid() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
if (!isInUserAgentShadowTree && document.settings().useAnonymousModeWhenFetchingMaskImages()) {
switch (loadPolicy) {
This only fixes images, though. There are lots more places that will need to be patched unless we can fix it centrally.
We also probably need to solve bug #272590 at the same time, because I doubt the fix for that will be separate.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241121/17d802be/attachment.htm>
More information about the webkit-unassigned
mailing list