[Webkit-unassigned] [Bug 264355] Content Security Policy for previous load should not apply to subsequent alternate HTML load
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 22 07:55:34 PST 2024
https://bugs.webkit.org/show_bug.cgi?id=264355
Anne van Kesteren <annevk at annevk.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |annevk at annevk.nl
--- Comment #10 from Anne van Kesteren <annevk at annevk.nl> ---
The HTML Standard assumes that only about:blank exists. I'm not entirely sure what you mean with inherently trusted, but about:blank typically inherits the origin from its creator.
Are substitute loads always in full control of the browser and result in a cross-origin document? From the perspective of the document starting the navigation? In that case special casing them is probably reasonable.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241122/1c7032ce/attachment.htm>
More information about the webkit-unassigned
mailing list