<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:ap@webkit.org" title="Alexey Proskuryakov <ap@webkit.org>"> <span class="fn">Alexey Proskuryakov</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext"
href="https://bugs.webkit.org/show_bug.cgi?id=147227">bug 147227</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Attachment #257354 Flags</td>
<td>review?
</td>
<td>review+
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext"
href="https://bugs.webkit.org/show_bug.cgi?id=147227#c3">Comment # 3</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext"
href="https://bugs.webkit.org/show_bug.cgi?id=147227">bug 147227</a>
from <span class="vcard"><a class="email" href="mailto:ap@webkit.org" title="Alexey Proskuryakov <ap@webkit.org>"> <span class="fn">Alexey Proskuryakov</span></a>
</span></b>
<pre>Comment on <span class=""><a href="attachment.cgi?id=257354&action=diff" name="attach_257354" title="Patch v1">attachment 257354</a> <a href="attachment.cgi?id=257354&action=edit" title="Patch v1">[details]</a></span>
Patch v1
View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=257354&action=review">https://bugs.webkit.org/attachment.cgi?id=257354&action=review</a>
Hrmpf. Nice.
<span class="quote">> LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt:3
> +CONSOLE MESSAGE: Refused to load the font '<a href="http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff">http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff</a>' because it violates the following Content Security Policy directive: "font-src <a href="http://webkit.org">http://webkit.org</a>".
> +
> +CONSOLE MESSAGE: Refused to load the font '<a href="http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff">http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff</a>' because it violates the following Content Security Policy directive: "font-src <a href="http://webkit.org">http://webkit.org</a>".</span >
Why is this logged twice, do we have a bug?
<span class="quote">> LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html:8
> + testRunner.addUserStyleSheet("@font-face { font-family: ExampleFont; src: url(example_font.woff); }", true);</span >
I wonder if this can also be reproduced with something like
<iframe src="<a href="http://www.apple.com">http://www.apple.com</a>"></iframe>
<script>
frames[0].document.write(theStylesheet);
</script>
<span class="quote">> Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:255
> + // We shouldn't be sending ping loads during that process anyways.</span >
What do other browsers do? I wonder if "shouldn't" may be too assertive.
It feels like we shouldn't apply user stylesheets in initial documents, what do you think?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>