<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - CSP: Compute digest with respect to the raw bytes received from the page"
href="https://bugs.webkit.org/show_bug.cgi?id=155184">155184</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>CSP: Compute digest with respect to the raw bytes received from the page
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebCore Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>dbates@webkit.org
</td>
</tr>
<tr>
<th>CC</th>
<td>bfulgham@webkit.org, webkit-bug-importer@group.apple.com
</td>
</tr></table>
<p>
<div>
<pre>Following up from Brent Fulgham's remark in <a class="bz_bug_link
bz_status_NEW "
title="NEW - CSP: Implement support for inline script and inline style hashes"
href="show_bug.cgi?id=155007#c5">bug #155007, comment 5</a>, we should compute the digest for an inline script/stylesheet using the raw bytes from the page instead of the output from the parser to ensure that the computed hash matches the hash specified in the CSP. The output from the parser may differ in Unicode normalization and XML/HTML entity decoding from the raw byte representation of the inline script/stylesheet among other differences.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>