Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 18919c9e6b223759f65a2a2ddbc5d65e6bb2e611
https://github.com/WebKit/WebKit/commit/18919c9e6b223759f65a2a2ddbc5d65e6bb2e611
Author: Luke Warlow <[email protected]>
Date: 2025-09-30 (Tue, 30 Sep 2025)
Changed paths:
M LayoutTests/TestExpectations
A
LayoutTests/imported/w3c/web-platform-tests/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-001-expected.txt
M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
Log Message:
-----------
require-trusted-types-for CSP parsing incorrect
https://bugs.webkit.org/show_bug.cgi?id=289904
Reviewed by Anne van Kesteren.
This patch updates the parsing to ensure that 'script' is only valid when it's
followed by a whitespace
or end of buffer.
It also updates the parsing to no longer early return when it finds an invalid
sink group.
* LayoutTests/TestExpectations:
*
LayoutTests/imported/w3c/web-platform-tests/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-001-expected.txt:
Added.
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::parseRequireTrustedTypesFor):
Canonical link: https://commits.webkit.org/300770@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
