Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a391efe1e1cf87c366f3fa9adbf5cc9a5bd57233
https://github.com/WebKit/WebKit/commit/a391efe1e1cf87c366f3fa9adbf5cc9a5bd57233
Author: Brent Fulgham <[email protected]>
Date: 2026-05-04 (Mon, 04 May 2026)
Changed paths:
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-blob-url-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-blob-url.html
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-data-url-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-data-url.html
M LayoutTests/platform/mac-wk1/TestExpectations
M LayoutTests/platform/mac/TestExpectations
R
LayoutTests/security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star-expected.html
A
LayoutTests/security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star-expected.txt
M
LayoutTests/security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star.html
R
LayoutTests/security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star-expected.html
A
LayoutTests/security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star-expected.txt
M
LayoutTests/security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star.html
Log Message:
-----------
security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star.html
and
security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star.html
are flaky
https://bugs.webkit.org/show_bug.cgi?id=155196
rdar://26846436
Reviewed by Anne van Kesteren.
The video-with-data-url-allowed-by-media-src-star and
video-with-blob-url-allowed-by-media-src-star
tests were flaky because they used pixel comparison of video frames, which
varies between runs.
This change convert both to normal dumpAsText tests that verify CSP behavior
(video loads
vs. blocked) instead of comparing rendered output.
I initially planned to migrate these WebKit-specific tests to WPT, but realized
that we
have relaxed some handling of media-src to allow data and blob URLs which may
not be supported
on other browsers, so I have left them unchanged until this review is complete.
However, this work revealed that WPT's tests do not have a test to confirm the
blocking case
for CSP, so I added two new WPT tests to verify that media-src 'self' blocks
data: and
blob: URLs for video and audio elements, with proper CSP violation event
assertions.
I unskipped the tests on macOS, but left the WPE as-is since I cannot confirm
that the tests
work properly on that platform.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-blob-url-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-blob-url.html:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-data-url-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/media-src/media-src-blocked-data-url.html:
Added.
* LayoutTests/platform/mac-wk1/TestExpectations:
* LayoutTests/platform/mac/TestExpectations:
*
LayoutTests/security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star-expected.html:
Removed.
*
LayoutTests/security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star-expected.txt:
Added.
*
LayoutTests/security/contentSecurityPolicy/video-with-blob-url-allowed-by-media-src-star.html:
*
LayoutTests/security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star-expected.html:
Removed.
*
LayoutTests/security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star-expected.txt:
Added.
*
LayoutTests/security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star.html:
Canonical link: https://commits.webkit.org/312528@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
