Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1a1efe9cf4e6709cfaba6f7f637105d331283a5f
https://github.com/WebKit/WebKit/commit/1a1efe9cf4e6709cfaba6f7f637105d331283a5f
Author: Roberto Rodriguez <[email protected]>
Date: 2026-06-05 (Fri, 05 Jun 2026)
Changed paths:
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-allowed-img-src-none-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-allowed-img-src-none.html
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-allowed-img-src-none.html.sub.headers
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed-img-src-none-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed-img-src-none.html
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed-img-src-none.html.sub.headers
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
Log Message:
-----------
<object> elements loading images are incorrectly blocked by img-src CSP
directive
https://bugs.webkit.org/show_bug.cgi?id=316356
rdar://178772677
Reviewed by Ryan Reno and Anne van Kesteren.
When an <object> element loads image content, the resource is checked against
both object-src
and img-src. A page with object-src *; img-src 'none' incorrectly blocks images
in object tags.
Per the spec, object-src is the only directive that should apply.
Fix by short-circuiting the content security policy check for plugin elements
so that only object-src
is evaluated. The subsequent type-based directive lookup no longer runs for
resources loaded by object
or embed tags.
Test:
imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-allowed-img-src-none.html
imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed-img-src-none.html
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-allowed-img-src-none-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-allowed-img-src-none.html:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-allowed-img-src-none.html.sub.headers:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed-img-src-none-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed-img-src-none.html:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/object-src/object-src-url-embed-allowed-img-src-none.html.sub.headers:
Added.
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy const):
Canonical link: https://commits.webkit.org/314668@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
