Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 33fee5bcc422d6817f4f96b045fa0cef348f6a1d
https://github.com/WebKit/WebKit/commit/33fee5bcc422d6817f4f96b045fa0cef348f6a1d
Author: Charlie Wolfe <[email protected]>
Date: 2026-06-23 (Tue, 23 Jun 2026)
Changed paths:
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/blockeduri-inline-expected.txt
M Source/WebCore/dom/ScriptElement.cpp
M Source/WebCore/dom/ScriptElement.h
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
M Source/WebCore/page/csp/ContentSecurityPolicy.h
Log Message:
-----------
Report correct columnNumber for blocked inline scripts
https://bugs.webkit.org/show_bug.cgi?id=317435
rdar://180062046
Reviewed by Ryan Reno.
When CSP blocks a parser-inserted inline, use the parser's start column when
reporting the
SecurityPolicyViolationEvent instead of defaulting to column 1.
https://www.w3.org/TR/CSP3/#should-block-inline
https://www.w3.org/TR/CSP3/#report-violation
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/blockeduri-inline-expected.txt:
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::ScriptElement):
(WebCore::ScriptElement::requestModuleScript):
(WebCore::ScriptElement::executeClassicScript):
(WebCore::ScriptElement::registerImportMap):
(WebCore::ScriptElement::registerSpeculationRules):
* Source/WebCore/dom/ScriptElement.h:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowInlineScript const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:
Canonical link: https://commits.webkit.org/315726@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications