Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 33fee5bcc422d6817f4f96b045fa0cef348f6a1d
      
https://github.com/WebKit/WebKit/commit/33fee5bcc422d6817f4f96b045fa0cef348f6a1d
  Author: Charlie Wolfe <[email protected]>
  Date:   2026-06-23 (Tue, 23 Jun 2026)

  Changed paths:
    M 
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/blockeduri-inline-expected.txt
    M Source/WebCore/dom/ScriptElement.cpp
    M Source/WebCore/dom/ScriptElement.h
    M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.h

  Log Message:
  -----------
  Report correct columnNumber for blocked inline scripts
https://bugs.webkit.org/show_bug.cgi?id=317435
rdar://180062046

Reviewed by Ryan Reno.

When CSP blocks a parser-inserted inline, use the parser's start column when 
reporting the
SecurityPolicyViolationEvent instead of defaulting to column 1.

https://www.w3.org/TR/CSP3/#should-block-inline
https://www.w3.org/TR/CSP3/#report-violation

* 
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/blockeduri-inline-expected.txt:
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::ScriptElement):
(WebCore::ScriptElement::requestModuleScript):
(WebCore::ScriptElement::executeClassicScript):
(WebCore::ScriptElement::registerImportMap):
(WebCore::ScriptElement::registerSpeculationRules):
* Source/WebCore/dom/ScriptElement.h:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowInlineScript const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:

Canonical link: https://commits.webkit.org/315726@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to