Open Bug 1488672 Opened 7 years ago Updated 3 years ago

[wpt-sync] Sync PR 12843 - Reland "Implement script and style attr/elem CSP directives"

Categories

(Core :: DOM: Security, enhancement, P4)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 12843 into mozilla-central (this bug is closed when the sync is complete). PR: https://github.com/web-platform-tests/wpt/pull/12843 Details from upstream follow. Samuel Huang <huangs@chromium.org> wrote: > Reland "Implement script and style attr/elem CSP directives" > > This reverts commit bde179ef37774467df673068e992dcaca70dabd0. > > Reason for revert: http://crrev.com/880583 : The ASan LSan problems disappeared even before the revert was included, and once revert was included there were no extra fix. Therefore relanding the CL. > > Original change's description: > > Revert "Implement script and style attr/elem CSP directives" > > > > This reverts commit b691cab26e14046d1dda50c71ecfb6042750d7b2. > > > > Reason for revert: http://crbug.com/880583 : ASan detected memory leaks, so speculatively reverting. > > > > Original change's description: > > > Implement script and style attr/elem CSP directives > > > > > > The functionality is behind the > > > ContentSecurityPolicyExperimentalFeaturesEnabled flag > > > > > > I2IS: Coming Soon > > > > > > Spec: > > > https://w3c.github.io/webappsec-csp/#directive-script-src-elem > > > https://w3c.github.io/webappsec-csp/#directive-script-src-attr > > > https://w3c.github.io/webappsec-csp/#directive-style-src-elem > > > https://w3c.github.io/webappsec-csp/#directive-style-src-attr > > > > > > Change-Id: Ic1638cac15c7ec488fcc7a4c9f6261b97502090a > > > Reviewed-on: https://chromium-review.googlesource.com/1181050 > > > Commit-Queue: Andy Paicu <andypaicu@chromium.org> > > > Reviewed-by: Mike West <mkwst@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#588534} > > > > TBR=mkwst@chromium.org,andypaicu@chromium.org > > > > Change-Id: I385cd9eae7190412199496b3625dbf94d1fa45a6 > > No-Presubmit: true > > No-Tree-Checks: true > > No-Try: true > > Reviewed-on: https://chromium-review.googlesource.com/1205392 > > Reviewed-by: Samuel Huang <huangs@chromium.org> > > Commit-Queue: Samuel Huang <huangs@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#588674} > > TBR=huangs@chromium.org,mkwst@chromium.org,andypaicu@chromium.org > > Change-Id: Id0429ccdf59ec803077394f2300058051b0492c2 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/1205478 > Reviewed-by: Samuel Huang <huangs@chromium.org> > Commit-Queue: Samuel Huang <huangs@chromium.org> > Cr-Commit-Position: refs/heads/master@{#588785} >
Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.