Sort out interaction of CSP and javascript: URLs
Categories
(Core :: DOM: Security, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox67 | --- | unaffected |
| firefox68 | --- | unaffected |
| firefox69 | + | unaffected |
| firefox70 | --- | fixed |
People
(Reporter: bzbarsky, Assigned: ckerschb)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [domsecurity-active])
Attachments
(1 file)
[Tracking Requested - why for this release]: Web-observable behavior change that we apparently didn't mean to make.
See https://github.com/whatwg/html/issues/4651
In particular, we changed our behavior here in bug 965637, which I am told was not purposeful. We need to decide whether we actually want that behavior change before we ship it accidentally.
|
Assignee | |
Updated•6 years ago
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 2•5 years ago
|
||
(In reply to Kate Hudson :k88hudson from comment #1)
Is this being worked on for 69?
I am trying, yes.
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 3•5 years ago
|
||
|
Reporter | |
Comment 4•5 years ago
|
||
The web-visible change from bug 965637 was reverted in bug 1478037. So there's no need to track this anymore.
|
|
Assignee | |
Comment 5•5 years ago
|
||
(In reply to Boris Zbarsky [:bzbarsky, bz on IRC] from comment #4)
The web-visible change from bug 965637 was reverted in bug 1478037. So there's no need to track this anymore.
In turn, this makes this bug a task. Thanks for your help here Boris.
|
||
Updated•5 years ago
|
|
||
Comment 7•5 years ago
|
||
| bugherder | ||
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Updated•3 years ago
|
Description
•