Closed Bug 1567059 Opened 5 years ago Closed 5 years ago

Write test to ensure bookmarklets are not subject to CSP after making javascript: loads subject to target document's CSP

Categories

(Core :: DOM: Security, task, P1)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox70 --- fixed

People

(Reporter: ckerschb, Assigned: sstreich)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1567059 - Add test for CSP and Bookmarklet interaction r=ckerschb
47 bytes, text/x-phabricator-request
Details | Review

As a follow up to Bug 1478037 and also Bug 1555043 we should ensure that bookmarklets are not subject to the target's document CSP.

Priority: -- → P1
Whiteboard: [domsecurity-active]

Sebastian said he can help me out writing that test.

Assignee: ckerschb → streich.mobile
Keywords: checkin-needed

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fce57acf9348
Add test for CSP and Bookmarklet interaction r=ckerschb,bzbarsky

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/fce57acf9348

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox70: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: