Closed Bug 1797070 Opened 3 years ago Closed 3 years ago

CSP: Add basic implementation of unsafe-hashes behind a flag

Categories

(Core :: DOM: Security, task, P2)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox108 --- fixed

People

(Reporter: tschuster, Assigned: tschuster)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1797070 - CSP: Add a basic implementation of unsafe-hashes behind a flag. r?freddyb
48 bytes, text/x-phabricator-request
Details | Review

A basic implementation of unsafe-hashes actually fits quite well into our existing implementation. However there is one preexisting problem not directly related to unsafe-hashes, but causes most of the test failures: We always treat javascript: as inline script elements instead of attributes.

No longer blocks: CVE-2022-46873
Blocks: CVE-2022-46873
Assignee: nobody → tschuster
Severity: -- → S3
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Attachment #9299859 - Attachment description: WIP: Bug 1797070 - CSP: Add a basic implementation of unsafe-hashes behind a flag → Bug 1797070 - CSP: Add a basic implementation of unsafe-hashes behind a flag. r?freddyb
Blocks: 1788864
Pushed by tschuster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/89eced845825 CSP: Add a basic implementation of unsafe-hashes behind a flag. r=freddyb

https://hg.mozilla.org/mozilla-central/rev/89eced845825

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox108: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch
Regressions: 1805948
Regressions: 1806845
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: