Firefox executes a dynamically modified inline script
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: tschuster, Unassigned)
References
Details
Attachments
(1 file)
|
1.25 KB,
text/html
|
Details |
I was investigating why we fail the following CSP test: https://wpt.fyi/results/content-security-policy/script-src/scripthash-changed-1.html.
I think the difference is not necessarily (just) a bug in CSP, but a fundamental difference in how we execute inline script code vs Chrome (and probably Safari). From reading the comments in the original test case, we should remember the initial source text from prepare the script element and use that during execute the script element. If I am understanding the test correctly, it is possible to modify the innerText in between those two steps and in Firefox that modified code is executed.
I am attaching a modified test case without the CSP bits that shows the difference vs. Chrome.
|
Reporter | |
Comment 1•10 months ago
|
||
|
||
Comment 2•10 months ago
|
||
Henri, do you know if this is known, and thoughts?
|
||
Comment 3•10 months ago
|
||
See also bug 1849107.
I think this particular case isn't known, but the general point that we should re-do our script execution step to happen per spec is known.
Description
•