Open Bug 1942306 Opened 1 month ago Updated 1 month ago

Add CSP support for "Create a Trusted Type Policy" for Workers

Categories

(Core :: DOM: Security, task)

Product:

Component:

Type:

task

Priority:

Not set

Severity:

--

Tracking

()

Status:

NEW

People

(Reporter: fredw, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Whiteboard: [domsecurity-backlog])

Frédéric Wang (:fredw)

Reporter

Description

•

1 month ago

Follow-up of bug 1901492.

See

https://searchfox.org/mozilla-central/rev/86c208f86f35d53dc824f18f8e540fe5b0663870/dom/security/trusted-types/TrustedTypePolicyFactory.cpp#61-70
https://w3c.github.io/trusted-types/dist/spec/#should-block-create-policy
https://github.com/w3c/trusted-types/issues/574

The rough idea will be to somehow expose trusted-types directives via CSPInfo, so they can be accessed from the worker thread.

In bug 1901492, this was done for require-trusted-types-for but the data was much simpler (essentially a three states enum).

Frédéric Wang (:fredw)

Reporter

Updated

•

1 month ago

No longer blocks: 1916956, 1931293, 1931829, 1931856, 1940044

You need to log in before you can comment on or make changes to this bug.