Closed Bug 673645 Opened 13 years ago Closed 13 years ago

CSP needs object URL support

Categories

(Core :: DOM: Core & HTML, enhancement)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: sephr, Unassigned)

References

(Blocks 1 open bug)

Details

Since the object URL scheme is implementation specific (e.g. moz-filedata:{GUID} in Firefox, blob:{origin}{GUID} in WebKit), CSP needs special functionality for object URLs. Note that object URLs are not always purely user generated content, and is often generated by the application (e.g. to save a <canvas> image) as a more efficient alternative to data: URLs.
Blocks: CSP
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Component: Security → DOM: Core & HTML
Ever confirmed: true
QA Contact: toolkit → general
I think it should stay being treated as from 'self' as per this discussion (https://groups.google.com/d/topic/mozilla.dev.security/rTLr3IymiSk/discussion), and I should not have filed this bug.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.