Status

()

enhancement
RESOLVED INVALID
8 years ago
8 years ago

People

(Reporter: sephr, Unassigned)

Tracking

(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

Since the object URL scheme is implementation specific (e.g. moz-filedata:{GUID} in Firefox, blob:{origin}{GUID} in WebKit), CSP needs special functionality for object URLs. Note that object URLs are not always purely user generated content, and is often generated by the application (e.g. to save a <canvas> image) as a more efficient alternative to data: URLs.
Blocks: CSP
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Component: Security → DOM: Core & HTML
Ever confirmed: true
QA Contact: toolkit → general
I think it should stay being treated as from 'self' as per this discussion (https://groups.google.com/d/topic/mozilla.dev.security/rTLr3IymiSk/discussion), and I should not have filed this bug.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.