Jochen, WDYT? This is probably going to break things in Chromium until https://codereview.chromium.org/1184353002 lands. Might ...
4 years, 10 months ago
(2015-06-16 13:05:58 UTC)
#2
Jochen, WDYT?
This is probably going to break things in Chromium until
https://codereview.chromium.org/1184353002 lands. Might break things in CrOS as
well. Hooray for bad decisions I made ~2 years ago.
I'll send a PSA to blink-dev@ when you're happy with the change.
jochen (gone - plz use gerrit)
lgtm
4 years, 10 months ago
(2015-06-16 13:21:47 UTC)
#3
lgtm
Mike West
On 2015/06/16 at 13:21:47, jochen wrote: > lgtm After the research I noted in https://codereview.chromium.org/1176203008#msg4, ...
4 years, 10 months ago
(2015-06-18 12:32:12 UTC)
#4
On 2015/06/16 at 13:21:47, jochen wrote:
> lgtm
After the research I noted in https://codereview.chromium.org/1176203008#msg4,
I've carved out an exception for `chrome-extension:` and
`chrome-extension-resource:` URLs by applying the correct behavior for webby
contexts, and the incorrect behavior for contexts whose URL schemes are
registered as bypassing CSP. The unit test now verifies this behavior.
WDYT, Jochen? I sent a PSA to blink-dev@ as well, and I'd like to get this into
45, but I'll hold off if you think it's controversial enough to argue about a
bit. :)
jochen (gone - plz use gerrit)
lgtm
4 years, 10 months ago
(2015-06-18 12:57:05 UTC)
#5
lgtm
Mike West
The CQ bit was checked by mkwst@chromium.org
4 years, 10 months ago
(2015-06-18 13:26:14 UTC)
#6
Issue 1178373004: 'blob:' URLs should not match 'self' in CSP source expression lists.
(Closed)
Created 4 years, 10 months ago by Mike West
Modified 4 years, 10 months ago
Reviewers: jochen (gone - plz use gerrit)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Comments: 0
Chromium Code Reviews
