Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-15 11:23:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

Return correct source position for element CSP violations (#37970)

Browse source 
The scripted_caller only has information if the context is coming
from a script. If an element fetch listener processes CSP
violations, then this information doesn't exist. Instead, we should
use the global URL and the line number. WPT tests don't appear
to expect a column number, as they are all zero. Not all elements
are updated, as I am not actually sure all of them need it.

The source position remains an Option, since there are also code
paths that don't correspond to element or script sources. Maybe
in the future we can always determine the source position, but
let's take small steps towards that.

Part of #4577

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Tim van der Lippe 2025-07-11 10:42:51 +02:00 committed by GitHub
parent 3c1bc1a92d
commit 8edc6ba1b2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
21 changed files with 103 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

2
components/script/script_thread.rs
View file

@ -3789,7 +3789,7 @@ impl ScriptThread {
fn handle_csp_violations(&self, id: PipelineId, _: RequestId, violations: Vec<Violation>) {
if let Some(global) = self.documents.borrow().find_global(id) {
// TODO(https://github.com/w3c/webappsec-csp/issues/687): Update after spec is resolved
global.report_csp_violations(violations, None);
global.report_csp_violations(violations, None, None);
}
}