Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-18 03:45:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Check CSP for javascript: URLs (#36709)

Browse source 
Also update a WPT test to fail-fast if the iframe incorrectly
evaluates the `eval`. Before, it would run into a timeout if
the implementation is correct. Now we reject the promise
when an exception is thrown.

Requires servo/rust-content-security-policy#6

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-05-02 22:13:31 +02:00 committed by GitHub
parent b8971e528f
commit dd63325f50
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 70 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/wpt/meta/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html.ini vendored
View file

@ -1,4 +1,3 @@
[eval-blocked-in-about-blank-iframe.html]
expected: ERROR
[eval-blocked-in-about-blank-iframe]
expected: TIMEOUT
expected: FAIL