Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-26 01:54:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

script: Fix check for document root when targeting CSP events (#37474)

Browse source 
The check was incorrect, where it was never matching and always
discarding the element. Instead, we should check the owner document,
which is the shadow-including root of the node.

Part of #4577

---------

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-06-15 16:54:41 +02:00 committed by GitHub
parent 576c7445b8
commit f2d0be1b9a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 15 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

2
components/script/script_thread.rs
View file

@ -627,7 +627,7 @@ impl ScriptThread {
if let Some(window) = trusted_global.root().downcast::<Window>() {
// Step 5: If the result of should navigation request of type be blocked by
// Content Security Policy? given request and cspNavigationType is "Blocked", then return. [CSP]
if trusted_global.root().should_navigation_request_be_blocked(&load_data) {
if trusted_global.root().should_navigation_request_be_blocked(&load_data, None) {
return;
}
if ScriptThread::check_load_origin(&load_data.load_origin, &window.get_url().origin()) {