Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-09 15:35:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
52321 commits 158 branches 5 tags 1.6 GiB
Commit graph

5 commits

Author SHA1 Message Date
Servo WPT Sync
84f0cd5801
Sync WPT with upstream (10-07-2025) (#37974) 
Automated downstream sync of changes from upstream as of 10-07-2025
[no-wpt-sync]

Signed-off-by: WPT Sync Bot <ghbot+wpt-sync@servo.org>
 2025-07-10 03:09:13 +00:00
Servo WPT Sync
9a0f2be162
Sync WPT with upstream (29-06-2025) (#37774) 
Automated downstream sync of changes from upstream as of 29-06-2025
[no-wpt-sync]

Signed-off-by: WPT Sync Bot <ghbot+wpt-sync@servo.org>
 2025-06-29 01:47:33 +00:00
Tim van der Lippe
539ca27284
Propagate parent policy container to local iframes (#36710) 
This follows the rules as defined in
https://w3c.github.io/webappsec-csp/#security-inherit-csp
where local iframes (about:blank and about:srcdoc) should
initially start with the CSP rules of the parent. After
that, all new CSP headers should only be set on the
policy container of the iframe.

Part of #36437

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
 2025-05-03 08:47:40 +00:00
Tim van der Lippe
dd63325f50
Check CSP for javascript: URLs (#36709) 
Also update a WPT test to fail-fast if the iframe incorrectly
evaluates the `eval`. Before, it would run into a timeout if
the implementation is correct. Now we reject the promise
when an exception is thrown.

Requires servo/rust-content-security-policy#6

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
 2025-05-02 20:13:31 +00:00
Chocolate Pie
92866ab911
enhance: Add support for unsafe-eval and wasm-unsafe-eval (#32893) 
Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
 2024-08-01 17:26:44 +00:00