Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CSP] Factorize SVGElement & MHTMLElement nonce hiding. #22021

Merged
merged 1 commit into from
Mar 4, 2020

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Feb 28, 2020

According to:
whatwg/html#2373
html and svg Element are hiding their nonce when there are at least one
Content-Security-Policy defined from an HTTP header.

The two implementation:

  • HTMLElement::InsertedInto
  • SVGElement::InsertedInto

were hidding the nonce slightly differently. To prevent further
divergence, factorize this implementation into Element::HideNonce() and
call it from both places.

Bug: 1053496
Change-Id: I3cbad88f70c61591bef060d4188c82388e6001d2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2078536
Commit-Queue: Arthur Sonzogni <[email protected]>
Reviewed-by: Mike West <[email protected]>
Reviewed-by: Fredrik Söderquist <[email protected]>
Cr-Commit-Position: refs/heads/master@{#746837}

Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Chromium project.

@chromium-wpt-export-bot chromium-wpt-export-bot changed the title [CSP] Factorize SVGElement & MHTMLElement nonce hidding. [CSP] Factorize SVGElement & MHTMLElement nonce hiding. Feb 28, 2020
@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2078536 branch 2 times, most recently from 42699b2 to 51d6bc7 Compare March 4, 2020 15:35
According to:
whatwg/html#2373
html and svg Element are hiding their nonce when there are at least one
Content-Security-Policy defined from an HTTP header.

The two implementation:
- HTMLElement::InsertedInto
- SVGElement::InsertedInto

were hidding the nonce slightly differently. To prevent further
divergence, factorize this implementation into Element::HideNonce() and
call it from both places.

Bug: 1053496
Change-Id: I3cbad88f70c61591bef060d4188c82388e6001d2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2078536
Commit-Queue: Arthur Sonzogni <[email protected]>
Reviewed-by: Mike West <[email protected]>
Reviewed-by: Fredrik Söderquist <[email protected]>
Cr-Commit-Position: refs/heads/master@{#746837}
@chromium-wpt-export-bot chromium-wpt-export-bot merged commit 06705ea into master Mar 4, 2020
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-2078536 branch March 4, 2020 18:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants