Bug 269156
| Summary: | Enforce conformant whitespace requirements for CSP policies | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | sideshowbarker <mike> |
| Component: | WebCore Misc. | Assignee: | sideshowbarker <mike> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | annevk |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
sideshowbarker
Per https://w3c.github.io/webappsec-csp/#grammardef-optional-ascii-whitespace, the CSP spec throughout restricts allowed/required whitespace characters to the set of code points defined as “ASCII whitespace” in https://infra.spec.whatwg.org/#ascii-whitespace — which excludes the U+000B LINE TABULATION code point that some other specs additionally allow as whitespace.
However, the current WebKit code currently allows the U+000B LINE TABULATION code point as whitespace in places where the CSP spec requirements disallow it.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
sideshowbarker
I noticed this while working on the https://github.com/WebKit/WebKit/pull/24217 patch.
sideshowbarker
Pull request: https://github.com/WebKit/WebKit/pull/24222
sideshowbarker
*** This bug has been marked as a duplicate of bug 255990 ***