Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 421a4d041cbc7743843f5c824f205c0ca017cb98
https://github.com/WebKit/WebKit/commit/421a4d041cbc7743843f5c824f205c0ca017cb98
Author: Tim Nguyen <[email protected]>
Date: 2025-03-21 (Fri, 21 Mar 2025)
Changed paths:
M Source/WebCore/dom/Document.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIScripting.mm
Log Message:
-----------
Extension content scripts are not exempted from Trusted Types page CSP
https://bugs.webkit.org/show_bug.cgi?id=290037
rdar://147411842
Reviewed by Timothy Hatcher and Ryosuke Niwa.
Extension content scripts run into their own world, and webpages that use a
Trusted Types CSP should not affect content scripts written by extensions.
Change `Document::requiresTrustedTypes` to only enforce the checks when the
script executing is in the main world (the document's), to exclude
extension content scripts.
Credits to Timothy Hatcher for the test.
* Source/WebCore/dom/Document.h:
(WebCore::Document::requiresTrustedTypes const):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIScripting.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIScripting,
InjectScriptWithTrustedTypesCSP)):
Canonical link: https://commits.webkit.org/292473@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
