Skip to content

merge_pr_46977
Compare
Choose a tag to compare
@github-actions github-actions released this 03 Jul 18:08
merge_pr_46977
5dae272

part 5) Provoke a CSP violation for object-src 'none' with "video/mp4" and dummy data instead of with the flash plugin in <trusted-types-reporting.html>.

The spec (https://w3c.github.io/webappsec-csp/#object-src) doesn't
specify for which types a default plugin is loaded.
Moreover, it doesn't specify the behavior when plugin content can not
be loaded.

This patch increases web-compatibility, because it provokes a CSP
violation for Gecko/Firefox too.

Differential Revision: https://phabricator.services.mozilla.com/D215363

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1901510
gecko-commit: e68da2d23a8e7266701e94dc87e4158cf66c93ca
gecko-reviewers: tschuster

Assets 8
Loading