You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's no punting. HostEnsureCanCompileStrings doesn't get to inspect its argument. So it should block it regardless.
This would be a great web platform test for someone to write. If we find all browsers don't have CSP block eval of non-strings, then we should consider updating the spec infrastructure, probably by updating ES to not call HostEnsureCanCompileStrings in such cases.
e.g. should eval(1) return 1 or throw an exception?
The text was updated successfully, but these errors were encountered: