Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors from data: scripts should not be muted #1778

Closed
bzbarsky opened this issue Sep 13, 2016 · 0 comments · Fixed by #1782
Closed

Errors from data: scripts should not be muted #1778

bzbarsky opened this issue Sep 13, 2016 · 0 comments · Fixed by #1782
Assignees
@annevk
Labels
topic: fetch

Comments

@bzbarsky
Copy link
Contributor

There's no security reason I can think of to do this; it just makes sites harder to debug.
@domenic domenic mentioned this issue Sep 13, 2016
Closed
@annevk annevk assigned annevk and unassigned mikewest Sep 14, 2016
annevk added a commit that referenced this issue Sep 14, 2016
@annevk
Remove Fetch's same-origin data URL flag
513d54a 
The change to Fetch discussed in
whatwg/fetch#381 made it obsolete.

Closes #1243, closes #1778, and closes #1779 as these are all treated
as same-origin now per the change to Fetch.
@annevk annevk mentioned this issue Sep 14, 2016
Merged
annevk added a commit that referenced this issue Sep 30, 2016
@annevk
Remove Fetch's same-origin data URL flag
e548c55 
The change to Fetch discussed in
whatwg/fetch#381 made it obsolete.

Closes #1243, closes #1778, and closes #1779 as these are all treated
as same-origin now per the change to Fetch.
annevk added a commit that referenced this issue Oct 7, 2016
@annevk
Remove Fetch's same-origin data URL flag
5e7028e 
The change to Fetch discussed in
whatwg/fetch#381 made it obsolete.

Closes #1243, closes #1778, and closes #1779 as these are all treated
as same-origin now per the change to Fetch.
annevk added a commit that referenced this issue Oct 10, 2016
@annevk
Remove Fetch's same-origin data URL flag
a61e36d 
The change to Fetch discussed in
whatwg/fetch#381 made it obsolete.

Closes #1778, and closes #1779 as these are all treated as
same-origin now per the change to Fetch.
domenic pushed a commit that referenced this issue Oct 10, 2016
@annevk @domenic
Remove Fetch's same-origin data URL flag
7204ca9 
The change to Fetch discussed in
whatwg/fetch#381 made it obsolete.

Closes #1778, and closes #1779 as these are all treated as
same-origin now per the change to Fetch.
hubot pushed a commit to WebKit/WebKit-http that referenced this issue Jun 3, 2017
Script modules should be able to import data urls
aeb37f3 
https://bugs.webkit.org/show_bug.cgi?id=171594

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/scripting-1/the-script-element/data-url-expected.txt:
* web-platform-tests/html/webappapis/scripting/processing-model-2/compile-error-data-url-expected.txt:
* web-platform-tests/html/webappapis/scripting/processing-model-2/runtime-error-data-url-expected.txt:

Source/WebCore:

Tests: js/dom/classic-script-with-data-url.html
       js/dom/modules/module-script-with-data-url.html

Script tag resources should have SameOriginDataURLFlag::Set to load data URLs
since script tags should treat data URLs as same origin.

* bindings/js/CachedScriptFetcher.cpp:
(WebCore::CachedScriptFetcher::requestScriptWithCache):

LayoutTests:

* http/tests/security/script-with-dataurl-expected.txt:
* http/tests/security/script-with-dataurl.html:
Now, the spec is changed and errors from data: scripts should not be muted.
whatwg/html#1778

* js/dom/classic-script-with-data-url-expected.txt: Added.
* js/dom/classic-script-with-data-url.html: Added.
* js/dom/modules/module-script-with-data-url-expected.txt: Added.
* js/dom/modules/module-script-with-data-url.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@217760 268f45cc-cd09-0410-ab3c-d52691b4dbfc
alice pushed a commit to alice/html that referenced this issue Jan 8, 2019
@annevk
Remove Fetch's same-origin data URL flag
54db959 
The change to Fetch discussed in
whatwg/fetch#381 made it obsolete.

Closes whatwg#1778, and closes whatwg#1779 as these are all treated as
same-origin now per the change to Fetch.
ryanhaddad pushed a commit to WebKit/WebKit that referenced this issue Dec 22, 2020
@Constellation
Script modules should be able to import data urls
74b47b9 
https://bugs.webkit.org/show_bug.cgi?id=171594

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/scripting-1/the-script-element/data-url-expected.txt:
* web-platform-tests/html/webappapis/scripting/processing-model-2/compile-error-data-url-expected.txt:
* web-platform-tests/html/webappapis/scripting/processing-model-2/runtime-error-data-url-expected.txt:

Source/WebCore:

Tests: js/dom/classic-script-with-data-url.html
       js/dom/modules/module-script-with-data-url.html

Script tag resources should have SameOriginDataURLFlag::Set to load data URLs
since script tags should treat data URLs as same origin.

* bindings/js/CachedScriptFetcher.cpp:
(WebCore::CachedScriptFetcher::requestScriptWithCache):

LayoutTests:

* http/tests/security/script-with-dataurl-expected.txt:
* http/tests/security/script-with-dataurl.html:
Now, the spec is changed and errors from data: scripts should not be muted.
whatwg/html#1778

* js/dom/classic-script-with-data-url-expected.txt: Added.
* js/dom/classic-script-with-data-url.html: Added.
* js/dom/modules/module-script-with-data-url-expected.txt: Added.
* js/dom/modules/module-script-with-data-url.html: Added.


Canonical link: https://commits.webkit.org/189788@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217760 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@annevk annevk

Labels
topic: fetch
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adapt to Fetch's data URL changes whatwg/html
3 participants
@mikewest @bzbarsky @annevk