commit | e598765e4822eac833a547abca92ce87a1287dc0 | [log] [tgz] |
---|---|---|
author | mkwst <mkwst@chromium.org> | Wed Nov 30 12:36:42 2016 |
committer | Commit bot <commit-bot@chromium.org> | Wed Nov 30 12:38:50 2016 |
tree | 7f852860ef0125014cab63a7c06576e95722588a | |
parent | 0c90e3e66218b17c8d1de1bdd8aaf8973c1a5359 [diff] |
CSP: "local schemes" should inherit policy when window.opened. https://w3c.github.io/webappsec-csp/#initialize-document-csp mandates that resources with "local schemes" ('data:', 'blob:', 'filesystem:', 'about:') inherit the policy of their opening context when opened via things like 'window.open'. We're not doing that, but we ought to. BUG=669086 R=jochen@chromium.org Review-Url: https://codereview.chromium.org/2530343006 Cr-Commit-Position: refs/heads/master@{#435233}