New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #14422 and add more thorough check for CSP violations #1413
Conversation
// Beware of CSP restrictions (https://developer.mozilla.org/en/Security/CSP) | ||
div.setAttribute( eventName, "t" ); | ||
support[ i + "Bubbles" ] = div.attributes[ eventName ].expando === false; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why make these support.js changes? They don't seem to relate to testing CSP.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See this for more info.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, got it. Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I probably should note, that new assertion actually miss Firefox thing, as it turns out, Firefox do not send csp reports if error happen in the iframe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seriously?!? What if we used window.open
for this one test?
Edit: Nevermind my fevered ramblings; obviously popup blockers kill that thought.
@gibson042 done |
👍 |
Landed via 9e3d0f3 |
/cc @gibson042, @dmethvin