[Bug 27223] New: Need clarification on JavaScript execution when Content Security Policy is in place from bugzilla@jessica.w3.org on 2014-11-03 (public-browser-tools-testing@w3.org from October to December 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 03 Nov 2014 19:47:52 +0000
To: public-browser-tools-testing@w3.org
Message-ID: <bug-27223-5015@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27223

            Bug ID: 27223
           Summary: Need clarification on JavaScript execution when
                    Content Security Policy is in place
           Product: Browser Test/Tools WG
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebDriver
          Assignee: public-browser-tools-testing@w3.org
          Reporter: james.h.evans.jr@gmail.com
        QA Contact: public-browser-tools-testing@w3.org
                CC: mike@w3.org

If a page has a Content Security Policy applied (spec:
https://w3c.github.io/webappsec/specs/content-security-policy/), it may prevent
the execution of user-supplied JavaScript via the executeScript command. This
is because the injected JavaScript would have no source which could be
validated by the policy. The WebDriver spec should have language describing how
a driver should behave in this event.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 3 November 2014 19:47:53 UTC