248066 – Block loading remote content in console message style formatter.

RESOLVED FIXED248066

Block loading remote content in console message style formatter.

https://bugs.webkit.org/show_bug.cgi?id=248066

Summary Block loading remote content in console message style formatter.

Ryan Reno

Reported 2022-11-17 16:13:00 PST

The console spec doesn't specify the behavior of the %c formatter. There isn't a great use case for loading remote content in any of our allowed CSS properties so we should block the use of url and src CSS functions.

Attachments
Add attachment proposed patch, testcase, etc.

Ryan Reno

Comment 1 2022-11-17 16:13:15 PST

<rdar://problem/101434152>

Ryan Reno

Comment 2 2022-11-17 16:15:42 PST

Pull request: https://github.com/WebKit/WebKit/pull/6613

EWS

Comment 3 2022-11-18 10:10:47 PST

Committed 256840@main (e0bf4081c1a0): <https://commits.webkit.org/256840@main> Reviewed commits have been landed. Closing PR #6613 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Web Inspector

Assignee

Ryan Reno

Reported

2022-11-17 16:13 PST

Modified

2022-11-18 10:10 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks