Fix algorithms called with missing parameters#806
Conversation
index.bs
Outdated
| returns "`Allowed`" when executed upon null, | ||
| "`navigation`" and |navigation request|'s <a for="request">current URL</a>, | ||
| "`navigation`", |navigation request|'s <a for="request">current URL</a>, | ||
| and |navigation request|'s <a for="request">current URL</a> [=url/path=], |
There was a problem hiding this comment.
Copy/paste error? current URL is listed twice.
There was a problem hiding this comment.
This is missing a 's, but we need both the URL and the URL's path I believe (the URL's path in this case is the script being executed, and is used for checking hashes).
There was a problem hiding this comment.
I looked again, but I'm more confused. :) I think this will bottom out in script-src-elem's inline check, which takes an Element, a type, a policy, and a source. I think you intend to add |policy| here, not to add a path. The current URL is the source, and that gets passed into https://w3c.github.io/webappsec-csp/#match-element-to-source-list in step 4.
There was a problem hiding this comment.
Sorry. You are of course right and I was wrong. I was confused because the number of arguments didn't match, but the problem was that we were not passing policy. While the current URL was just fine. Should be fixed now.
antosart
force-pushed
the
wrong-arguments
branch
from
0065030 to
49a2136
Compare
antosart
force-pushed
the
wrong-arguments
branch
from
49a2136 to
60ace4f
Compare
|
Thanks! LGTM. |
SHA: a20d8fb Reason: push, by mikewest Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2 participants
This change adds missing parameters to the call sites of a few algorithms.
Preview | Diff