diff options
| author | Tim van der Lippe <TimvdLippe@users.noreply.github.com> | 2025-04-17 23:11:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-17 21:11:25 +0000 |
| commit | 2a81987590622feabd1beedb3c7cc87d6a88c85a (patch) | |
| tree | 1615f7c11bcbeeab8c43dad58c3980a7e072d32e /components/script/dom/htmlbodyelement.rs | |
| parent | 70b3e248168f1277e282a269bd1bf754fa7b784c (diff) | |
| download | servo-2a81987590622feabd1beedb3c7cc87d6a88c85a.tar.gz servo-2a81987590622feabd1beedb3c7cc87d6a88c85a.zip | |
Check CSP for inline event handlers (#36510)
This also ensures that document now reports all violations and we set
the correct directive.
With these changes, all `script-src-attr-elem` WPT tests pass.
Part of #36437
Requires servo/rust-content-security-policy#3 to land first
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Diffstat (limited to 'components/script/dom/htmlbodyelement.rs')
| -rw-r--r-- | components/script/dom/htmlbodyelement.rs | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/components/script/dom/htmlbodyelement.rs b/components/script/dom/htmlbodyelement.rs index ba3316f889b..5cd877cdf82 100644 --- a/components/script/dom/htmlbodyelement.rs +++ b/components/script/dom/htmlbodyelement.rs @@ -201,13 +201,14 @@ impl VirtualMethods for HTMLBodyElement { &local_name!("onresize") | &local_name!("onunload") | &local_name!("onerror") => { + let source = &**attr.value(); let evtarget = window.upcast::<EventTarget>(); // forwarded event let source_line = 1; //TODO(#9604) obtain current JS execution line evtarget.set_event_handler_uncompiled( window.get_url(), source_line, &name[2..], - DOMString::from((**attr.value()).to_owned()), + source, ); false }, |