diff options
| author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-08-25 09:36:20 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-22 11:20:38 +0100 |
| commit | b4dac5093a75a024643b93aef88758770df73c55 (patch) | |
| tree | 52b65bf6c091687f9e123c65db45a6f9de17fcec /dom/security/nsCSPContext.cpp | |
| parent | a06ce3f03b260d59199dba7e01ea8afb3de1ef59 (diff) | |
| download | UXP-b4dac5093a75a024643b93aef88758770df73c55.tar UXP-b4dac5093a75a024643b93aef88758770df73c55.tar.gz UXP-b4dac5093a75a024643b93aef88758770df73c55.tar.lz UXP-b4dac5093a75a024643b93aef88758770df73c55.tar.xz UXP-b4dac5093a75a024643b93aef88758770df73c55.zip | |
CSP: Ignore nonces on <img> per spec
Diffstat (limited to 'dom/security/nsCSPContext.cpp')
| -rw-r--r-- | dom/security/nsCSPContext.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp index 0a3e20305..5e435d4ca 100644 --- a/dom/security/nsCSPContext.cpp +++ b/dom/security/nsCSPContext.cpp @@ -156,10 +156,13 @@ nsCSPContext::ShouldLoad(nsContentPolicyType aContentType, nsAutoString nonce; bool parserCreated = false; if (!isPreload) { - nsCOMPtr<nsIDOMHTMLElement> htmlElement = do_QueryInterface(aRequestContext); - if (htmlElement) { - rv = htmlElement->GetAttribute(NS_LITERAL_STRING("nonce"), nonce); - NS_ENSURE_SUCCESS(rv, rv); + if (aContentType == nsIContentPolicy::TYPE_SCRIPT || + aContentType == nsIContentPolicy::TYPE_STYLESHEET) { + nsCOMPtr<nsIDOMHTMLElement> htmlElement = do_QueryInterface(aRequestContext); + if (htmlElement) { + rv = htmlElement->GetAttribute(NS_LITERAL_STRING("nonce"), nonce); + NS_ENSURE_SUCCESS(rv, rv); + } } nsCOMPtr<nsIScriptElement> script = do_QueryInterface(aRequestContext); |