27223 – Need clarification on JavaScript execution when Content Security Policy is in place

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 27223 - Need clarification on JavaScript execution when Content Security Policy is in place

Summary: Need clarification on JavaScript execution when Content Security Policy is in...

Status:	NEW

Alias:	None

Product:	Browser Test/Tools WG
Classification:	Unclassified
Component:	WebDriver (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Browser Testing and Tools WG
QA Contact:	Browser Testing and Tools WG

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-03 19:47 UTC by Jim Evans
Modified:	2014-11-03 19:47 UTC (History)
CC List:	1 user (show)

See Also:

Attachments

Description Jim Evans 2014-11-03 19:47:52 UTC

If a page has a Content Security Policy applied (spec: https://w3c.github.io/webappsec/specs/content-security-policy/), it may prevent the execution of user-supplied JavaScript via the executeScript command. This is because the injected JavaScript would have no source which could be validated by the policy. The WebDriver spec should have language describing how a driver should behave in this event.