mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-08-07 00:29:15 +00:00
LibWeb: Track if element was created from token with dupe attributes
This is required for CSP to ignore the nonce attribute to prevent duplicate attributes hijacking the attribute. See https://w3c.github.io/webappsec-csp/#security-nonce-hijacking
This commit is contained in:
Luke Wilde
Andrew Kaster
parent
b6b030aa43
commit
2368641de5
Notes:
github-actions[bot]
2025-07-09 21:54:13 +00:00
Author: https://github.com/Lubrsi
Commit: 2368641de5
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/5328
Reviewed-by: https://github.com/ADKaster ✅
5 changed files with 27 additions and 0 deletions
|
|
@ -4067,4 +4067,9 @@ bool Element::should_indicate_focus() const
|
|||
return false;
|
||||
}
|
||||
|
||||
void Element::set_had_duplicate_attribute_during_tokenization(Badge<HTML::HTMLParser>)
|
||||
{
|
||||
m_had_duplicate_attribute_during_tokenization = true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue