Web Inspector: add object-src 'none' to the inspector.html
authorpfeldman@chromium.org <pfeldman@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 19 Oct 2012 13:13:15 +0000 (13:13 +0000)
committerpfeldman@chromium.org <pfeldman@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 19 Oct 2012 13:13:15 +0000 (13:13 +0000)
https://bugs.webkit.org/show_bug.cgi?id=99728

Reviewed by Vsevolod Vlasov.

* inspector/front-end/inspector.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@131892 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/inspector/front-end/inspector.html

index 078f297..8069184 100644 (file)
@@ -1,3 +1,12 @@
+2012-10-19  Pavel Feldman  <pfeldman@chromium.org>
+
+        Web Inspector: add object-src 'none' to the inspector.html
+        https://bugs.webkit.org/show_bug.cgi?id=99728
+
+        Reviewed by Vsevolod Vlasov.
+
+        * inspector/front-end/inspector.html:
+
 2012-10-19  Vsevolod Vlasov  <vsevik@chromium.org>
 
         Web Inspector: Get rid of isSnippetEvaluation flag on UISourceCode
index 486bea0..eda8ddf 100644 (file)
@@ -29,7 +29,7 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 <html>
 <head>
     <meta http-equiv="content-type" content="text/html; charset=utf-8">
-    <meta http-equiv="X-WebKit-CSP" content="script-src 'self' 'unsafe-eval'">
+    <meta http-equiv="X-WebKit-CSP" content="object-src 'none'; script-src 'self' 'unsafe-eval'">
     <link rel="stylesheet" type="text/css" href="dialog.css">
     <link rel="stylesheet" type="text/css" href="inspector.css">
     <link rel="stylesheet" type="text/css" href="inspectorCommon.css">