Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(34)

Side by Side Diff: Source/core/css/StyleSheetContents.cpp

Issue 1169713004: Allow lax MIME type parsing for same-origin CSS in quirks mode. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Comment. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * (C) 1999-2003 Lars Knoll (knoll@kde.org) 2 * (C) 1999-2003 Lars Knoll (knoll@kde.org)
3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved. 3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved.
4 * 4 *
5 * This library is free software; you can redistribute it and/or 5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public 6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either 7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version. 8 * version 2 of the License, or (at your option) any later version.
9 * 9 *
10 * This library is distributed in the hope that it will be useful, 10 * This library is distributed in the hope that it will be useful,
(...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after
274 return nullAtom; // No namespace. If an element/attribute has a namespac e, we won't match it. 274 return nullAtom; // No namespace. If an element/attribute has a namespac e, we won't match it.
275 if (prefix == starAtom) 275 if (prefix == starAtom)
276 return starAtom; // We'll match any namespace. 276 return starAtom; // We'll match any namespace.
277 return m_namespaces.get(prefix); 277 return m_namespaces.get(prefix);
278 } 278 }
279 279
280 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach edStyleSheet, const SecurityOrigin* securityOrigin) 280 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach edStyleSheet, const SecurityOrigin* securityOrigin)
281 { 281 {
282 TRACE_EVENT1("blink,devtools.timeline", "ParseAuthorStyleSheet", "data", Ins pectorParseAuthorStyleSheetEvent::data(cachedStyleSheet)); 282 TRACE_EVENT1("blink,devtools.timeline", "ParseAuthorStyleSheet", "data", Ins pectorParseAuthorStyleSheetEvent::data(cachedStyleSheet));
283 283
284 bool hasValidMIMEType = false; 284 bool isSameOriginRequest = securityOrigin && securityOrigin->canRequest(base URL());
285 String sheetText = cachedStyleSheet->sheetText(&hasValidMIMEType); 285 CSSStyleSheetResource::MIMETypeCheck mimeTypeCheck = isQuirksModeBehavior(m_ parserContext.mode()) && isSameOriginRequest ? CSSStyleSheetResource::MIMETypeCh eck::Lax : CSSStyleSheetResource::MIMETypeCheck::Strict;
286 String sheetText = cachedStyleSheet->sheetText(mimeTypeCheck);
286 287
287 const ResourceResponse& response = cachedStyleSheet->response(); 288 const ResourceResponse& response = cachedStyleSheet->response();
288 m_sourceMapURL = response.httpHeaderField("SourceMap"); 289 m_sourceMapURL = response.httpHeaderField("SourceMap");
289 if (m_sourceMapURL.isEmpty()) { 290 if (m_sourceMapURL.isEmpty()) {
290 // Try to get deprecated header. 291 // Try to get deprecated header.
291 m_sourceMapURL = response.httpHeaderField("X-SourceMap"); 292 m_sourceMapURL = response.httpHeaderField("X-SourceMap");
292 } 293 }
293 294
294 CSSParserContext context(parserContext(), UseCounter::getFrom(this)); 295 CSSParserContext context(parserContext(), UseCounter::getFrom(this));
295 CSSParser::parseSheet(context, this, sheetText, nullptr); 296 CSSParser::parseSheet(context, this, sheetText, nullptr);
296
297 // If we're loading a stylesheet cross-origin, and the MIME type is not stan dard, require the CSS
298 // to at least start with a syntactically valid CSS rule.
299 // This prevents an attacker playing games by injecting CSS strings into HTM L, XML, JSON, etc. etc.
300 if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) {
301 bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(b aseURL());
302 if (isCrossOriginCSS) {
303 clearRules();
304 return;
305 }
306 }
307 } 297 }
308 298
309 void StyleSheetContents::parseString(const String& sheetText) 299 void StyleSheetContents::parseString(const String& sheetText)
310 { 300 {
311 parseStringAtPosition(sheetText, TextPosition::minimumPosition()); 301 parseStringAtPosition(sheetText, TextPosition::minimumPosition());
312 } 302 }
313 303
314 void StyleSheetContents::parseStringAtPosition(const String& sheetText, const Te xtPosition& startPosition) 304 void StyleSheetContents::parseStringAtPosition(const String& sheetText, const Te xtPosition& startPosition)
315 { 305 {
316 CSSParserContext context(parserContext(), UseCounter::getFrom(this)); 306 CSSParserContext context(parserContext(), UseCounter::getFrom(this));
(...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after
649 visitor->trace(m_ownerRule); 639 visitor->trace(m_ownerRule);
650 visitor->trace(m_importRules); 640 visitor->trace(m_importRules);
651 visitor->trace(m_childRules); 641 visitor->trace(m_childRules);
652 visitor->trace(m_loadingClients); 642 visitor->trace(m_loadingClients);
653 visitor->trace(m_completedClients); 643 visitor->trace(m_completedClients);
654 visitor->trace(m_ruleSet); 644 visitor->trace(m_ruleSet);
655 #endif 645 #endif
656 } 646 }
657 647
658 } 648 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/same-origin-css-in-quirks.html ('k') | Source/core/fetch/CSSStyleSheetResource.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698