| Index: Source/core/css/StyleSheetContents.cpp
|
| diff --git a/Source/core/css/StyleSheetContents.cpp b/Source/core/css/StyleSheetContents.cpp
|
| index 87fd2354677e79ac38487bf664c75aab504d357d..2e4a24d1cdd0b40c02ba79f926977dc9a8781c06 100644
|
| --- a/Source/core/css/StyleSheetContents.cpp
|
| +++ b/Source/core/css/StyleSheetContents.cpp
|
| @@ -281,8 +281,9 @@ void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach
|
| {
|
| TRACE_EVENT1("blink,devtools.timeline", "ParseAuthorStyleSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet));
|
|
|
| - bool hasValidMIMEType = false;
|
| - String sheetText = cachedStyleSheet->sheetText(&hasValidMIMEType);
|
| + bool isSameOriginRequest = securityOrigin && securityOrigin->canRequest(baseURL());
|
| + CSSStyleSheetResource::MIMETypeCheck mimeTypeCheck = isQuirksModeBehavior(m_parserContext.mode()) && isSameOriginRequest ? CSSStyleSheetResource::MIMETypeCheck::Lax : CSSStyleSheetResource::MIMETypeCheck::Strict;
|
| + String sheetText = cachedStyleSheet->sheetText(mimeTypeCheck);
|
|
|
| const ResourceResponse& response = cachedStyleSheet->response();
|
| m_sourceMapURL = response.httpHeaderField("SourceMap");
|
| @@ -293,17 +294,6 @@ void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach
|
|
|
| CSSParserContext context(parserContext(), UseCounter::getFrom(this));
|
| CSSParser::parseSheet(context, this, sheetText, nullptr);
|
| -
|
| - // If we're loading a stylesheet cross-origin, and the MIME type is not standard, require the CSS
|
| - // to at least start with a syntactically valid CSS rule.
|
| - // This prevents an attacker playing games by injecting CSS strings into HTML, XML, JSON, etc. etc.
|
| - if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) {
|
| - bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(baseURL());
|
| - if (isCrossOriginCSS) {
|
| - clearRules();
|
| - return;
|
| - }
|
| - }
|
| }
|
|
|
| void StyleSheetContents::parseString(const String& sheetText)
|
|
|