Source/core/dom/StyleElement.cpp - Issue 1313763002: Blink Plugins: Remove Shadow DOM Plugin Placeholder

Side by Side Diff: Source/core/dom/StyleElement.cpp

Issue 1313763002: Blink Plugins: Remove Shadow DOM Plugin Placeholder (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2006, 2007 Rob Buis	2 * Copyright (C) 2006, 2007 Rob Buis

3 * Copyright (C) 2008 Apple, Inc. All rights reserved.	3 * Copyright (C) 2008 Apple, Inc. All rights reserved.

4 *	4 *

5 * This library is free software; you can redistribute it and/or	5 * This library is free software; you can redistribute it and/or

6 * modify it under the terms of the GNU Library General Public	6 * modify it under the terms of the GNU Library General Public

7 * License as published by the Free Software Foundation; either	7 * License as published by the Free Software Foundation; either

8 * version 2 of the License, or (at your option) any later version.	8 * version 2 of the License, or (at your option) any later version.

9 *	9 *

10 * This library is distributed in the hope that it will be useful,	10 * This library is distributed in the hope that it will be useful,

(...skipping 138 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
149 void StyleElement::clearSheet(Element* ownerElement)	149 void StyleElement::clearSheet(Element* ownerElement)

150 {	150 {

151 ASSERT(m_sheet);	151 ASSERT(m_sheet);

152	152

153 if (ownerElement && m_sheet->isLoading())	153 if (ownerElement && m_sheet->isLoading())

154 ownerElement->document().styleEngine().removePendingSheet(ownerElement);	154 ownerElement->document().styleEngine().removePendingSheet(ownerElement);

155	155

156 m_sheet.release()->clearOwnerNode();	156 m_sheet.release()->clearOwnerNode();

157 }	157 }

158	158

159 static bool shouldBypassMainWorldCSP(Element* element)

160 {

161 // Main world CSP is bypassed within an isolated world.

162 LocalFrame* frame = element->document().frame();

163 if (frame && frame->script().shouldBypassMainWorldCSP())

164 return true;

165

166 // Main world CSP is bypassed for style elements in user agent shadow DOM.

167 ShadowRoot* root = element->containingShadowRoot();

168 if (root && root->type() == ShadowRootType::UserAgent)

169 return true;

170

171 return false;

172 }

173

174 StyleElement::ProcessingResult StyleElement::createSheet(Element* e, const Strin g& text)	159 StyleElement::ProcessingResult StyleElement::createSheet(Element* e, const Strin g& text)

175 {	160 {

176 ASSERT(e);	161 ASSERT(e);

177 ASSERT(e->inDocument());	162 ASSERT(e->inDocument());

178 Document& document = e->document();	163 Document& document = e->document();

179	164

	165 // Inline style added from an isolated world should bypass the main world's

	166 // CSP just as an inline script would.

	167 LocalFrame* frame = document.frame();

	168 bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWor ldCSP();
	tommycli 2015/08/25 00:18:10 Needs extra scrutiny. Your patch added the shadow Needs extra scrutiny. Your patch added the shadow dom STYLE CSP exemption. Do we still need it? jbroman 2015/08/25 00:34:10 I'm not aware of any other users (but can't actual Show quoted text On 2015/08/25 at 00:18:10, tommycli wrote: > Needs extra scrutiny. Your patch added the shadow dom STYLE CSP exemption. Do we still need it? I'm not aware of any other users (but can't actually rule out any being added). If nothing breaks, it's probably OK. jbroman 2015/08/25 13:57:21 FYI: I just got reminded of https://code.google.co Show quoted text On 2015/08/25 at 00:34:10, jbroman wrote: > On 2015/08/25 at 00:18:10, tommycli wrote: > > Needs extra scrutiny. Your patch added the shadow dom STYLE CSP exemption. Do we still need it? > > I'm not aware of any other users (but can't actually rule out any being added). If nothing breaks, it's probably OK. FYI: I just got reminded of https://code.google.com/p/chromium/issues/detail?id=424613 (which I filed, so I ought to have remembered). It's possible that <marquee> may be relying, or may start relying, on this, if it wants its CSS to work on CSP-restricted pages. (An edge case, though, to be sure.) This might be a reason to leave this logic intact. tommycli 2015/08/25 16:48:17 Done. I'll leave it intact. Show quoted text On 2015/08/25 13:57:21, jbroman wrote: > On 2015/08/25 at 00:34:10, jbroman wrote: > > On 2015/08/25 at 00:18:10, tommycli wrote: > > > Needs extra scrutiny. Your patch added the shadow dom STYLE CSP exemption. > Do we still need it? > > > > I'm not aware of any other users (but can't actually rule out any being > added). If nothing breaks, it's probably OK. > > FYI: I just got reminded of > https://code.google.com/p/chromium/issues/detail?id=424613 (which I filed, so I > ought to have remembered). It's possible that <marquee> may be relying, or may > start relying, on this, if it wants its CSS to work on CSP-restricted pages. (An > edge case, though, to be sure.) > > This might be a reason to leave this logic intact. Done. I'll leave it intact.
	169

180 const ContentSecurityPolicy* csp = document.contentSecurityPolicy();	170 const ContentSecurityPolicy* csp = document.contentSecurityPolicy();

181 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e)	171 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP

182 \|\| csp->allowStyleWithHash(text)	172 \|\| csp->allowStyleWithHash(text)

183 \|\| csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))	173 \|\| csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))

184 \|\| csp->allowInlineStyle(e->document().url(), m_startPosition.m_line, te xt);	174 \|\| csp->allowInlineStyle(e->document().url(), m_startPosition.m_line, te xt);

185	175

186 // Clearing the current sheet may remove the cache entry so create the new s heet first	176 // Clearing the current sheet may remove the cache entry so create the new s heet first

187 RefPtrWillBeRawPtr<CSSStyleSheet> newSheet = nullptr;	177 RefPtrWillBeRawPtr<CSSStyleSheet> newSheet = nullptr;

188	178

189 // If type is empty or CSS, this is a CSS style sheet.	179 // If type is empty or CSS, this is a CSS style sheet.

190 const AtomicString& type = this->type();	180 const AtomicString& type = this->type();

191 if (isCSS(e, type) && passesContentSecurityPolicyChecks) {	181 if (isCSS(e, type) && passesContentSecurityPolicyChecks) {

(...skipping 40 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
232 {	222 {

233 document.styleEngine().addPendingSheet();	223 document.styleEngine().addPendingSheet();

234 }	224 }

235	225

236 DEFINE_TRACE(StyleElement)	226 DEFINE_TRACE(StyleElement)

237 {	227 {

238 visitor->trace(m_sheet);	228 visitor->trace(m_sheet);

239 }	229 }

240	230

241 }	231 }

OLD	NEW

« no previous file with comments | « Source/core/css/resolver/StyleAdjuster.cpp ('k') | Source/core/html/HTMLAppletElement.cpp » ('j') | Source/core/html/HTMLPlugInElement.cpp » ('J')