Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(602)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/dom/StyleElement.cpp

Issue 1313763002: Blink Plugins: Remove Shadow DOM Plugin Placeholder (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/css/resolver/StyleAdjuster.cpp ('k') | Source/core/html/HTMLAppletElement.cpp » ('j') | Source/core/html/HTMLPlugInElement.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/dom/StyleElement.cpp
diff --git a/Source/core/dom/StyleElement.cpp b/Source/core/dom/StyleElement.cpp
index d7303a3bb7e73c5d84cf13a8eb6a7d8feffbde95..7d18e36ba2362822d74cd43cb58efa2cab3c26b1 100644
--- a/Source/core/dom/StyleElement.cpp
+++ b/Source/core/dom/StyleElement.cpp
@@ -156,29 +156,19 @@ void StyleElement::clearSheet(Element* ownerElement)
m_sheet.release()->clearOwnerNode();
}
-static bool shouldBypassMainWorldCSP(Element* element)
-{
- // Main world CSP is bypassed within an isolated world.
- LocalFrame* frame = element->document().frame();
- if (frame && frame->script().shouldBypassMainWorldCSP())
- return true;
-
- // Main world CSP is bypassed for style elements in user agent shadow DOM.
- ShadowRoot* root = element->containingShadowRoot();
- if (root && root->type() == ShadowRootType::UserAgent)
- return true;
-
- return false;
-}
-
StyleElement::ProcessingResult StyleElement::createSheet(Element* e, const String& text)
{
ASSERT(e);
ASSERT(e->inDocument());
Document& document = e->document();
+ // Inline style added from an isolated world should bypass the main world's
+ // CSP just as an inline script would.
+ LocalFrame* frame = document.frame();
+ bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWorldCSP();
tommycli 2015/08/25 00:18:10 Needs extra scrutiny. Your patch added the shadow
jbroman 2015/08/25 00:34:10 I'm not aware of any other users (but can't actual
jbroman 2015/08/25 13:57:21 FYI: I just got reminded of https://code.google.co
tommycli 2015/08/25 16:48:17 Done. I'll leave it intact.
+
const ContentSecurityPolicy* csp = document.contentSecurityPolicy();
- bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e)
+ bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP
|| csp->allowStyleWithHash(text)
|| csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))
|| csp->allowInlineStyle(e->document().url(), m_startPosition.m_line, text);
« no previous file with comments | « Source/core/css/resolver/StyleAdjuster.cpp ('k') | Source/core/html/HTMLAppletElement.cpp » ('j') | Source/core/html/HTMLPlugInElement.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698