Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(557)

Side by Side Diff: third_party/WebKit/Source/core/dom/StyleElement.cpp

Issue 1923273002: CSP: Allow hashed inline event handlers only with 'unsafe-hashed-attributes' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007 Rob Buis 2 * Copyright (C) 2006, 2007 Rob Buis
3 * Copyright (C) 2008 Apple, Inc. All rights reserved. 3 * Copyright (C) 2008 Apple, Inc. All rights reserved.
4 * 4 *
5 * This library is free software; you can redistribute it and/or 5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public 6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either 7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version. 8 * version 2 of the License, or (at your option) any later version.
9 * 9 *
10 * This library is distributed in the hope that it will be useful, 10 * This library is distributed in the hope that it will be useful,
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after
167 } 167 }
168 168
169 StyleElement::ProcessingResult StyleElement::createSheet(Element* e, const Strin g& text) 169 StyleElement::ProcessingResult StyleElement::createSheet(Element* e, const Strin g& text)
170 { 170 {
171 DCHECK(e); 171 DCHECK(e);
172 DCHECK(e->inShadowIncludingDocument()); 172 DCHECK(e->inShadowIncludingDocument());
173 Document& document = e->document(); 173 Document& document = e->document();
174 174
175 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); 175 const ContentSecurityPolicy* csp = document.contentSecurityPolicy();
176 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e) 176 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e)
177 || csp->allowStyleWithHash(text) 177 || csp->allowStyleWithHash(text, ContentSecurityPolicy::InlineType::Bloc k)
178 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) 178 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))
179 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line, te xt); 179 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line, te xt);
180 180
181 // Clearing the current sheet may remove the cache entry so create the new s heet first 181 // Clearing the current sheet may remove the cache entry so create the new s heet first
182 CSSStyleSheet* newSheet = nullptr; 182 CSSStyleSheet* newSheet = nullptr;
183 183
184 // If type is empty or CSS, this is a CSS style sheet. 184 // If type is empty or CSS, this is a CSS style sheet.
185 const AtomicString& type = this->type(); 185 const AtomicString& type = this->type();
186 if (isCSS(e, type) && passesContentSecurityPolicyChecks) { 186 if (isCSS(e, type) && passesContentSecurityPolicyChecks) {
187 MediaQuerySet* mediaQueries = MediaQuerySet::create(media()); 187 MediaQuerySet* mediaQueries = MediaQuerySet::create(media());
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
227 { 227 {
228 document.styleEngine().addPendingSheet(); 228 document.styleEngine().addPendingSheet();
229 } 229 }
230 230
231 DEFINE_TRACE(StyleElement) 231 DEFINE_TRACE(StyleElement)
232 { 232 {
233 visitor->trace(m_sheet); 233 visitor->trace(m_sheet);
234 } 234 }
235 235
236 } // namespace blink 236 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698