| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007 Rob Buis | 2 * Copyright (C) 2006, 2007 Rob Buis |
| 3 * Copyright (C) 2008 Apple, Inc. All rights reserved. | 3 * Copyright (C) 2008 Apple, Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * This library is free software; you can redistribute it and/or | 5 * This library is free software; you can redistribute it and/or |
| 6 * modify it under the terms of the GNU Library General Public | 6 * modify it under the terms of the GNU Library General Public |
| 7 * License as published by the Free Software Foundation; either | 7 * License as published by the Free Software Foundation; either |
| 8 * version 2 of the License, or (at your option) any later version. | 8 * version 2 of the License, or (at your option) any later version. |
| 9 * | 9 * |
| 10 * This library is distributed in the hope that it will be useful, | 10 * This library is distributed in the hope that it will be useful, |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 } | 167 } |
| 168 | 168 |
| 169 StyleElement::ProcessingResult StyleElement::createSheet(Element* e, const Strin
g& text) | 169 StyleElement::ProcessingResult StyleElement::createSheet(Element* e, const Strin
g& text) |
| 170 { | 170 { |
| 171 DCHECK(e); | 171 DCHECK(e); |
| 172 DCHECK(e->inShadowIncludingDocument()); | 172 DCHECK(e->inShadowIncludingDocument()); |
| 173 Document& document = e->document(); | 173 Document& document = e->document(); |
| 174 | 174 |
| 175 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); | 175 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); |
| 176 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e) | 176 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e) |
| 177 || csp->allowStyleWithHash(text) | 177 || csp->allowStyleWithHash(text, ContentSecurityPolicy::InlineType::Bloc
k) |
| 178 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) | 178 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) |
| 179 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line, te
xt); | 179 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line, te
xt); |
| 180 | 180 |
| 181 // Clearing the current sheet may remove the cache entry so create the new s
heet first | 181 // Clearing the current sheet may remove the cache entry so create the new s
heet first |
| 182 CSSStyleSheet* newSheet = nullptr; | 182 CSSStyleSheet* newSheet = nullptr; |
| 183 | 183 |
| 184 // If type is empty or CSS, this is a CSS style sheet. | 184 // If type is empty or CSS, this is a CSS style sheet. |
| 185 const AtomicString& type = this->type(); | 185 const AtomicString& type = this->type(); |
| 186 if (isCSS(e, type) && passesContentSecurityPolicyChecks) { | 186 if (isCSS(e, type) && passesContentSecurityPolicyChecks) { |
| 187 MediaQuerySet* mediaQueries = MediaQuerySet::create(media()); | 187 MediaQuerySet* mediaQueries = MediaQuerySet::create(media()); |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 227 { | 227 { |
| 228 document.styleEngine().addPendingSheet(); | 228 document.styleEngine().addPendingSheet(); |
| 229 } | 229 } |
| 230 | 230 |
| 231 DEFINE_TRACE(StyleElement) | 231 DEFINE_TRACE(StyleElement) |
| 232 { | 232 { |
| 233 visitor->trace(m_sheet); | 233 visitor->trace(m_sheet); |
| 234 } | 234 } |
| 235 | 235 |
| 236 } // namespace blink | 236 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1923273002:
CSP: Allow hashed inline event handlers only with 'unsafe-hashed-attributes' (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master