Allows inline style in User-Agent shadow trees under CSP

Allows inline style in User-Agent shadow trees under CSP

When a page specifies a CSP of style-src 'self', it does not allow inline style
changes. However, the node under User-Agent shadow trees should be an exception
as developers are not allowed to modify the inline-style, but blink may need
it. So we add shadow dom elements as an exception under CSP.

BUG=648589
Committed: https://crrev.com/bf99fb1ccc22a6b037045f6174d8a113d97f1ef7
Cr-Commit-Position: refs/heads/master@{#420456}

[sunyunjia, 2016-09-21 14:24:36]

The CQ bit was checked by sunyunjia@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-21 14:24:51]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[sunyunjia, 2016-09-21 14:33:11]

The CQ bit was checked by sunyunjia@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-21 14:33:23]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-21 16:45:06]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-09-21 16:45:07]

Dry run: This issue passed the CQ dry run.

[sunyunjia, 2016-09-21 16:58:53]

Description was changed from

==========
Allows inline style in User-Agent shadow trees under CSP

When a page specifies a CSP of style-src 'self', it does not allow inline style
changes. However, the node under User-Agent shadow trees should be an exception
as developers are not allowed to modify the inline-style, but blink may need
it. So we add shadow dom elements as an exception under CSP.

BUG=648589
==========

to

==========
Allows inline style in User-Agent shadow trees under CSP

When a page specifies a CSP of style-src 'self', it does not allow inline style
changes. However, the node under User-Agent shadow trees should be an exception
as developers are not allowed to modify the inline-style, but blink may need
it. So we add shadow dom elements as an exception under CSP.

BUG=648589
==========

[sunyunjia, 2016-09-21 16:58:53]

sunyunjia@chromium.org changed reviewers:
+ dtapuska@chromium.org, tkent@chromium.org

[sunyunjia, 2016-09-21 16:59:14]

PTAL, thanks!

[dtapuska, 2016-09-21 17:05:53]

https://codereview.chromium.org/2359813002/diff/20001/third_party/WebKit/Sour...
File third_party/WebKit/Source/core/dom/Element.cpp (right):

https://codereview.chromium.org/2359813002/diff/20001/third_party/WebKit/Sour...
third_party/WebKit/Source/core/dom/Element.cpp:3621: } else if
(modificationReason == ModifiedByCloning ||
ContentSecurityPolicy::shouldBypassMainWorld(&document()) || ownerShadowHost()
|| document().contentSecurityPolicy()->allowInlineStyle(document().url(),
String(), startLineNumber, newStyleString)) {
Doesn't this allow all shadow dom trees?

I think we want to ensure it is allowed only for user agent shadow dom trees.
tkent@ should be able to confirm.

[sunyunjia, 2016-09-21 17:50:31]

The CQ bit was checked by sunyunjia@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-21 17:51:26]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-21 18:49:25]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-09-21 18:49:26]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[tkent, 2016-09-21 22:52:07]

https://codereview.chromium.org/2359813002/diff/40001/third_party/WebKit/Sour...
File third_party/WebKit/Source/core/dom/Element.cpp (right):

https://codereview.chromium.org/2359813002/diff/40001/third_party/WebKit/Sour...
third_party/WebKit/Source/core/dom/Element.cpp:3621: } else if
(modificationReason == ModifiedByCloning ||
ContentSecurityPolicy::shouldBypassMainWorld(&document()) || (ownerShadowHost()
&& ownerShadowHost()->userAgentShadowRoot()) ||
document().contentSecurityPolicy()->allowInlineStyle(document().url(), String(),
startLineNumber, newStyleString)) {
It doesn't work as expected if the element is in non-UA ShadowRoot.  It should
be
  containingShadowRoot() && containingShadowRoot()->type() ==
ShadowRootType::UserAgent

[sunyunjia, 2016-09-22 13:50:46]

The CQ bit was checked by sunyunjia@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-22 13:51:01]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-22 15:11:43]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-09-22 15:11:44]

Dry run: This issue passed the CQ dry run.

[sunyunjia, 2016-09-22 15:14:07]

Thanks for pointing this out! PTAL!

[tkent, 2016-09-22 20:53:19]

lgtm

[sunyunjia, 2016-09-22 20:53:35]

The CQ bit was checked by sunyunjia@chromium.org

[commit-bot: I haz the power, 2016-09-22 20:54:20]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-22 21:01:08]

Description was changed from

==========
Allows inline style in User-Agent shadow trees under CSP

When a page specifies a CSP of style-src 'self', it does not allow inline style
changes. However, the node under User-Agent shadow trees should be an exception
as developers are not allowed to modify the inline-style, but blink may need
it. So we add shadow dom elements as an exception under CSP.

BUG=648589
==========

to

==========
Allows inline style in User-Agent shadow trees under CSP

When a page specifies a CSP of style-src 'self', it does not allow inline style
changes. However, the node under User-Agent shadow trees should be an exception
as developers are not allowed to modify the inline-style, but blink may need
it. So we add shadow dom elements as an exception under CSP.

BUG=648589
==========

[commit-bot: I haz the power, 2016-09-22 21:01:09]

Committed patchset #4 (id:60001)

[commit-bot: I haz the power, 2016-09-22 21:03:07]

Description was changed from

==========
Allows inline style in User-Agent shadow trees under CSP

When a page specifies a CSP of style-src 'self', it does not allow inline style
changes. However, the node under User-Agent shadow trees should be an exception
as developers are not allowed to modify the inline-style, but blink may need
it. So we add shadow dom elements as an exception under CSP.

BUG=648589
==========

to

==========
Allows inline style in User-Agent shadow trees under CSP

When a page specifies a CSP of style-src 'self', it does not allow inline style
changes. However, the node under User-Agent shadow trees should be an exception
as developers are not allowed to modify the inline-style, but blink may need
it. So we add shadow dom elements as an exception under CSP.

BUG=648589

Committed: https://crrev.com/bf99fb1ccc22a6b037045f6174d8a113d97f1ef7
Cr-Commit-Position: refs/heads/master@{#420456}
==========

[commit-bot: I haz the power, 2016-09-22 21:03:08]

Patchset 4 (id:??) landed as
https://crrev.com/bf99fb1ccc22a6b037045f6174d8a113d97f1ef7
Cr-Commit-Position: refs/heads/master@{#420456}