| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007 Rob Buis | 2 * Copyright (C) 2006, 2007 Rob Buis |
| 3 * Copyright (C) 2008 Apple, Inc. All rights reserved. | 3 * Copyright (C) 2008 Apple, Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * This library is free software; you can redistribute it and/or | 5 * This library is free software; you can redistribute it and/or |
| 6 * modify it under the terms of the GNU Library General Public | 6 * modify it under the terms of the GNU Library General Public |
| 7 * License as published by the Free Software Foundation; either | 7 * License as published by the Free Software Foundation; either |
| 8 * version 2 of the License, or (at your option) any later version. | 8 * version 2 of the License, or (at your option) any later version. |
| 9 * | 9 * |
| 10 * This library is distributed in the hope that it will be useful, | 10 * This library is distributed in the hope that it will be useful, |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 | 152 |
| 153 StyleElement::ProcessingResult StyleElement::createSheet(Element& element, | 153 StyleElement::ProcessingResult StyleElement::createSheet(Element& element, |
| 154 const String& text) { | 154 const String& text) { |
| 155 DCHECK(element.isConnected()); | 155 DCHECK(element.isConnected()); |
| 156 Document& document = element.document(); | 156 Document& document = element.document(); |
| 157 | 157 |
| 158 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); | 158 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); |
| 159 bool passesContentSecurityPolicyChecks = | 159 bool passesContentSecurityPolicyChecks = |
| 160 shouldBypassMainWorldCSP(element) || | 160 shouldBypassMainWorldCSP(element) || |
| 161 csp->allowStyleWithHash(text, ContentSecurityPolicy::InlineType::Block) || | 161 csp->allowStyleWithHash(text, ContentSecurityPolicy::InlineType::Block) || |
| 162 csp->allowInlineStyle(document.url(), | 162 csp->allowInlineStyle(&element, document.url(), |
| 163 element.fastGetAttribute(HTMLNames::nonceAttr), | 163 element.fastGetAttribute(HTMLNames::nonceAttr), |
| 164 m_startPosition.m_line, text); | 164 m_startPosition.m_line, text); |
| 165 | 165 |
| 166 // Clearing the current sheet may remove the cache entry so create the new | 166 // Clearing the current sheet may remove the cache entry so create the new |
| 167 // sheet first | 167 // sheet first |
| 168 CSSStyleSheet* newSheet = nullptr; | 168 CSSStyleSheet* newSheet = nullptr; |
| 169 | 169 |
| 170 // If type is empty or CSS, this is a CSS style sheet. | 170 // If type is empty or CSS, this is a CSS style sheet. |
| 171 const AtomicString& type = this->type(); | 171 const AtomicString& type = this->type(); |
| 172 if (isCSS(element, type) && passesContentSecurityPolicyChecks) { | 172 if (isCSS(element, type) && passesContentSecurityPolicyChecks) { |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 | 215 |
| 216 void StyleElement::startLoadingDynamicSheet(Document& document) { | 216 void StyleElement::startLoadingDynamicSheet(Document& document) { |
| 217 document.styleEngine().addPendingSheet(m_styleEngineContext); | 217 document.styleEngine().addPendingSheet(m_styleEngineContext); |
| 218 } | 218 } |
| 219 | 219 |
| 220 DEFINE_TRACE(StyleElement) { | 220 DEFINE_TRACE(StyleElement) { |
| 221 visitor->trace(m_sheet); | 221 visitor->trace(m_sheet); |
| 222 } | 222 } |
| 223 | 223 |
| 224 } // namespace blink | 224 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2421473004:
CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)
