| Index: third_party/WebKit/Source/core/dom/Document.cpp
|
| diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
|
| index 11f5f6195d2fef8f83d6e1439ef6cbdc663640f5..469ed7c601189db519cb0e7f46fe917e6a9e7c36 100644
|
| --- a/third_party/WebKit/Source/core/dom/Document.cpp
|
| +++ b/third_party/WebKit/Source/core/dom/Document.cpp
|
| @@ -5393,9 +5393,10 @@ bool Document::allowInlineEventHandler(Node* node,
|
| EventListener* listener,
|
| const String& contextURL,
|
| const WTF::OrdinalNumber& contextLine) {
|
| + Element* element = node && node->isElementNode() ? toElement(node) : nullptr;
|
| if (!ContentSecurityPolicy::shouldBypassMainWorld(this) &&
|
| !contentSecurityPolicy()->allowInlineEventHandler(
|
| - listener->code(), contextURL, contextLine))
|
| + element, listener->code(), contextURL, contextLine))
|
| return false;
|
|
|
| // HTML says that inline script needs browsing context to create its execution
|
|
|
Chromium Code Reviews
Issue 2421473004:
CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)
