Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 341443003: Isolated world injected inline styles should bypass main world CSP. (Closed)

Created:
6 years, 6 months ago by jww
Modified:
6 years, 6 months ago
Reviewers:
Mike West
CC:
blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, sof, eae+blinkwatch, rwlbuis, not at google - send to devlin
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Isolated world injected inline styles should bypass main world CSP. Inline styles that are added to a page from an isolated world should bypass the main world's CSP, much like how scripts do. As an example, this is important for extensions to make sure they can bypass the page's CSP when they inject a style tag into the page. R=mkwst@chromium.org BUG=385246 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=176461

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+101 lines, -1 line) Patch
A LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style.html View 1 chunk +15 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style-expected.txt View 1 chunk +17 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/isolatedWorld/resources/bypass-main-world-csp-for-inline-style.js View 1 chunk +61 lines, -0 lines 0 comments Download
M Source/core/dom/StyleElement.cpp View 3 chunks +8 lines, -1 line 0 comments Download

Messages

Total messages: 9 (0 generated)
jww
6 years, 6 months ago (2014-06-17 23:44:38 UTC) #1
Mike West
On 2014/06/17 23:44:38, jww wrote: LGTM, thanks for addressing this so quickly! I'll review your ...
6 years, 6 months ago (2014-06-18 04:43:41 UTC) #2
jww
The CQ bit was checked by jww@chromium.org
6 years, 6 months ago (2014-06-18 20:05:36 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jww@chromium.org/341443003/1
6 years, 6 months ago (2014-06-18 20:05:47 UTC) #4
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
6 years, 6 months ago (2014-06-18 22:45:23 UTC) #5
commit-bot: I haz the power
Try jobs failed on following builders: win_blink_rel on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/win_blink_rel/builds/12581)
6 years, 6 months ago (2014-06-18 22:45:24 UTC) #6
jww
The CQ bit was checked by jww@chromium.org
6 years, 6 months ago (2014-06-18 22:58:59 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jww@chromium.org/341443003/1
6 years, 6 months ago (2014-06-18 23:00:21 UTC) #8
commit-bot: I haz the power
6 years, 6 months ago (2014-06-18 23:37:15 UTC) #9
Message was sent while issue was closed. 
Change committed as 176461

Powered by Google App Engine
This is Rietveld 408576698