| Index: Source/core/dom/StyleElement.cpp
|
| diff --git a/Source/core/dom/StyleElement.cpp b/Source/core/dom/StyleElement.cpp
|
| index 1cd5f48d766945aefe02cc7d9c2f91522e0f9e2d..f60cfa66599297757d2a839811848ecc13f5c802 100644
|
| --- a/Source/core/dom/StyleElement.cpp
|
| +++ b/Source/core/dom/StyleElement.cpp
|
| @@ -152,11 +152,16 @@ void StyleElement::createSheet(Element* e, const String& text)
|
| // Inline style added from an isolated world should bypass the main world's
|
| // CSP just as an inline script would.
|
| LocalFrame* frame = document.frame();
|
| - bool shouldBypassMainWorldContentSecurityPolicy = frame && frame->script().shouldBypassMainWorldContentSecurityPolicy();
|
| + bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWorldCSP();
|
| +
|
| + const ContentSecurityPolicy* csp = document.contentSecurityPolicy();
|
| + bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP
|
| + || csp->allowStyleWithHash(text)
|
| + || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))
|
| + || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line);
|
|
|
| // If type is empty or CSS, this is a CSS style sheet.
|
| const AtomicString& type = this->type();
|
| - bool passesContentSecurityPolicyChecks = shouldBypassMainWorldContentSecurityPolicy || document.contentSecurityPolicy()->allowStyleHash(text) || document.contentSecurityPolicy()->allowStyleNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) || document.contentSecurityPolicy()->allowInlineStyle(e->document().url(), m_startPosition.m_line);
|
| if (isCSS(e, type) && passesContentSecurityPolicyChecks) {
|
| RefPtrWillBeRawPtr<MediaQuerySet> mediaQueries = MediaQuerySet::create(media());
|
|
|
|
|
Chromium Code Reviews
Issue 353873003:
Clean up usage of CSP functions (Closed)
Base URL: svn://svn.chromium.org/blink/trunk