| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007 Rob Buis | 2 * Copyright (C) 2006, 2007 Rob Buis |
| 3 * Copyright (C) 2008 Apple, Inc. All rights reserved. | 3 * Copyright (C) 2008 Apple, Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * This library is free software; you can redistribute it and/or | 5 * This library is free software; you can redistribute it and/or |
| 6 * modify it under the terms of the GNU Library General Public | 6 * modify it under the terms of the GNU Library General Public |
| 7 * License as published by the Free Software Foundation; either | 7 * License as published by the Free Software Foundation; either |
| 8 * version 2 of the License, or (at your option) any later version. | 8 * version 2 of the License, or (at your option) any later version. |
| 9 * | 9 * |
| 10 * This library is distributed in the hope that it will be useful, | 10 * This library is distributed in the hope that it will be useful, |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 146 ASSERT(e); | 146 ASSERT(e); |
| 147 ASSERT(e->inDocument()); | 147 ASSERT(e->inDocument()); |
| 148 Document& document = e->document(); | 148 Document& document = e->document(); |
| 149 if (m_sheet) | 149 if (m_sheet) |
| 150 clearSheet(e); | 150 clearSheet(e); |
| 151 | 151 |
| 152 // Inline style added from an isolated world should bypass the main world's | 152 // Inline style added from an isolated world should bypass the main world's |
| 153 // CSP just as an inline script would. | 153 // CSP just as an inline script would. |
| 154 LocalFrame* frame = document.frame(); | 154 LocalFrame* frame = document.frame(); |
| 155 bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWor
ldCSP(); | 155 bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWor
ldCSP(); |
| 156 if (!shouldBypassMainWorldCSP && !m_whitelistedSource.isNull()) { |
| 157 RELEASE_ASSERT(m_whitelistedSource == text); |
| 158 shouldBypassMainWorldCSP = true; |
| 159 } |
| 156 | 160 |
| 157 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); | 161 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); |
| 158 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP | 162 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP |
| 159 || csp->allowStyleWithHash(text) | 163 || csp->allowStyleWithHash(text) |
| 160 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) | 164 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) |
| 161 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line); | 165 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line); |
| 162 | 166 |
| 163 // If type is empty or CSS, this is a CSS style sheet. | 167 // If type is empty or CSS, this is a CSS style sheet. |
| 164 const AtomicString& type = this->type(); | 168 const AtomicString& type = this->type(); |
| 165 if (isCSS(e, type) && passesContentSecurityPolicyChecks) { | 169 if (isCSS(e, type) && passesContentSecurityPolicyChecks) { |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 200 { | 204 { |
| 201 document.styleEngine()->addPendingSheet(); | 205 document.styleEngine()->addPendingSheet(); |
| 202 } | 206 } |
| 203 | 207 |
| 204 void StyleElement::trace(Visitor* visitor) | 208 void StyleElement::trace(Visitor* visitor) |
| 205 { | 209 { |
| 206 visitor->trace(m_sheet); | 210 visitor->trace(m_sheet); |
| 207 } | 211 } |
| 208 | 212 |
| 209 } | 213 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 516273002:
Move plugin placeholder style to CSS, and allow it to bypass main world CSP. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk