Move plugin placeholder style to CSS, and allow it to bypass main world CSP.

Source/core/dom/StyleElement.cpp

 /*
  * Copyright (C) 2006, 2007 Rob Buis
  * Copyright (C) 2008 Apple, Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
  * License as published by the Free Software Foundation; either
  * version 2 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
@@ skipping 11 matching lines @@
 #include "core/dom/StyleElement.h"
 
 #include "bindings/core/v8/ScriptController.h"
 #include "core/css/MediaList.h"
 #include "core/css/MediaQueryEvaluator.h"
 #include "core/css/StyleSheetContents.h"
 #include "core/dom/Document.h"
 #include "core/dom/Element.h"
 #include "core/dom/ScriptableDocumentParser.h"
 #include "core/dom/StyleEngine.h"
+#include "core/dom/shadow/ShadowRoot.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/html/HTMLStyleElement.h"
 #include "platform/TraceEvent.h"
 #include "wtf/text/StringBuilder.h"
 
 namespace blink {
 
 static bool isCSS(Element* element, const AtomicString& type)
 {
@@ skipping 92 matching lines @@
 void StyleElement::clearSheet(Element* ownerElement)
 {
     ASSERT(m_sheet);
 
     if (ownerElement && m_sheet->isLoading())
         ownerElement->document().styleEngine()->removePendingSheet(ownerElement);
 
     m_sheet.release()->clearOwnerNode();
 }
 
+inline static bool shouldBypassMainWorldCSP(Element* e)

[abarth-chromium, 2014/09/02 22:34:33]

inline and static are redundant here.  Just static is fine.

[jbroman, 2014/09/02 23:53:32]

Will do.

[jbroman, 2014/09/16 21:39:25]

Done.

+{
+    // Main world CSP is bypassed within an isolated world.
+    LocalFrame* frame = e->document().frame();

[abarth-chromium, 2014/09/02 22:34:33]

s/e/element/

[jbroman, 2014/09/02 23:53:32]

Will do. This name was just here because I moved code from
StyleElement::createSheet.

[jbroman, 2014/09/16 21:39:25]

Done.

+    if (frame && frame->script().shouldBypassMainWorldCSP())
+        return true;
+
+    // Main world CSP is bypassed for elements in user agent shadow DOM.
+    ShadowRoot* root = e->containingShadowRoot();
+    if (root && root->type() == ShadowRoot::UserAgentShadowRoot)
+        return true;
+
+    return false;
+}
+
 void StyleElement::createSheet(Element* e, const String& text)
 {
     ASSERT(e);
     ASSERT(e->inDocument());
     Document& document = e->document();
     if (m_sheet)
         clearSheet(e);
 
-    // Inline style added from an isolated world should bypass the main world's
-    // CSP just as an inline script would.
-    LocalFrame* frame = document.frame();
-    bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWorldCSP();
-
     const ContentSecurityPolicy* csp = document.contentSecurityPolicy();
-    bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP
+    bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e)
         || csp->allowStyleWithHash(text)
         || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))
         || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line);
 
     // If type is empty or CSS, this is a CSS style sheet.
     const AtomicString& type = this->type();
     if (isCSS(e, type) && passesContentSecurityPolicyChecks) {
         RefPtrWillBeRawPtr<MediaQuerySet> mediaQueries = MediaQuerySet::create(media());
 
         MediaQueryEvaluator screenEval("screen", true);
@@ skipping 31 matching lines @@
 {
     document.styleEngine()->addPendingSheet();
 }
 
 void StyleElement::trace(Visitor* visitor)
 {
     visitor->trace(m_sheet);
 }
 
 }