OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007 Rob Buis | 2 * Copyright (C) 2006, 2007 Rob Buis |
3 * Copyright (C) 2008 Apple, Inc. All rights reserved. | 3 * Copyright (C) 2008 Apple, Inc. All rights reserved. |
4 * | 4 * |
5 * This library is free software; you can redistribute it and/or | 5 * This library is free software; you can redistribute it and/or |
6 * modify it under the terms of the GNU Library General Public | 6 * modify it under the terms of the GNU Library General Public |
7 * License as published by the Free Software Foundation; either | 7 * License as published by the Free Software Foundation; either |
8 * version 2 of the License, or (at your option) any later version. | 8 * version 2 of the License, or (at your option) any later version. |
9 * | 9 * |
10 * This library is distributed in the hope that it will be useful, | 10 * This library is distributed in the hope that it will be useful, |
(...skipping 11 matching lines...) Expand all Loading... |
22 #include "core/dom/StyleElement.h" | 22 #include "core/dom/StyleElement.h" |
23 | 23 |
24 #include "bindings/core/v8/ScriptController.h" | 24 #include "bindings/core/v8/ScriptController.h" |
25 #include "core/css/MediaList.h" | 25 #include "core/css/MediaList.h" |
26 #include "core/css/MediaQueryEvaluator.h" | 26 #include "core/css/MediaQueryEvaluator.h" |
27 #include "core/css/StyleSheetContents.h" | 27 #include "core/css/StyleSheetContents.h" |
28 #include "core/dom/Document.h" | 28 #include "core/dom/Document.h" |
29 #include "core/dom/Element.h" | 29 #include "core/dom/Element.h" |
30 #include "core/dom/ScriptableDocumentParser.h" | 30 #include "core/dom/ScriptableDocumentParser.h" |
31 #include "core/dom/StyleEngine.h" | 31 #include "core/dom/StyleEngine.h" |
| 32 #include "core/dom/shadow/ShadowRoot.h" |
32 #include "core/frame/LocalFrame.h" | 33 #include "core/frame/LocalFrame.h" |
33 #include "core/frame/csp/ContentSecurityPolicy.h" | 34 #include "core/frame/csp/ContentSecurityPolicy.h" |
34 #include "core/html/HTMLStyleElement.h" | 35 #include "core/html/HTMLStyleElement.h" |
35 #include "platform/TraceEvent.h" | 36 #include "platform/TraceEvent.h" |
36 #include "wtf/text/StringBuilder.h" | 37 #include "wtf/text/StringBuilder.h" |
37 | 38 |
38 namespace blink { | 39 namespace blink { |
39 | 40 |
40 static bool isCSS(Element* element, const AtomicString& type) | 41 static bool isCSS(Element* element, const AtomicString& type) |
41 { | 42 { |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
134 void StyleElement::clearSheet(Element* ownerElement) | 135 void StyleElement::clearSheet(Element* ownerElement) |
135 { | 136 { |
136 ASSERT(m_sheet); | 137 ASSERT(m_sheet); |
137 | 138 |
138 if (ownerElement && m_sheet->isLoading()) | 139 if (ownerElement && m_sheet->isLoading()) |
139 ownerElement->document().styleEngine()->removePendingSheet(ownerElement)
; | 140 ownerElement->document().styleEngine()->removePendingSheet(ownerElement)
; |
140 | 141 |
141 m_sheet.release()->clearOwnerNode(); | 142 m_sheet.release()->clearOwnerNode(); |
142 } | 143 } |
143 | 144 |
| 145 static bool shouldBypassMainWorldCSP(Element* element) |
| 146 { |
| 147 // Main world CSP is bypassed within an isolated world. |
| 148 LocalFrame* frame = element->document().frame(); |
| 149 if (frame && frame->script().shouldBypassMainWorldCSP()) |
| 150 return true; |
| 151 |
| 152 // Main world CSP is bypassed for style elements in user agent shadow DOM. |
| 153 ShadowRoot* root = element->containingShadowRoot(); |
| 154 if (root && root->type() == ShadowRoot::UserAgentShadowRoot) |
| 155 return true; |
| 156 |
| 157 return false; |
| 158 } |
| 159 |
144 void StyleElement::createSheet(Element* e, const String& text) | 160 void StyleElement::createSheet(Element* e, const String& text) |
145 { | 161 { |
146 ASSERT(e); | 162 ASSERT(e); |
147 ASSERT(e->inDocument()); | 163 ASSERT(e->inDocument()); |
148 Document& document = e->document(); | 164 Document& document = e->document(); |
149 if (m_sheet) | 165 if (m_sheet) |
150 clearSheet(e); | 166 clearSheet(e); |
151 | 167 |
152 // Inline style added from an isolated world should bypass the main world's | |
153 // CSP just as an inline script would. | |
154 LocalFrame* frame = document.frame(); | |
155 bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWor
ldCSP(); | |
156 | |
157 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); | 168 const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); |
158 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP | 169 bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e) |
159 || csp->allowStyleWithHash(text) | 170 || csp->allowStyleWithHash(text) |
160 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) | 171 || csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) |
161 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line); | 172 || csp->allowInlineStyle(e->document().url(), m_startPosition.m_line); |
162 | 173 |
163 // If type is empty or CSS, this is a CSS style sheet. | 174 // If type is empty or CSS, this is a CSS style sheet. |
164 const AtomicString& type = this->type(); | 175 const AtomicString& type = this->type(); |
165 if (isCSS(e, type) && passesContentSecurityPolicyChecks) { | 176 if (isCSS(e, type) && passesContentSecurityPolicyChecks) { |
166 RefPtrWillBeRawPtr<MediaQuerySet> mediaQueries = MediaQuerySet::create(m
edia()); | 177 RefPtrWillBeRawPtr<MediaQuerySet> mediaQueries = MediaQuerySet::create(m
edia()); |
167 | 178 |
168 MediaQueryEvaluator screenEval("screen", true); | 179 MediaQueryEvaluator screenEval("screen", true); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 { | 211 { |
201 document.styleEngine()->addPendingSheet(); | 212 document.styleEngine()->addPendingSheet(); |
202 } | 213 } |
203 | 214 |
204 void StyleElement::trace(Visitor* visitor) | 215 void StyleElement::trace(Visitor* visitor) |
205 { | 216 { |
206 visitor->trace(m_sheet); | 217 visitor->trace(m_sheet); |
207 } | 218 } |
208 | 219 |
209 } | 220 } |
OLD | NEW |