Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(637)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/dom/StyleElement.cpp

Issue 516273002: Move plugin placeholder style to CSS, and allow it to bypass main world CSP. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: whitelist an explicit string Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/dom/StyleElement.h ('k') | Source/core/html/HTMLStyleElement.h » ('j') | public/blink_resources.grd » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/dom/StyleElement.cpp
diff --git a/Source/core/dom/StyleElement.cpp b/Source/core/dom/StyleElement.cpp
index cc7378d4983ffc4801bf41a850252f663b3b18fc..e875a9f159258b3e46f8745e3340bda4ce14c4ca 100644
--- a/Source/core/dom/StyleElement.cpp
+++ b/Source/core/dom/StyleElement.cpp
@@ -153,6 +153,10 @@ void StyleElement::createSheet(Element* e, const String& text)
// CSP just as an inline script would.
LocalFrame* frame = document.frame();
bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWorldCSP();
+ if (!shouldBypassMainWorldCSP && !m_whitelistedSource.isNull()) {
+ RELEASE_ASSERT(m_whitelistedSource == text);
+ shouldBypassMainWorldCSP = true;
+ }
const ContentSecurityPolicy* csp = document.contentSecurityPolicy();
bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP
« no previous file with comments | « Source/core/dom/StyleElement.h ('k') | Source/core/html/HTMLStyleElement.h » ('j') | public/blink_resources.grd » ('J')

Powered by Google App Engine
This is Rietveld 408576698