Source/core/dom/StyleElement.cpp - Issue 516273002: Move plugin placeholder style to CSS, and allow it to bypass main world CSP.

Unified Diff: Source/core/dom/StyleElement.cpp

Issue 516273002: Move plugin placeholder style to CSS, and allow it to bypass main world CSP. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: gn Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « Source/core/core_generated.gyp ('k') | Source/core/html/shadow/PluginPlaceholderElement.h » ('j') | Source/core/html/shadow/PluginPlaceholderElement.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: Source/core/dom/StyleElement.cpp

diff --git a/Source/core/dom/StyleElement.cpp b/Source/core/dom/StyleElement.cpp

index cc7378d4983ffc4801bf41a850252f663b3b18fc..00e0c2a0f0283f2e8318098894457f3bbe76ea32 100644

--- a/Source/core/dom/StyleElement.cpp

+++ b/Source/core/dom/StyleElement.cpp

@@ -29,6 +29,7 @@

#include "core/dom/Element.h"

#include "core/dom/ScriptableDocumentParser.h"

#include "core/dom/StyleEngine.h"

+#include "core/dom/shadow/ShadowRoot.h"

#include "core/frame/LocalFrame.h"

#include "core/frame/csp/ContentSecurityPolicy.h"

#include "core/html/HTMLStyleElement.h"

@@ -141,6 +142,21 @@ void StyleElement::clearSheet(Element* ownerElement)

m_sheet.release()->clearOwnerNode();

}

+inline static bool shouldBypassMainWorldCSP(Element* e)

abarth-chromium 2014/09/02 22:34:33 inline and static are redundant here. Just static

jbroman 2014/09/02 23:53:32 Will do.

jbroman 2014/09/16 21:39:25 Done.

+ // Main world CSP is bypassed within an isolated world.

+ LocalFrame* frame = e->document().frame();

abarth-chromium 2014/09/02 22:34:33 s/e/element/

jbroman 2014/09/02 23:53:32 Will do. This name was just here because I moved c

jbroman 2014/09/16 21:39:25 Done.

+ if (frame && frame->script().shouldBypassMainWorldCSP())

+ return true;

+ // Main world CSP is bypassed for elements in user agent shadow DOM.

+ ShadowRoot* root = e->containingShadowRoot();

+ if (root && root->type() == ShadowRoot::UserAgentShadowRoot)

+ return true;

+ return false;

void StyleElement::createSheet(Element* e, const String& text)

{

ASSERT(e);

@@ -149,13 +165,8 @@ void StyleElement::createSheet(Element* e, const String& text)

if (m_sheet)

clearSheet(e);

- // Inline style added from an isolated world should bypass the main world's

- // CSP just as an inline script would.

- LocalFrame* frame = document.frame();

- bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWorldCSP();

const ContentSecurityPolicy* csp = document.contentSecurityPolicy();

- bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP

+ bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e)

|| csp->allowStyleWithHash(text)

|| csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))

|| csp->allowInlineStyle(e->document().url(), m_startPosition.m_line);