Index: Source/core/dom/StyleElement.cpp |
diff --git a/Source/core/dom/StyleElement.cpp b/Source/core/dom/StyleElement.cpp |
index cc7378d4983ffc4801bf41a850252f663b3b18fc..00e0c2a0f0283f2e8318098894457f3bbe76ea32 100644 |
--- a/Source/core/dom/StyleElement.cpp |
+++ b/Source/core/dom/StyleElement.cpp |
@@ -29,6 +29,7 @@ |
#include "core/dom/Element.h" |
#include "core/dom/ScriptableDocumentParser.h" |
#include "core/dom/StyleEngine.h" |
+#include "core/dom/shadow/ShadowRoot.h" |
#include "core/frame/LocalFrame.h" |
#include "core/frame/csp/ContentSecurityPolicy.h" |
#include "core/html/HTMLStyleElement.h" |
@@ -141,6 +142,21 @@ void StyleElement::clearSheet(Element* ownerElement) |
m_sheet.release()->clearOwnerNode(); |
} |
+inline static bool shouldBypassMainWorldCSP(Element* e) |
abarth-chromium
2014/09/02 22:34:33
inline and static are redundant here. Just static
jbroman
2014/09/02 23:53:32
Will do.
jbroman
2014/09/16 21:39:25
Done.
|
+{ |
+ // Main world CSP is bypassed within an isolated world. |
+ LocalFrame* frame = e->document().frame(); |
abarth-chromium
2014/09/02 22:34:33
s/e/element/
jbroman
2014/09/02 23:53:32
Will do. This name was just here because I moved c
jbroman
2014/09/16 21:39:25
Done.
|
+ if (frame && frame->script().shouldBypassMainWorldCSP()) |
+ return true; |
+ |
+ // Main world CSP is bypassed for elements in user agent shadow DOM. |
+ ShadowRoot* root = e->containingShadowRoot(); |
+ if (root && root->type() == ShadowRoot::UserAgentShadowRoot) |
+ return true; |
+ |
+ return false; |
+} |
+ |
void StyleElement::createSheet(Element* e, const String& text) |
{ |
ASSERT(e); |
@@ -149,13 +165,8 @@ void StyleElement::createSheet(Element* e, const String& text) |
if (m_sheet) |
clearSheet(e); |
- // Inline style added from an isolated world should bypass the main world's |
- // CSP just as an inline script would. |
- LocalFrame* frame = document.frame(); |
- bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWorldCSP(); |
- |
const ContentSecurityPolicy* csp = document.contentSecurityPolicy(); |
- bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP |
+ bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e) |
|| csp->allowStyleWithHash(text) |
|| csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr)) |
|| csp->allowInlineStyle(e->document().url(), m_startPosition.m_line); |