Source/core/dom/StyleElement.cpp - Issue 516273002: Move plugin placeholder style to CSS, and allow it to bypass main world CSP.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/core/dom/StyleElement.cpp

Issue 516273002: Move plugin placeholder style to CSS, and allow it to bypass main world CSP. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: remove excess inline style from js Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « LayoutTests/fast/plugins/plugin-placeholder-structured-expected.html ('k') | Source/core/html/shadow/PluginPlaceholderElement.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: Source/core/dom/StyleElement.cpp

diff --git a/Source/core/dom/StyleElement.cpp b/Source/core/dom/StyleElement.cpp

index cc7378d4983ffc4801bf41a850252f663b3b18fc..0f459d0b516a689a90497aaf21bdf749b4147b76 100644

--- a/Source/core/dom/StyleElement.cpp

+++ b/Source/core/dom/StyleElement.cpp

@@ -29,6 +29,7 @@

#include "core/dom/Element.h"

#include "core/dom/ScriptableDocumentParser.h"

#include "core/dom/StyleEngine.h"

+#include "core/dom/shadow/ShadowRoot.h"

#include "core/frame/LocalFrame.h"

#include "core/frame/csp/ContentSecurityPolicy.h"

#include "core/html/HTMLStyleElement.h"

@@ -141,6 +142,21 @@ void StyleElement::clearSheet(Element* ownerElement)

m_sheet.release()->clearOwnerNode();

}

+static bool shouldBypassMainWorldCSP(Element* element)

+ // Main world CSP is bypassed within an isolated world.

+ LocalFrame* frame = element->document().frame();

+ if (frame && frame->script().shouldBypassMainWorldCSP())

+ return true;

+ // Main world CSP is bypassed for style elements in user agent shadow DOM.

+ ShadowRoot* root = element->containingShadowRoot();

+ if (root && root->type() == ShadowRoot::UserAgentShadowRoot)

+ return true;

+ return false;

void StyleElement::createSheet(Element* e, const String& text)

{

ASSERT(e);

@@ -149,13 +165,8 @@ void StyleElement::createSheet(Element* e, const String& text)

if (m_sheet)

clearSheet(e);

- // Inline style added from an isolated world should bypass the main world's

- // CSP just as an inline script would.

- LocalFrame* frame = document.frame();

- bool shouldBypassMainWorldCSP = frame && frame->script().shouldBypassMainWorldCSP();

const ContentSecurityPolicy* csp = document.contentSecurityPolicy();

- bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP

+ bool passesContentSecurityPolicyChecks = shouldBypassMainWorldCSP(e)

|| csp->allowStyleWithHash(text)

|| csp->allowStyleWithNonce(e->fastGetAttribute(HTMLNames::nonceAttr))

|| csp->allowInlineStyle(e->document().url(), m_startPosition.m_line);