Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(348)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/css/StyleSheetContents.cpp

Issue 733993002: CSS: Drop the quirks-mode exception for CSS MIME types. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Tests. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/cross-origin-css-expected.txt ('k') | Source/core/dom/ProcessingInstruction.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * (C) 1999-2003 Lars Knoll (knoll@kde.org) 2 * (C) 1999-2003 Lars Knoll (knoll@kde.org)
3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved. 3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved.
4 * 4 *
5 * This library is free software; you can redistribute it and/or 5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public 6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either 7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version. 8 * version 2 of the License, or (at your option) any later version.
9 * 9 *
10 * This library is distributed in the hope that it will be useful, 10 * This library is distributed in the hope that it will be useful,
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
280 if (prefix == starAtom) 280 if (prefix == starAtom)
281 return starAtom; // We'll match any namespace. 281 return starAtom; // We'll match any namespace.
282 return m_namespaces.get(prefix); 282 return m_namespaces.get(prefix);
283 } 283 }
284 284
285 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach edStyleSheet, const SecurityOrigin* securityOrigin) 285 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach edStyleSheet, const SecurityOrigin* securityOrigin)
286 { 286 {
287 TRACE_EVENT0("blink", "StyleSheetContents::parseAuthorStyleSheet"); 287 TRACE_EVENT0("blink", "StyleSheetContents::parseAuthorStyleSheet");
288 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "ParseAuthorSty leSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet)); 288 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "ParseAuthorSty leSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet));
289 289
290 bool quirksMode = isQuirksModeBehavior(m_parserContext.mode());
291
292 bool enforceMIMEType = !quirksMode;
293 bool hasValidMIMEType = false; 290 bool hasValidMIMEType = false;
294 String sheetText = cachedStyleSheet->sheetText(enforceMIMEType, &hasValidMIM EType); 291 String sheetText = cachedStyleSheet->sheetText(&hasValidMIMEType);
295 292
296 CSSParserContext context(parserContext(), UseCounter::getFrom(this)); 293 CSSParserContext context(parserContext(), UseCounter::getFrom(this));
297 CSSParser::parseSheet(context, this, sheetText, TextPosition::minimumPositio n(), 0, true); 294 CSSParser::parseSheet(context, this, sheetText, TextPosition::minimumPositio n(), 0, true);
298 295
299 // If we're loading a stylesheet cross-origin, and the MIME type is not stan dard, require the CSS 296 // If we're loading a stylesheet cross-origin, and the MIME type is not stan dard, require the CSS
300 // to at least start with a syntactically valid CSS rule. 297 // to at least start with a syntactically valid CSS rule.
301 // This prevents an attacker playing games by injecting CSS strings into HTM L, XML, JSON, etc. etc. 298 // This prevents an attacker playing games by injecting CSS strings into HTM L, XML, JSON, etc. etc.
302 if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) { 299 if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) {
303 bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(b aseURL()); 300 bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(b aseURL());
304 if (isCrossOriginCSS) { 301 if (isCrossOriginCSS) {
(...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after
652 visitor->trace(m_ownerRule); 649 visitor->trace(m_ownerRule);
653 visitor->trace(m_importRules); 650 visitor->trace(m_importRules);
654 visitor->trace(m_childRules); 651 visitor->trace(m_childRules);
655 visitor->trace(m_loadingClients); 652 visitor->trace(m_loadingClients);
656 visitor->trace(m_completedClients); 653 visitor->trace(m_completedClients);
657 visitor->trace(m_ruleSet); 654 visitor->trace(m_ruleSet);
658 #endif 655 #endif
659 } 656 }
660 657
661 } 658 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/cross-origin-css-expected.txt ('k') | Source/core/dom/ProcessingInstruction.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698