OLD | NEW |
1 /* | 1 /* |
2 * (C) 1999-2003 Lars Knoll (knoll@kde.org) | 2 * (C) 1999-2003 Lars Knoll (knoll@kde.org) |
3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved. | 3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved. |
4 * | 4 * |
5 * This library is free software; you can redistribute it and/or | 5 * This library is free software; you can redistribute it and/or |
6 * modify it under the terms of the GNU Library General Public | 6 * modify it under the terms of the GNU Library General Public |
7 * License as published by the Free Software Foundation; either | 7 * License as published by the Free Software Foundation; either |
8 * version 2 of the License, or (at your option) any later version. | 8 * version 2 of the License, or (at your option) any later version. |
9 * | 9 * |
10 * This library is distributed in the hope that it will be useful, | 10 * This library is distributed in the hope that it will be useful, |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
280 if (prefix == starAtom) | 280 if (prefix == starAtom) |
281 return starAtom; // We'll match any namespace. | 281 return starAtom; // We'll match any namespace. |
282 return m_namespaces.get(prefix); | 282 return m_namespaces.get(prefix); |
283 } | 283 } |
284 | 284 |
285 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach
edStyleSheet, const SecurityOrigin* securityOrigin) | 285 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach
edStyleSheet, const SecurityOrigin* securityOrigin) |
286 { | 286 { |
287 TRACE_EVENT0("blink", "StyleSheetContents::parseAuthorStyleSheet"); | 287 TRACE_EVENT0("blink", "StyleSheetContents::parseAuthorStyleSheet"); |
288 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "ParseAuthorSty
leSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet)); | 288 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "ParseAuthorSty
leSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet)); |
289 | 289 |
290 bool quirksMode = isQuirksModeBehavior(m_parserContext.mode()); | |
291 | |
292 bool enforceMIMEType = !quirksMode; | |
293 bool hasValidMIMEType = false; | 290 bool hasValidMIMEType = false; |
294 String sheetText = cachedStyleSheet->sheetText(enforceMIMEType, &hasValidMIM
EType); | 291 String sheetText = cachedStyleSheet->sheetText(&hasValidMIMEType); |
295 | 292 |
296 CSSParserContext context(parserContext(), UseCounter::getFrom(this)); | 293 CSSParserContext context(parserContext(), UseCounter::getFrom(this)); |
297 CSSParser::parseSheet(context, this, sheetText, TextPosition::minimumPositio
n(), 0, true); | 294 CSSParser::parseSheet(context, this, sheetText, TextPosition::minimumPositio
n(), 0, true); |
298 | 295 |
299 // If we're loading a stylesheet cross-origin, and the MIME type is not stan
dard, require the CSS | 296 // If we're loading a stylesheet cross-origin, and the MIME type is not stan
dard, require the CSS |
300 // to at least start with a syntactically valid CSS rule. | 297 // to at least start with a syntactically valid CSS rule. |
301 // This prevents an attacker playing games by injecting CSS strings into HTM
L, XML, JSON, etc. etc. | 298 // This prevents an attacker playing games by injecting CSS strings into HTM
L, XML, JSON, etc. etc. |
302 if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) { | 299 if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) { |
303 bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(b
aseURL()); | 300 bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(b
aseURL()); |
304 if (isCrossOriginCSS) { | 301 if (isCrossOriginCSS) { |
(...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
652 visitor->trace(m_ownerRule); | 649 visitor->trace(m_ownerRule); |
653 visitor->trace(m_importRules); | 650 visitor->trace(m_importRules); |
654 visitor->trace(m_childRules); | 651 visitor->trace(m_childRules); |
655 visitor->trace(m_loadingClients); | 652 visitor->trace(m_loadingClients); |
656 visitor->trace(m_completedClients); | 653 visitor->trace(m_completedClients); |
657 visitor->trace(m_ruleSet); | 654 visitor->trace(m_ruleSet); |
658 #endif | 655 #endif |
659 } | 656 } |
660 | 657 |
661 } | 658 } |
OLD | NEW |