Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/css/StyleSheetContents.cpp

Issue 904143002: Revert "CSS: Drop the quirks-mode exception for CSS MIME types." (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/cross-origin-css-expected.txt ('k') | Source/core/dom/ProcessingInstruction.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * (C) 1999-2003 Lars Knoll (knoll@kde.org) 2 * (C) 1999-2003 Lars Knoll (knoll@kde.org)
3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved. 3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved.
4 * 4 *
5 * This library is free software; you can redistribute it and/or 5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public 6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either 7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version. 8 * version 2 of the License, or (at your option) any later version.
9 * 9 *
10 * This library is distributed in the hope that it will be useful, 10 * This library is distributed in the hope that it will be useful,
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
280 if (prefix == starAtom) 280 if (prefix == starAtom)
281 return starAtom; // We'll match any namespace. 281 return starAtom; // We'll match any namespace.
282 return m_namespaces.get(prefix); 282 return m_namespaces.get(prefix);
283 } 283 }
284 284
285 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach edStyleSheet, const SecurityOrigin* securityOrigin) 285 void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach edStyleSheet, const SecurityOrigin* securityOrigin)
286 { 286 {
287 TRACE_EVENT0("blink", "StyleSheetContents::parseAuthorStyleSheet"); 287 TRACE_EVENT0("blink", "StyleSheetContents::parseAuthorStyleSheet");
288 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "ParseAuthorSty leSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet)); 288 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "ParseAuthorSty leSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet));
289 289
290 bool quirksMode = isQuirksModeBehavior(m_parserContext.mode());
291
292 bool enforceMIMEType = !quirksMode;
290 bool hasValidMIMEType = false; 293 bool hasValidMIMEType = false;
291 String sheetText = cachedStyleSheet->sheetText(&hasValidMIMEType); 294 String sheetText = cachedStyleSheet->sheetText(enforceMIMEType, &hasValidMIM EType);
292 295
293 CSSParserContext context(parserContext(), UseCounter::getFrom(this)); 296 CSSParserContext context(parserContext(), UseCounter::getFrom(this));
294 CSSParser::parseSheet(context, this, sheetText, TextPosition::minimumPositio n(), 0, true); 297 CSSParser::parseSheet(context, this, sheetText, TextPosition::minimumPositio n(), 0, true);
295 298
296 // If we're loading a stylesheet cross-origin, and the MIME type is not stan dard, require the CSS 299 // If we're loading a stylesheet cross-origin, and the MIME type is not stan dard, require the CSS
297 // to at least start with a syntactically valid CSS rule. 300 // to at least start with a syntactically valid CSS rule.
298 // This prevents an attacker playing games by injecting CSS strings into HTM L, XML, JSON, etc. etc. 301 // This prevents an attacker playing games by injecting CSS strings into HTM L, XML, JSON, etc. etc.
299 if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) { 302 if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) {
300 bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(b aseURL()); 303 bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(b aseURL());
301 if (isCrossOriginCSS) { 304 if (isCrossOriginCSS) {
(...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after
649 visitor->trace(m_ownerRule); 652 visitor->trace(m_ownerRule);
650 visitor->trace(m_importRules); 653 visitor->trace(m_importRules);
651 visitor->trace(m_childRules); 654 visitor->trace(m_childRules);
652 visitor->trace(m_loadingClients); 655 visitor->trace(m_loadingClients);
653 visitor->trace(m_completedClients); 656 visitor->trace(m_completedClients);
654 visitor->trace(m_ruleSet); 657 visitor->trace(m_ruleSet);
655 #endif 658 #endif
656 } 659 }
657 660
658 } 661 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/cross-origin-css-expected.txt ('k') | Source/core/dom/ProcessingInstruction.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698