Context Navigation

← Previous Changeset
Next Changeset →

Changeset 109730 in webkit

Timestamp:

Mar 5, 2012 2:44:40 AM (12 years ago)

Author:

apavlov@chromium.org

Message:

Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
https://bugs.webkit.org/show_bug.cgi?id=80024

Reviewed by Pavel Feldman.

Source/WebCore:

Test: inspector/styles/add-new-rule-inline-style-csp.html

inspector/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::viaInspectorStyleSheet):

inspector/InspectorCSSAgent.h:

(InlineStyleOverrideScope):
(WebCore::InspectorCSSAgent::InlineStyleOverrideScope::InlineStyleOverrideScope):
(WebCore::InspectorCSSAgent::InlineStyleOverrideScope::~InlineStyleOverrideScope):
(InspectorCSSAgent):

inspector/InspectorStyleSheet.cpp:

(WebCore::InspectorStyleSheetForInlineStyle::setStyleText):

page/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
(WebCore::ContentSecurityPolicy::allowInlineStyle):
(WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
(WebCore):

page/ContentSecurityPolicy.h:

(ContentSecurityPolicy):

LayoutTests:

inspector/styles/add-new-rule-inline-style-csp-expected.txt: Added.
inspector/styles/add-new-rule-inline-style-csp.html: Added.

Location:

trunk

Files:

: 2 added
: 7 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt (added)
LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/inspector/InspectorCSSAgent.cpp (modified) (3 diffs)
Source/WebCore/inspector/InspectorCSSAgent.h (modified) (3 diffs)
Source/WebCore/inspector/InspectorStyleSheet.cpp (modified) (2 diffs)
Source/WebCore/page/ContentSecurityPolicy.cpp (modified) (3 diffs)
Source/WebCore/page/ContentSecurityPolicy.h (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r109728
+                      r109730
+-03-02  Alexander Pavlov  <apavlov@chromium.org>
+        Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+        https://bugs.webkit.org/show_bug.cgi?id=80024
+        Reviewed by Pavel Feldman.
+        * inspector/styles/add-new-rule-inline-style-csp-expected.txt: Added.
+        * inspector/styles/add-new-rule-inline-style-csp.html: Added.
 -03-05  Pavel Podivilov  <podivilov@chromium.org>

trunk/Source/WebCore/ChangeLog

-                      r109729
+                      r109730
+-03-02  Alexander Pavlov  <apavlov@chromium.org>
+        Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+        https://bugs.webkit.org/show_bug.cgi?id=80024
+        Reviewed by Pavel Feldman.
+        Test: inspector/styles/add-new-rule-inline-style-csp.html
+        * inspector/InspectorCSSAgent.cpp:
+        (WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
+        * inspector/InspectorCSSAgent.h:
+        (InlineStyleOverrideScope):
+        (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::InlineStyleOverrideScope):
+        (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::~InlineStyleOverrideScope):
+        (InspectorCSSAgent):
+        * inspector/InspectorStyleSheet.cpp:
+        (WebCore::InspectorStyleSheetForInlineStyle::setStyleText):
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
+        (WebCore::ContentSecurityPolicy::allowInlineStyle):
+        (WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
+        (WebCore):
+        * page/ContentSecurityPolicy.h:
+        (ContentSecurityPolicy):
 -03-05  Yoshifumi Inoue  <yosin@chromium.org>

trunk/Source/WebCore/inspector/InspectorCSSAgent.cpp

-                      r109116
+                      r109730
 #include "CSSStyleSelector.h"
 #include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
 #include "DOMWindow.h"
 #include "HTMLHeadElement.h"
 …
         else
             return 0;
+        InlineStyleOverrideScope overrideScope(document);
         targetNode->appendChild(styleElement, ec);
+    }
 …
     StyleSheetList* styleSheets = document->styleSheets();
     StyleSheet* styleSheet = styleSheets->item(styleSheets->length() - 1);
     if (!styleSheet->isCSSStyleSheet())
+    if (!styleSheet || !styleSheet->isCSSStyleSheet())
         return 0;
     CSSStyleSheet* cssStyleSheet = static_cast<CSSStyleSheet*>(styleSheet);

trunk/Source/WebCore/inspector/InspectorCSSAgent.h

-                      r107683
+                      r109730
 #include "CSSSelector.h"
+#include "ContentSecurityPolicy.h"
 #include "Document.h"
 #include "InspectorBaseAgent.h"
 …
 #include "InspectorValues.h"
 #include "PlatformString.h"
+#include "SecurityContext.h"
 #include <wtf/HashMap.h>
 …
     WTF_MAKE_NONCOPYABLE(InspectorCSSAgent);
 public:
+    class InlineStyleOverrideScope {
+    public:
+        InlineStyleOverrideScope(SecurityContext* context)
+            : m_contentSecurityPolicy(context->contentSecurityPolicy())
+        {
+            m_contentSecurityPolicy->setOverrideAllowInlineStyle(true);
+        }
+        ~InlineStyleOverrideScope()
+        {
+            m_contentSecurityPolicy->setOverrideAllowInlineStyle(false);
+        }
+    private:
+        ContentSecurityPolicy* m_contentSecurityPolicy;
+    };
     static CSSStyleRule* asCSSStyleRule(CSSRule*);

trunk/Source/WebCore/inspector/InspectorStyleSheet.cpp

-                      r109116
+                      r109730
 #include "CSSStyleSelector.h"
 #include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
 #include "Document.h"
 #include "Element.h"
 …
     ASSERT_UNUSED(style, style == inlineStyle());
     ExceptionCode ec = 0;
+    m_element->setAttribute("style", text, ec);
+    {
+        InspectorCSSAgent::InlineStyleOverrideScope overrideScope(m_element->ownerDocument());
+        m_element->setAttribute("style", text, ec);
+    }
     m_styleText = text;
     m_isStyleTextValid = true;

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

r103617	r109730
488	488	, m_reportOnly(false)
489	489	, m_haveSandboxPolicy(false)
	490	, m_overrideInlineStyleAllowed(false)
490	491	{
491	492	}
…	…
623	624	{
624	625	DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to apply inline style because of Content-Security-Policy.\n"));
625		return checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
	626	return m_overrideInlineStyleAllowed \|\| checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
626	627	}
627	628
…	…
678	679	DEFINE_STATIC_LOCAL(String, type, ("connect"));
679	680	return checkSourceAndReportViolation(operativeDirective(m_connectSrc.get()), url, type);
	681	}
	682
	683	void ContentSecurityPolicy::setOverrideAllowInlineStyle(bool value)
	684	{
	685	m_overrideInlineStyleAllowed = value;
680	686	}
681	687

trunk/Source/WebCore/page/ContentSecurityPolicy.h

-                      r104329
+                      r109730
     bool allowConnectFromSource(const KURL&) const;
+    void setOverrideAllowInlineStyle(bool);
 private:
     explicit ContentSecurityPolicy(ScriptExecutionContext*);
 …
     OwnPtr<CSPDirective> m_connectSrc;
     bool m_haveSandboxPolicy;
+    bool m_overrideInlineStyleAllowed;
     Vector<KURL> m_reportURLs;
 };

Note: See TracChangeset for help on using the changeset viewer.