Changeset 147558 in webkit


Ignore:
Timestamp:
Apr 3, 2013 8:45:10 AM (11 years ago)
Author:
commit-queue@webkit.org
Message:

CSP blocks inline style when cloning a node
https://bugs.webkit.org/show_bug.cgi?id=112270

Patch by Felipe Zimmerle <felipe@zimmerle.org> on 2013-04-03
Reviewed by Adam Barth.

Source/WebCore:

Checks if the Element is being cloned, if so, the application of the
style is allowed otherwise it relies on default permission mechanism.

Test: http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects.html

  • dom/Element.cpp:

(WebCore::Element::attributeChanged): Added parameter
AttributeModificationReason to the method signature.
(WebCore::Element::cloneAttributesFromElement): It is now calling
attributeChanged with AttributeModificationReason parameter. In this scope
it is always set to ModifiedByCloning.
(WebCode::Element::attributeChangedFromParserOrByCloning):
Added parameter AttributeModificationReason.

  • dom/Element.h: Added AttributeModificationReason enum. Used to specify

whenever an attribute was set by a cloned oject or directly.
AttributeModificationReason added to attributeChanged with the default
value set to ModifiedDirectly.

  • dom/StyledElement.cpp:

(WebCore::StyledElement::attributeChanged): Added
AttributeModificationReason to the method signature.
(WebCore::StyledElement::styleAttributeChanged): Now it is checking the
reason of the update, if the reason is ModifiedDirectly check CSP
before set. If ModifiedByCloning set the attribute ignoring the CSP
policy.

  • dom/StyledElement.h:

(StyledElement): Added AttributeModificationReason parameter to the methods:
attributeChanged and styleAttributeChanged, attributeChanged has
ModifiedDirectly as default value.

  • svg/SVGElement.cpp:

(WebCore::SVGElement::attributeChanged): Added AttributeModificationReason
parameter to the method signature.

  • svg/SVGElement.h:

(SVGElement): Added AttributeModificationReason parameter to the
attributeChanged signature with the default value set to:
ModifiedDirectly.

LayoutTests:

  • http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects.html: Added.
Location:
trunk
Files:
2 added
8 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r147551 r147558  
     12013-04-03  Felipe Zimmerle  <felipe@zimmerle.org>
     2
     3        CSP blocks inline style when cloning a node
     4        https://bugs.webkit.org/show_bug.cgi?id=112270
     5
     6        Reviewed by Adam Barth.
     7
     8        * http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects-expected.txt: Added.
     9        * http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects.html: Added.
     10
    1112013-04-03  Ádám Kallai  <kadam@inf.u-szeged.hu>
    212

  • trunk/Source/WebCore/ChangeLog

    r147556 r147558  
     12013-04-03  Felipe Zimmerle  <felipe@zimmerle.org>
     2
     3        CSP blocks inline style when cloning a node
     4        https://bugs.webkit.org/show_bug.cgi?id=112270
     5
     6        Reviewed by Adam Barth.
     7
     8        Checks if the Element is being cloned, if so, the application of the
     9        style is allowed otherwise it relies on default permission mechanism.
     10
     11        Test: http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects.html
     12
     13        * dom/Element.cpp:
     14        (WebCore::Element::attributeChanged): Added parameter
     15        AttributeModificationReason to the method signature.
     16        (WebCore::Element::cloneAttributesFromElement): It is now calling
     17        attributeChanged with AttributeModificationReason parameter. In this scope
     18        it is always set to ModifiedByCloning.
     19        (WebCode::Element::attributeChangedFromParserOrByCloning):
     20        Added parameter AttributeModificationReason.
     21        * dom/Element.h: Added AttributeModificationReason enum. Used to specify
     22        whenever an attribute was set by a cloned oject or directly.
     23        AttributeModificationReason added to attributeChanged with the default
     24        value set to ModifiedDirectly.
     25        * dom/StyledElement.cpp:
     26        (WebCore::StyledElement::attributeChanged): Added
     27        AttributeModificationReason to the method signature.
     28        (WebCore::StyledElement::styleAttributeChanged): Now it is checking the
     29        reason of the update, if the reason is ModifiedDirectly check CSP
     30        before set. If ModifiedByCloning set the attribute ignoring the CSP
     31        policy.
     32        * dom/StyledElement.h:
     33        (StyledElement): Added AttributeModificationReason parameter to the methods:
     34        attributeChanged and styleAttributeChanged, attributeChanged has
     35        ModifiedDirectly as default value.
     36        * svg/SVGElement.cpp:
     37        (WebCore::SVGElement::attributeChanged): Added AttributeModificationReason
     38        parameter to the method signature.
     39        * svg/SVGElement.h:
     40        (SVGElement): Added AttributeModificationReason parameter to the
     41        attributeChanged signature with the default value set to:
     42        ModifiedDirectly.
     43
    1442013-04-03  Csaba Osztrogonác  <ossy@webkit.org>
    245

  • trunk/Source/WebCore/dom/Element.cpp

    r147395 r147558  
    848848}
    849849
    850 void Element::attributeChanged(const QualifiedName& name, const AtomicString& newValue)
     850void Element::attributeChanged(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason)
    851851{
    852852    if (ElementShadow* parentElementShadow = shadowOfParentForDistribution(this)) {
     
    891891}
    892892
    893 inline void Element::attributeChangedFromParserOrByCloning(const QualifiedName& name, const AtomicString& newValue)
     893inline void Element::attributeChangedFromParserOrByCloning(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason reason)
    894894{
    895895#if ENABLE(CUSTOM_ELEMENTS)
     
    899899    }
    900900#endif
    901     attributeChanged(name, newValue);
     901    attributeChanged(name, newValue, reason);
    902902}
    903903
     
    10771077    // Use attributeVector instead of m_elementData because attributeChanged might modify m_elementData.
    10781078    for (unsigned i = 0; i < attributeVector.size(); ++i)
    1079         attributeChangedFromParserOrByCloning(attributeVector[i].name(), attributeVector[i].value());
     1079        attributeChangedFromParserOrByCloning(attributeVector[i].name(), attributeVector[i].value(), ModifiedDirectly);
    10801080}
    10811081
     
    28922892    for (unsigned i = 0; i < m_elementData->length(); ++i) {
    28932893        const Attribute* attribute = const_cast<const ElementData*>(m_elementData.get())->attributeItem(i);
    2894         attributeChangedFromParserOrByCloning(attribute->name(), attribute->value());
     2894        attributeChangedFromParserOrByCloning(attribute->name(), attribute->value(), ModifiedByCloning);
    28952895    }
    28962896}

  • trunk/Source/WebCore/dom/Element.h

    r147281 r147558  
    374374    NamedNodeMap* attributes() const;
    375375
     376    enum AttributeModificationReason {
     377        ModifiedDirectly,
     378        ModifiedByCloning
     379    };
     380
    376381    // This method is called whenever an attribute is added, changed or removed.
    377     virtual void attributeChanged(const QualifiedName&, const AtomicString&);
     382    virtual void attributeChanged(const QualifiedName&, const AtomicString&, AttributeModificationReason = ModifiedDirectly);
    378383    virtual void parseAttribute(const QualifiedName&, const AtomicString&) { }
    379384
     
    687692    void addAttributeInternal(const QualifiedName&, const AtomicString& value, SynchronizationOfLazyAttribute);
    688693    void removeAttributeInternal(size_t index, SynchronizationOfLazyAttribute);
    689     void attributeChangedFromParserOrByCloning(const QualifiedName&, const AtomicString&);
     694    void attributeChangedFromParserOrByCloning(const QualifiedName&, const AtomicString&, AttributeModificationReason);
    690695
    691696#ifndef NDEBUG

  • trunk/Source/WebCore/dom/StyledElement.cpp

    r143926 r147558  
    158158}
    159159
    160 void StyledElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue)
     160void StyledElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason reason)
    161161{
    162162    if (name == styleAttr)
    163         styleAttributeChanged(newValue);
     163        styleAttributeChanged(newValue, reason);
    164164    else if (isPresentationAttribute(name)) {
    165165        elementData()->m_presentationAttributeStyleIsDirty = true;
     
    167167    }
    168168
    169     Element::attributeChanged(name, newValue);
     169    Element::attributeChanged(name, newValue, reason);
    170170}
    171171
     
    198198}
    199199
    200 void StyledElement::styleAttributeChanged(const AtomicString& newStyleString)
     200void StyledElement::styleAttributeChanged(const AtomicString& newStyleString, AttributeModificationReason reason)
    201201{
    202202    WTF::OrdinalNumber startLineNumber = WTF::OrdinalNumber::beforeFirst();
     
    208208            cssomWrapper->clearParentElement();
    209209        ensureUniqueElementData()->m_inlineStyle.clear();
    210     } else if (document()->contentSecurityPolicy()->allowInlineStyle(document()->url(), startLineNumber))
     210    } else if (reason == ModifiedByCloning || document()->contentSecurityPolicy()->allowInlineStyle(document()->url(), startLineNumber))
    211211        setInlineStyleFromString(newStyleString);
    212212

  • trunk/Source/WebCore/dom/StyledElement.h

    r143926 r147558  
    6767    }
    6868
    69     virtual void attributeChanged(const QualifiedName&, const AtomicString&) OVERRIDE;
     69    virtual void attributeChanged(const QualifiedName&, const AtomicString&, AttributeModificationReason = ModifiedDirectly) OVERRIDE;
    7070
    7171    virtual bool isPresentationAttribute(const QualifiedName&) const { return false; }
     
    7878
    7979private:
    80     void styleAttributeChanged(const AtomicString& newStyleString);
     80    void styleAttributeChanged(const AtomicString& newStyleString, AttributeModificationReason);
    8181
    8282    void inlineStyleChanged();

  • trunk/Source/WebCore/svg/SVGElement.cpp

    r145830 r147558  
    531531}
    532532
    533 void SVGElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue)
     533void SVGElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason)
    534534{
    535535    StyledElement::attributeChanged(name, newValue);

  • trunk/Source/WebCore/svg/SVGElement.h

    r145830 r147558  
    127127
    128128    virtual void finishParsingChildren();
    129     virtual void attributeChanged(const QualifiedName&, const AtomicString&) OVERRIDE;
     129    virtual void attributeChanged(const QualifiedName&, const AtomicString&, AttributeModificationReason = ModifiedDirectly) OVERRIDE;
    130130    virtual bool childShouldCreateRenderer(const NodeRenderingContext&) const OVERRIDE;
    131131   
Note: See TracChangeset for help on using the changeset viewer.