Changeset 225650 in webkit

Timestamp:

Dec 7, 2017 3:58:39 PM (6 years ago)

Author:

Antti Koivisto

Message:

Move security origin filtering for getMatchedCSSRules out of StyleResolver
​https://bugs.webkit.org/show_bug.cgi?id=180468

Reviewed by Zalan Bujtas.

The non-standard getMatchedCSSRules API should not return rules from stylesheets in different security origins.
To implement this we currently have lots of invasive code in StyleResolver, RuleSets and ElementRuleCollector
basically passing around a bit. This also makes RuleSets document specific blocking optimizations.

This patches replaces the mechanism with a bit in StyleRule which is much simpler.

• css/DocumentRuleSets.cpp:

(WebCore::makeRuleSet):

• css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::collectMatchingRulesForList):

• css/ElementRuleCollector.h:

(WebCore::ElementRuleCollector::setPseudoStyleRequest):
(WebCore::ElementRuleCollector::setSameOriginOnly): Deleted.

• css/RuleFeature.cpp:

(WebCore::RuleFeatureSet::collectFeatures):

• css/RuleFeature.h:

(WebCore::RuleFeature::RuleFeature):

• css/RuleSet.cpp:

(WebCore::RuleData::RuleData):
(WebCore::RuleSet::addRule):
(WebCore::RuleSet::addChildRules):
(WebCore::RuleSet::addRulesFromSheet):
(WebCore::RuleSet::addStyleRule):

• css/RuleSet.h:

(WebCore::RuleData::linkMatchType const):
(WebCore::RuleData::hasDocumentSecurityOrigin const): Deleted.

• css/StyleResolver.cpp:

(WebCore::StyleResolver::pseudoStyleRulesForElement):

• css/StyleResolver.h:
• css/StyleRule.cpp:

(WebCore::StyleRule::StyleRule):
(WebCore::StyleRule::createForSplitting):
(WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount const):
(WebCore::StyleRule::create): Deleted.

• css/StyleRule.h:

(WebCore::StyleRuleBase::StyleRuleBase):
(WebCore::StyleRuleBase::hasDocumentSecurityOrigin const):

Add a bit.

• css/parser/CSSParser.cpp:

(WebCore::CSSParserContext::CSSParserContext):

Include hasDocumentSecurityOrigin bit to parser context. This means that a stylesheet data structures
can't be shared between a contexts where this differs. This likely very rare in practice.

(WebCore::operator==):

• css/parser/CSSParserImpl.cpp:

(WebCore::CSSParserImpl::consumeStyleRule):

• css/parser/CSSParserMode.h:

(WebCore::CSSParserContextHash::hash):

• editing/EditingStyle.cpp:

(WebCore::EditingStyle::mergeStyleFromRules):

• page/DOMWindow.cpp:

(WebCore::DOMWindow::getMatchedCSSRules const):

Filter out rules from different security origin after getting them from style resolver.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• css/DocumentRuleSets.cpp (modified) (1 diff)
• css/ElementRuleCollector.cpp (modified) (1 diff)
• css/ElementRuleCollector.h (modified) (2 diffs)
• css/RuleFeature.cpp (modified) (2 diffs)
• css/RuleFeature.h (modified) (1 diff)
• css/RuleSet.cpp (modified) (7 diffs)
• css/RuleSet.h (modified) (6 diffs)
• css/StyleResolver.cpp (modified) (1 diff)
• css/StyleResolver.h (modified) (1 diff)
• css/StyleRule.cpp (modified) (5 diffs)
• css/StyleRule.h (modified) (5 diffs)
• css/parser/CSSParser.cpp (modified) (2 diffs)
• css/parser/CSSParserImpl.cpp (modified) (2 diffs)
• css/parser/CSSParserMode.h (modified) (2 diffs)
• editing/EditingStyle.cpp (modified) (1 diff)
• page/DOMWindow.cpp (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-12-07  Antti Koivisto  <antti@apple.com>
+
+        Move security origin filtering for getMatchedCSSRules out of StyleResolver
+        https://bugs.webkit.org/show_bug.cgi?id=180468
+
+        Reviewed by Zalan Bujtas.
+
+        The non-standard getMatchedCSSRules API should not return rules from stylesheets in different security origins.
+        To implement this we currently have lots of invasive code in StyleResolver, RuleSets and ElementRuleCollector
+        basically passing around a bit. This also makes RuleSets document specific blocking optimizations.
+
+        This patches replaces the mechanism with a bit in StyleRule which is much simpler.
+
+        * css/DocumentRuleSets.cpp:
+        (WebCore::makeRuleSet):
+        * css/ElementRuleCollector.cpp:
+        (WebCore::ElementRuleCollector::collectMatchingRulesForList):
+        * css/ElementRuleCollector.h:
+        (WebCore::ElementRuleCollector::setPseudoStyleRequest):
+        (WebCore::ElementRuleCollector::setSameOriginOnly): Deleted.
+        * css/RuleFeature.cpp:
+        (WebCore::RuleFeatureSet::collectFeatures):
+        * css/RuleFeature.h:
+        (WebCore::RuleFeature::RuleFeature):
+        * css/RuleSet.cpp:
+        (WebCore::RuleData::RuleData):
+        (WebCore::RuleSet::addRule):
+        (WebCore::RuleSet::addChildRules):
+        (WebCore::RuleSet::addRulesFromSheet):
+        (WebCore::RuleSet::addStyleRule):
+        * css/RuleSet.h:
+        (WebCore::RuleData::linkMatchType const):
+        (WebCore::RuleData::hasDocumentSecurityOrigin const): Deleted.
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::pseudoStyleRulesForElement):
+        * css/StyleResolver.h:
+        * css/StyleRule.cpp:
+        (WebCore::StyleRule::StyleRule):
+        (WebCore::StyleRule::createForSplitting):
+        (WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount const):
+        (WebCore::StyleRule::create): Deleted.
+        * css/StyleRule.h:
+        (WebCore::StyleRuleBase::StyleRuleBase):
+        (WebCore::StyleRuleBase::hasDocumentSecurityOrigin const):
+
+            Add a bit.
+
+        * css/parser/CSSParser.cpp:
+        (WebCore::CSSParserContext::CSSParserContext):
+
+            Include hasDocumentSecurityOrigin bit to parser context. This means that a stylesheet data structures
+            can't be shared between a contexts where this differs. This likely very rare in practice.
+
+        (WebCore::operator==):
+        * css/parser/CSSParserImpl.cpp:
+        (WebCore::CSSParserImpl::consumeStyleRule):
+        * css/parser/CSSParserMode.h:
+        (WebCore::CSSParserContextHash::hash):
+        * editing/EditingStyle.cpp:
+        (WebCore::EditingStyle::mergeStyleFromRules):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::getMatchedCSSRules const):
+
+            Filter out rules from different security origin after getting them from style resolver.
+
 2017-12-07  Zalan Bujtas  <zalan@apple.com>
 

trunk/Source/WebCore/css/DocumentRuleSets.cpp

@@ -115 +115 @@
     auto ruleSet = std::make_unique<RuleSet>();
     for (size_t i = 0; i < size; ++i)
-        ruleSet->addRule(rules[i].rule, rules[i].selectorIndex, rules[i].hasDocumentSecurityOrigin ? RuleHasDocumentSecurityOrigin : RuleHasNoSpecialState);
+        ruleSet->addRule(rules[i].rule, rules[i].selectorIndex);
     ruleSet->shrinkToFit();
     return ruleSet;

trunk/Source/WebCore/css/ElementRuleCollector.cpp

@@ -477 +477 @@
             continue;
 
-        // FIXME: Exposing the non-standard getMatchedCSSRules API to web is the only reason this is needed.
-        if (m_sameOriginOnly && !ruleData.hasDocumentSecurityOrigin())
-            continue;
-
         unsigned specificity;
         if (ruleMatches(ruleData, specificity))

trunk/Source/WebCore/css/ElementRuleCollector.h

@@ -55 +55 @@
     void setMode(SelectorChecker::Mode mode) { m_mode = mode; }
     void setPseudoStyleRequest(const PseudoStyleRequest& request) { m_pseudoStyleRequest = request; }
-    void setSameOriginOnly(bool f) { m_sameOriginOnly = f; } 
     void setMedium(const MediaQueryEvaluator* medium) { m_isPrintStyle = medium->mediaTypeMatchSpecific("print"); }
 
@@ -98 +97 @@
     bool m_isPrintStyle { false };
     PseudoStyleRequest m_pseudoStyleRequest { NOPSEUDO };
-    bool m_sameOriginOnly { false };
     SelectorChecker::Mode m_mode { SelectorChecker::Mode::ResolvingStyle };
     bool m_isMatchingSlottedPseudoElements { false };

trunk/Source/WebCore/css/RuleFeature.cpp

@@ -97 +97 @@
     recursivelyCollectFeaturesFromSelector(selectorFeatures, *ruleData.selector());
     if (selectorFeatures.hasSiblingSelector)
-        siblingRules.append(RuleFeature(ruleData.rule(), ruleData.selectorIndex(), ruleData.hasDocumentSecurityOrigin()));
+        siblingRules.append(RuleFeature(ruleData.rule(), ruleData.selectorIndex()));
     if (ruleData.containsUncommonAttributeSelector())
-        uncommonAttributeRules.append(RuleFeature(ruleData.rule(), ruleData.selectorIndex(), ruleData.hasDocumentSecurityOrigin()));
+        uncommonAttributeRules.append(RuleFeature(ruleData.rule(), ruleData.selectorIndex()));
     for (auto& className : selectorFeatures.classesMatchingAncestors) {
         auto addResult = ancestorClassRules.ensure(className, [] {
             return std::make_unique<Vector<RuleFeature>>();
         });
-        addResult.iterator->value->append(RuleFeature(ruleData.rule(), ruleData.selectorIndex(), ruleData.hasDocumentSecurityOrigin()));
+        addResult.iterator->value->append(RuleFeature(ruleData.rule(), ruleData.selectorIndex()));
     }
     for (auto* selector : selectorFeatures.attributeSelectorsMatchingAncestors) {
@@ -112 +112 @@
         });
         auto& rules = *addResult.iterator->value;
-        rules.features.append(RuleFeature(ruleData.rule(), ruleData.selectorIndex(), ruleData.hasDocumentSecurityOrigin()));
+        rules.features.append(RuleFeature(ruleData.rule(), ruleData.selectorIndex()));
         // Deduplicate selectors.
         rules.selectors.add(makeAttributeSelectorKey(*selector), selector);

trunk/Source/WebCore/css/RuleFeature.h

@@ -35 +35 @@
 
 struct RuleFeature {
-    RuleFeature(StyleRule* rule, unsigned selectorIndex, bool hasDocumentSecurityOrigin)
+    RuleFeature(StyleRule* rule, unsigned selectorIndex)
         : rule(rule)
         , selectorIndex(selectorIndex)
-        , hasDocumentSecurityOrigin(hasDocumentSecurityOrigin) 
-    { 
+    {
     }
     StyleRule* rule;
     unsigned selectorIndex;
-    bool hasDocumentSecurityOrigin;
 };
 

trunk/Source/WebCore/css/RuleSet.cpp

@@ -149 +149 @@
 }
 
-RuleData::RuleData(StyleRule* rule, unsigned selectorIndex, unsigned position, AddRuleFlags addRuleFlags)
+RuleData::RuleData(StyleRule* rule, unsigned selectorIndex, unsigned position)
     : m_rule(rule)
     , m_selectorIndex(selectorIndex)
-    , m_hasDocumentSecurityOrigin(addRuleFlags & RuleHasDocumentSecurityOrigin)
     , m_position(position)
     , m_matchBasedOnRuleHash(static_cast<unsigned>(computeMatchBasedOnRuleHash(*selector())))
@@ -203 +202 @@
 }
 
-void RuleSet::addRule(StyleRule* rule, unsigned selectorIndex, AddRuleFlags addRuleFlags)
-{
-    RuleData ruleData(rule, selectorIndex, m_ruleCount++, addRuleFlags);
+void RuleSet::addRule(StyleRule* rule, unsigned selectorIndex)
+{
+    RuleData ruleData(rule, selectorIndex, m_ruleCount++);
     m_features.collectFeatures(ruleData);
 
@@ -361 +360 @@
 }
 
-void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags addRuleFlags)
+void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool isInitiatingElementInUserAgentShadowTree)
 {
     for (auto& rule : rules) {
         if (is<StyleRule>(*rule))
-            addStyleRule(downcast<StyleRule>(rule.get()), addRuleFlags);
+            addStyleRule(downcast<StyleRule>(rule.get()));
         else if (is<StyleRulePage>(*rule))
             addPageRule(downcast<StyleRulePage>(rule.get()));
@@ -371 +370 @@
             auto& mediaRule = downcast<StyleRuleMedia>(*rule);
             if ((!mediaRule.mediaQueries() || medium.evaluate(*mediaRule.mediaQueries(), resolver)))
-                addChildRules(mediaRule.childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
+                addChildRules(mediaRule.childRules(), medium, resolver, isInitiatingElementInUserAgentShadowTree);
         } else if (is<StyleRuleFontFace>(*rule) && resolver) {
             // Add this font face to our set.
@@ -379 +378 @@
             resolver->addKeyframeStyle(downcast<StyleRuleKeyframes>(*rule));
         else if (is<StyleRuleSupports>(*rule) && downcast<StyleRuleSupports>(*rule).conditionIsSupported())
-            addChildRules(downcast<StyleRuleSupports>(*rule).childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
+            addChildRules(downcast<StyleRuleSupports>(*rule).childRules(), medium, resolver, isInitiatingElementInUserAgentShadowTree);
 #if ENABLE(CSS_DEVICE_ADAPTATION)
         else if (is<StyleRuleViewport>(*rule) && resolver) {
@@ -395 +394 @@
     }
 
-    bool hasDocumentSecurityOrigin = resolver && resolver->document().securityOrigin().canRequest(sheet.baseURL());
-    AddRuleFlags addRuleFlags = static_cast<AddRuleFlags>((hasDocumentSecurityOrigin ? RuleHasDocumentSecurityOrigin : 0));
-
     // FIXME: Skip Content Security Policy check when stylesheet is in a user agent shadow tree.
     // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
     bool isInitiatingElementInUserAgentShadowTree = false;
-    addChildRules(sheet.childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
+    addChildRules(sheet.childRules(), medium, resolver, isInitiatingElementInUserAgentShadowTree);
 
     if (m_autoShrinkToFitEnabled)
@@ -407 +403 @@
 }
 
-void RuleSet::addStyleRule(StyleRule* rule, AddRuleFlags addRuleFlags)
+void RuleSet::addStyleRule(StyleRule* rule)
 {
     for (size_t selectorIndex = 0; selectorIndex != notFound; selectorIndex = rule->selectorList().indexOfNextSelectorAfter(selectorIndex))
-        addRule(rule, selectorIndex, addRuleFlags);
+        addRule(rule, selectorIndex);
 }
 

trunk/Source/WebCore/css/RuleSet.h

@@ -33 +33 @@
 namespace WebCore {
 
-enum AddRuleFlags {
-    RuleHasNoSpecialState         = 0,
-    RuleHasDocumentSecurityOrigin = 1,
-};
-    
 enum PropertyWhitelistType {
     PropertyWhitelistNone   = 0,
@@ -65 +60 @@
     static const unsigned maximumSelectorComponentCount = 8192;
 
-    RuleData(StyleRule*, unsigned selectorIndex, unsigned position, AddRuleFlags);
+    RuleData(StyleRule*, unsigned selectorIndex, unsigned position);
 
     unsigned position() const { return m_position; }
@@ -76 +71 @@
     bool containsUncommonAttributeSelector() const { return m_containsUncommonAttributeSelector; }
     unsigned linkMatchType() const { return m_linkMatchType; }
-    bool hasDocumentSecurityOrigin() const { return m_hasDocumentSecurityOrigin; }
     PropertyWhitelistType propertyWhitelistType() const { return static_cast<PropertyWhitelistType>(m_propertyWhitelistType); }
     const SelectorFilter::Hashes& descendantSelectorIdentifierHashes() const { return m_descendantSelectorIdentifierHashes; }
@@ -103 +97 @@
     RefPtr<StyleRule> m_rule;
     unsigned m_selectorIndex : 13;
-    unsigned m_hasDocumentSecurityOrigin : 1;
     // This number was picked fairly arbitrarily. We can probably lower it if we need to.
     // Some simple testing showed <100,000 RuleData's on large sites.
@@ -159 +152 @@
     void addRulesFromSheet(StyleSheetContents&, const MediaQueryEvaluator&, StyleResolver* = 0);
 
-    void addStyleRule(StyleRule*, AddRuleFlags);
-    void addRule(StyleRule*, unsigned selectorIndex, AddRuleFlags);
+    void addStyleRule(StyleRule*);
+    void addRule(StyleRule*, unsigned selectorIndex);
     void addPageRule(StyleRulePage*);
     void addToRuleSet(const AtomicString& key, AtomRuleMap&, const RuleData&);
@@ -189 +182 @@
 
 private:
-    void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags);
+    void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool isInitiatingElementInUserAgentShadowTree);
 
     AtomRuleMap m_idRules;

trunk/Source/WebCore/css/StyleResolver.cpp

@@ -1133 +1133 @@
     }
 
-    if (m_matchAuthorAndUserStyles && (rulesToInclude & AuthorCSSRules)) {
-        collector.setSameOriginOnly(!(rulesToInclude & CrossOriginCSSRules));
-
-        // Check the rules in author sheets.
+    if (m_matchAuthorAndUserStyles && (rulesToInclude & AuthorCSSRules))
         collector.matchAuthorRules(rulesToInclude & EmptyCSSRules);
-    }
 
     return collector.matchedRuleList();

trunk/Source/WebCore/css/StyleResolver.h

@@ -168 +168 @@
         AuthorCSSRules      = 1 << 2,
         EmptyCSSRules       = 1 << 3,
-        CrossOriginCSSRules = 1 << 4,
-        AllButEmptyCSSRules = UAAndUserCSSRules | AuthorCSSRules | CrossOriginCSSRules,
+        AllButEmptyCSSRules = UAAndUserCSSRules | AuthorCSSRules,
         AllCSSRules         = AllButEmptyCSSRules | EmptyCSSRules,
     };

trunk/Source/WebCore/css/StyleRule.cpp

@@ -182 +182 @@
 }
 
-StyleRule::StyleRule(Ref<StylePropertiesBase>&& properties)
-    : StyleRuleBase(Style)
+StyleRule::StyleRule(Ref<StylePropertiesBase>&& properties, bool hasDocumentSecurityOrigin)
+    : StyleRuleBase(Style, hasDocumentSecurityOrigin)
     , m_properties(WTFMove(properties))
 {
@@ -211 +211 @@
 }
 
-Ref<StyleRule> StyleRule::create(const Vector<const CSSSelector*>& selectors, Ref<StyleProperties>&& properties)
+Ref<StyleRule> StyleRule::createForSplitting(const Vector<const CSSSelector*>& selectors, Ref<StyleProperties>&& properties, bool hasDocumentSecurityOrigin)
 {
     ASSERT_WITH_SECURITY_IMPLICATION(!selectors.isEmpty());
@@ -218 +218 @@
         new (NotNull, &selectorListArray[i]) CSSSelector(*selectors.at(i));
     selectorListArray[selectors.size() - 1].setLastInSelectorList();
-    auto rule = StyleRule::create(WTFMove(properties));
+    auto rule = StyleRule::create(WTFMove(properties), hasDocumentSecurityOrigin);
     rule.get().parserAdoptSelectorArray(selectorListArray);
     return rule;
@@ -236 +236 @@
 
         if (componentsInThisSelector.size() + componentsSinceLastSplit.size() > maxCount && !componentsSinceLastSplit.isEmpty()) {
-            rules.append(create(componentsSinceLastSplit, const_cast<StyleProperties&>(properties())));
+            rules.append(createForSplitting(componentsSinceLastSplit, const_cast<StyleProperties&>(properties()), hasDocumentSecurityOrigin()));
             componentsSinceLastSplit.clear();
         }
@@ -244 +244 @@
 
     if (!componentsSinceLastSplit.isEmpty())
-        rules.append(create(componentsSinceLastSplit, const_cast<StyleProperties&>(properties())));
+        rules.append(createForSplitting(componentsSinceLastSplit, const_cast<StyleProperties&>(properties()), hasDocumentSecurityOrigin()));
 
     return rules;

trunk/Source/WebCore/css/StyleRule.h

@@ -87 +87 @@
 
 protected:
-    StyleRuleBase(Type type)
+    StyleRuleBase(Type type, bool hasDocumentSecurityOrigin = false)
         : m_type(type)
-        { }
+        , m_hasDocumentSecurityOrigin(hasDocumentSecurityOrigin)
+    {
+    }
 
     StyleRuleBase(const StyleRuleBase& o)
         : WTF::RefCountedBase()
         , m_type(o.m_type)
-        { }
+        , m_hasDocumentSecurityOrigin(o.m_hasDocumentSecurityOrigin)
+    {
+    }
 
     ~StyleRuleBase() = default;
 
+    bool hasDocumentSecurityOrigin() const { return m_hasDocumentSecurityOrigin; }
+
 private:
     WEBCORE_EXPORT void destroy();
@@ -104 +110 @@
 
     unsigned m_type : 5;
+    // This is only needed to support getMatchedCSSRules.
+    unsigned m_hasDocumentSecurityOrigin : 1;
 };
 
@@ -109 +117 @@
     WTF_MAKE_FAST_ALLOCATED;
 public:
-    static Ref<StyleRule> create(Ref<StylePropertiesBase>&& properties)
-    {
-        return adoptRef(*new StyleRule(WTFMove(properties)));
+    static Ref<StyleRule> create(Ref<StylePropertiesBase>&& properties, bool hasDocumentSecurityOrigin)
+    {
+        return adoptRef(*new StyleRule(WTFMove(properties), hasDocumentSecurityOrigin));
     }
     
@@ -122 +130 @@
     const StyleProperties* propertiesWithoutDeferredParsing() const;
 
+    using StyleRuleBase::hasDocumentSecurityOrigin;
+
     void parserAdoptSelectorVector(Vector<std::unique_ptr<CSSParserSelector>>& selectors) { m_selectorList.adoptSelectorVector(selectors); }
     void wrapperAdoptSelectorList(CSSSelectorList& selectors) { m_selectorList = WTFMove(selectors); }
@@ -133 +143 @@
 
 private:
-    StyleRule(Ref<StylePropertiesBase>&&);
+    StyleRule(Ref<StylePropertiesBase>&&, bool hasDocumentSecurityOrigin);
     StyleRule(const StyleRule&);
 
-    static Ref<StyleRule> create(const Vector<const CSSSelector*>&, Ref<StyleProperties>&&);
+    static Ref<StyleRule> createForSplitting(const Vector<const CSSSelector*>&, Ref<StyleProperties>&&, bool hasDocumentSecurityOrigin);
 
     mutable Ref<StylePropertiesBase> m_properties;

trunk/Source/WebCore/css/parser/CSSParser.cpp

@@ -73 +73 @@
 }
 
-CSSParserContext::CSSParserContext(Document& document, const URL& baseURL, const String& charset)
-    : baseURL(baseURL.isNull() ? document.baseURL() : baseURL)
+CSSParserContext::CSSParserContext(Document& document, const URL& sheetBaseURL, const String& charset)
+    : baseURL(sheetBaseURL.isNull() ? document.baseURL() : sheetBaseURL)
     , charset(charset)
     , mode(document.inQuirksMode() ? HTMLQuirksMode : HTMLStandardMode)
     , isHTMLDocument(document.isHTMLDocument())
     , cssGridLayoutEnabled(document.isCSSGridLayoutEnabled())
+    , hasDocumentSecurityOrigin(document.securityOrigin().canRequest(baseURL))
 {
     needsSiteSpecificQuirks = document.settings().needsSiteSpecificQuirks();
@@ -112 +113 @@
         && a.constantPropertiesEnabled == b.constantPropertiesEnabled
         && a.conicGradientsEnabled == b.conicGradientsEnabled
-        && a.deferredCSSParserEnabled == b.deferredCSSParserEnabled;
+        && a.deferredCSSParserEnabled == b.deferredCSSParserEnabled
+        && a.hasDocumentSecurityOrigin == b.hasDocumentSecurityOrigin;
 }
 

trunk/Source/WebCore/css/parser/CSSParserImpl.cpp

@@ -739 +739 @@
         blockCopy.consumeWhitespace();
         if (!blockCopy.atEnd()) {
-            rule = StyleRule::create(createDeferredStyleProperties(block));
+            rule = StyleRule::create(createDeferredStyleProperties(block), m_context.hasDocumentSecurityOrigin);
             rule->wrapperAdoptSelectorList(selectorList);
             return rule;
@@ -746 +746 @@
 
     consumeDeclarationList(block, StyleRule::Style);
-    rule = StyleRule::create(createStyleProperties(m_parsedProperties, m_context.mode));
+    rule = StyleRule::create(createStyleProperties(m_parsedProperties, m_context.mode), m_context.hasDocumentSecurityOrigin);
     rule->wrapperAdoptSelectorList(selectorList);
     return rule;

trunk/Source/WebCore/css/parser/CSSParserMode.h

@@ -108 +108 @@
     bool conicGradientsEnabled { false };
     bool deferredCSSParserEnabled { false };
+    // This is only needed to support getMatchedCSSRules.
+    bool hasDocumentSecurityOrigin { false };
 
     URL completeURL(const String& url) const
@@ -142 +144 @@
             & key.conicGradientsEnabled                     << 8
             & key.deferredCSSParserEnabled                  << 9
-            & key.mode                                      << 10;
+            & key.hasDocumentSecurityOrigin                 << 10
+            & key.mode                                      << 11;
         hash ^= WTF::intHash(bits);
         return hash;

trunk/Source/WebCore/editing/EditingStyle.cpp

@@ -1270 +1270 @@
 {
     RefPtr<MutableStyleProperties> styleFromMatchedRules = styleFromMatchedRulesForElement(element,
-        StyleResolver::AuthorCSSRules | StyleResolver::CrossOriginCSSRules);
+        StyleResolver::AuthorCSSRules);
     // Styles from the inline style declaration, held in the variable "style", take precedence 
     // over those from matched rules.

trunk/Source/WebCore/page/DOMWindow.cpp

@@ -1483 +1483 @@
     if (!authorOnly)
         rulesToInclude |= StyleResolver::UAAndUserCSSRules;
-    if (m_frame->settings().crossOriginCheckInGetMatchedCSSRulesDisabled())
-        rulesToInclude |= StyleResolver::CrossOriginCSSRules;
 
     PseudoId pseudoId = CSSSelector::pseudoId(pseudoType);
@@ -1492 +1490 @@
         return nullptr;
 
+    bool allowCrossOrigin = m_frame->settings().crossOriginCheckInGetMatchedCSSRulesDisabled();
+
     RefPtr<StaticCSSRuleList> ruleList = StaticCSSRuleList::create();
-    for (auto& rule : matchedRules)
+    for (auto& rule : matchedRules) {
+        if (!allowCrossOrigin && !rule->hasDocumentSecurityOrigin())
+            continue;
         ruleList->rules().append(rule->createCSSOMWrapper());
+    }
+
+    if (ruleList->rules().isEmpty())
+        return nullptr;
 
     return ruleList;