Changeset 85381 in webkit
- Timestamp:
- Apr 29, 2011 7:22:35 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r85379 r85381 1 2011-04-29 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 style-src should block inline style from <style> 6 https://bugs.webkit.org/show_bug.cgi?id=59292 7 8 Testing makes perfect. 9 10 * http/tests/security/contentSecurityPolicy/inline-style-allowed-expected.txt: Added. 11 * http/tests/security/contentSecurityPolicy/inline-style-allowed.html: Added. 12 * http/tests/security/contentSecurityPolicy/inline-style-blocked-expected.txt: Added. 13 * http/tests/security/contentSecurityPolicy/inline-style-blocked.html: Added. 14 1 15 2011-04-29 Sam Weinig <sam@webkit.org> 2 16 -
trunk/Source/WebCore/ChangeLog
r85378 r85381 1 2011-04-29 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 style-src should block inline style from <style> 6 https://bugs.webkit.org/show_bug.cgi?id=59292 7 8 The spec has been updated to allow blocking of inline styles with 9 style-src. This will help folks defend against tricky CSS3 injections. 10 11 This patch covers the <style> case. The next patch will cover the 12 @style case. 13 14 Tests: http/tests/security/contentSecurityPolicy/inline-style-allowed.html 15 http/tests/security/contentSecurityPolicy/inline-style-blocked.html 16 17 * dom/StyleElement.cpp: 18 (WebCore::StyleElement::createSheet): 19 * page/ContentSecurityPolicy.cpp: 20 (WebCore::ContentSecurityPolicy::allowInlineStyle): 21 * page/ContentSecurityPolicy.h: 22 1 23 2011-04-29 Chris Evans <cevans@chromium.org> 2 24 -
trunk/Source/WebCore/dom/StyleElement.cpp
r82054 r85381 23 23 24 24 #include "Attribute.h" 25 #include "ContentSecurityPolicy.h" 25 26 #include "Document.h" 26 27 #include "Element.h" … … 37 38 return nodeType == Node::TEXT_NODE || nodeType == Node::CDATA_SECTION_NODE; 38 39 } 39 40 41 static bool isCSS(Element* element, const AtomicString& type) 42 { 43 return type.isEmpty() || (element->isHTMLElement() ? equalIgnoringCase(type, "text/css") : (type == "text/css")); 44 } 45 40 46 StyleElement::StyleElement(Document* document, bool createdByParser) 41 47 : m_createdByParser(createdByParser) … … 141 147 // If type is empty or CSS, this is a CSS style sheet. 142 148 const AtomicString& type = this->type(); 143 if ( type.isEmpty() || (e->isHTMLElement() ? equalIgnoringCase(type, "text/css") : (type == "text/css"))) {149 if (document->contentSecurityPolicy()->allowInlineStyle() && isCSS(e, type)) { 144 150 RefPtr<MediaList> mediaList = MediaList::create(media(), e->isHTMLElement()); 145 151 MediaQueryEvaluator screenEval("screen", true); -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r84760 r85381 534 534 } 535 535 536 bool ContentSecurityPolicy::allowInlineStyle() const 537 { 538 if (!m_styleSrc || m_styleSrc->allowInline()) 539 return true; 540 541 DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to apply inline style because of Content-Security-Policy.\n")); 542 reportViolation(m_styleSrc->text(), consoleMessage); 543 return false; 544 } 545 536 546 bool ContentSecurityPolicy::allowEval() const 537 547 { -
trunk/Source/WebCore/page/ContentSecurityPolicy.h
r84758 r85381 49 49 bool allowInlineEventHandlers() const; 50 50 bool allowInlineScript() const; 51 bool allowInlineStyle() const; 51 52 bool allowEval() const; 52 53
Note: See TracChangeset
for help on using the changeset viewer.