Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure...

https://bugs.webkit.org/show_bug.cgi?id=80024

Reviewed by Pavel Feldman.

Source/WebCore:

Test: inspector/styles/add-new-rule-inline-style-csp.html

* inspector/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
* inspector/InspectorCSSAgent.h:
(InlineStyleOverrideScope):
(WebCore::InspectorCSSAgent::InlineStyleOverrideScope::InlineStyleOverrideScope):
(WebCore::InspectorCSSAgent::InlineStyleOverrideScope::~InlineStyleOverrideScope):
(InspectorCSSAgent):
* inspector/InspectorStyleSheet.cpp:
(WebCore::InspectorStyleSheetForInlineStyle::setStyleText):
* page/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
(WebCore::ContentSecurityPolicy::allowInlineStyle):
(WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
(WebCore):
* page/ContentSecurityPolicy.h:
(ContentSecurityPolicy):

LayoutTests:

* inspector/styles/add-new-rule-inline-style-csp-expected.txt: Added.
* inspector/styles/add-new-rule-inline-style-csp.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109730 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index d015465..67f36b8 100644 (file)
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2012-03-02  Alexander Pavlov  <apavlov@chromium.org>
+
+        Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+        https://bugs.webkit.org/show_bug.cgi?id=80024
+
+        Reviewed by Pavel Feldman.
+
+        * inspector/styles/add-new-rule-inline-style-csp-expected.txt: Added.
+        * inspector/styles/add-new-rule-inline-style-csp.html: Added.
+
 2012-03-05  Pavel Podivilov  <podivilov@chromium.org>
 
         Web Inspector: fix extensions-resource.html test.

diff --git a/LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt b/LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt
new file mode 100644 (file)
index 0000000..709506c
--- /dev/null
+++ b/LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt
@@ -0,0 +1,24 @@
+Tests that adding a new rule does not crash the renderer and modifying an inline style does not report errors when forbidden by Content-Security-Policy.
+
+Text
+
+Running: testSetUp
+
+Running: testAddRule
+=== Rule added ===
+#inspected {}
+Affects selected (#inspected) node: true
+
+Running: testAddProperty
+=== Added rule modified ===
+width: 100%;
+=== Selector changed ===
+body {
+    width: 100%;
+}
+Affects selected (#inspected) node: false
+
+Running: testModifyInlineStyle
+=== Inline style modified ===
+font-size: 14px;
+

diff --git a/LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html b/LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html
new file mode 100644 (file)
index 0000000..3676585
--- /dev/null
+++ b/LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html
@@ -0,0 +1,127 @@
+<html>
+<head>
+<meta http-equiv="x-webkit-csp" content="style-src https://*:443">
+<script src="../../http/tests/inspector/inspector-test.js"></script>
+<script src="../../http/tests/inspector/elements-test.js"></script>
+<script>
+
+function test()
+{
+    var nodeId;
+    var rule;
+
+    WebInspector.showPanel("elements");
+    InspectorTest.runTestSuite([
+        function testSetUp(next) {
+          InspectorTest.selectNodeAndWaitForStyles("inspected", next);
+        },
+
+        function testAddRule(next)
+        {
+            var idToDOMNode = WebInspector.domAgent._idToDOMNode;
+            for (var id in idToDOMNode) {
+                node = idToDOMNode[id];
+                if (node.getAttribute && node.getAttribute("id") === "inspected") {
+                    nodeId = parseInt(id, 10);
+                    WebInspector.cssModel.addRule(nodeId, "#inspected", successCallback, failureCallback);
+                    break;
+                }
+            }
+
+            function successCallback(newRule, doesAffectSelectedNode)
+            {
+                rule = newRule;
+                InspectorTest.addResult("=== Rule added ===");
+                InspectorTest.addResult(rule.selectorText + " {" + rule.style.cssText + "}");
+                InspectorTest.addResult("Affects selected (#inspected) node: " + doesAffectSelectedNode);
+                next();
+            }
+
+            function failureCallback()
+            {
+                InspectorTest.addResult("[!] Failed to add rule.");
+                InspectorTest.completeTest();
+            }
+        },
+
+        function testAddProperty(next)
+        {
+            rule.style.appendProperty("width", "100%", callback);
+
+            function callback(newStyle)
+            {
+                InspectorTest.addResult("=== Added rule modified ===");
+                if (!newStyle) {
+                    InspectorTest.addResult("[!] No valid rule style received");
+                    InspectorTest.completeTest();
+                } else {
+                    dumpProperties(newStyle);
+                    WebInspector.cssModel.setRuleSelector(rule.id, nodeId, "body", successCallback, failureCallback);
+                }
+            }
+
+            function successCallback(rule, doesAffectSelectedNode)
+            {
+                InspectorTest.addResult("=== Selector changed ===");
+                InspectorTest.addResult(rule.selectorText + " {" + rule.style.cssText + "}");
+                InspectorTest.addResult("Affects selected (#inspected) node: " + doesAffectSelectedNode);
+
+                next();
+            }
+
+            function failureCallback()
+            {
+                InspectorTest.addResult("[!] Failed to change selector");
+                InspectorTest.completeTest();
+            }
+        },
+
+        function testModifyInlineStyle(next)
+        {
+            WebInspector.cssModel.getInlineStylesAsync(nodeId, stylesCallback);
+
+            function stylesCallback(inlineStyle)
+            {
+                if (!inlineStyle) {
+                    InspectorTest.completeTest();
+                    return;
+                }
+                inlineStyle.appendProperty("font-size", "14px", appendCallback);
+            }
+
+            function appendCallback(newStyle)
+            {
+                InspectorTest.addResult("=== Inline style modified ===");
+                if (!newStyle) {
+                    InspectorTest.addResult("No valid inline style received");
+                    InspectorTest.completeTest();
+                    return;
+                }
+
+                dumpProperties(newStyle);
+                next();
+            }
+        }
+    ]);
+
+    function dumpProperties(style)
+    {
+       if (!style)
+           return;
+       var allProperties = style.allProperties;
+       for (var i = 0; i < allProperties.length; ++i)
+           InspectorTest.addResult(allProperties[i].text);
+    }
+}
+</script>
+</head>
+
+<body onload="runTest()">
+<p>
+Tests that adding a new rule does not crash the renderer and modifying an inline style does not report errors when forbidden by Content-Security-Policy.
+</p>
+
+<div id="inspected">Text</div>
+
+</body>
+</html>

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 89f5917..f1d73b4 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,29 @@
+2012-03-02  Alexander Pavlov  <apavlov@chromium.org>
+
+        Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+        https://bugs.webkit.org/show_bug.cgi?id=80024
+
+        Reviewed by Pavel Feldman.
+
+        Test: inspector/styles/add-new-rule-inline-style-csp.html
+
+        * inspector/InspectorCSSAgent.cpp:
+        (WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
+        * inspector/InspectorCSSAgent.h:
+        (InlineStyleOverrideScope):
+        (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::InlineStyleOverrideScope):
+        (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::~InlineStyleOverrideScope):
+        (InspectorCSSAgent):
+        * inspector/InspectorStyleSheet.cpp:
+        (WebCore::InspectorStyleSheetForInlineStyle::setStyleText):
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
+        (WebCore::ContentSecurityPolicy::allowInlineStyle):
+        (WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
+        (WebCore):
+        * page/ContentSecurityPolicy.h:
+        (ContentSecurityPolicy):
+
 2012-03-05  Yoshifumi Inoue  <yosin@chromium.org>
 
         [Forms] The "optgroup" element should not be a form-associated element

diff --git a/Source/WebCore/inspector/InspectorCSSAgent.cpp b/Source/WebCore/inspector/InspectorCSSAgent.cpp
index 0be7249..f0f965d 100644 (file)
--- a/Source/WebCore/inspector/InspectorCSSAgent.cpp
+++ b/Source/WebCore/inspector/InspectorCSSAgent.cpp
@@ -36,6 +36,7 @@
 #include "CSSStyleRule.h"
 #include "CSSStyleSelector.h"
 #include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
 #include "DOMWindow.h"
 #include "HTMLHeadElement.h"
 #include "InspectorDOMAgent.h"
@@ -896,13 +897,15 @@ InspectorStyleSheet* InspectorCSSAgent::viaInspectorStyleSheet(Document* documen
             targetNode = document->body();
         else
             return 0;
+
+        InlineStyleOverrideScope overrideScope(document);
         targetNode->appendChild(styleElement, ec);
     }
     if (ec)
         return 0;
     StyleSheetList* styleSheets = document->styleSheets();
     StyleSheet* styleSheet = styleSheets->item(styleSheets->length() - 1);
-    if (!styleSheet->isCSSStyleSheet())
+    if (!styleSheet || !styleSheet->isCSSStyleSheet())
         return 0;
     CSSStyleSheet* cssStyleSheet = static_cast<CSSStyleSheet*>(styleSheet);
     String id = String::number(m_lastStyleSheetId++);

diff --git a/Source/WebCore/inspector/InspectorCSSAgent.h b/Source/WebCore/inspector/InspectorCSSAgent.h
index e7ee765..2f9ddf4 100644 (file)
--- a/Source/WebCore/inspector/InspectorCSSAgent.h
+++ b/Source/WebCore/inspector/InspectorCSSAgent.h
@@ -26,12 +26,14 @@
 #define InspectorCSSAgent_h
 
 #include "CSSSelector.h"
+#include "ContentSecurityPolicy.h"
 #include "Document.h"
 #include "InspectorBaseAgent.h"
 #include "InspectorDOMAgent.h"
 #include "InspectorStyleSheet.h"
 #include "InspectorValues.h"
 #include "PlatformString.h"
+#include "SecurityContext.h"
 
 #include <wtf/HashMap.h>
 #include <wtf/PassRefPtr.h>
@@ -61,6 +63,23 @@ class InspectorCSSAgent
     , public InspectorStyleSheet::Listener {
     WTF_MAKE_NONCOPYABLE(InspectorCSSAgent);
 public:
+    class InlineStyleOverrideScope {
+    public:
+        InlineStyleOverrideScope(SecurityContext* context)
+            : m_contentSecurityPolicy(context->contentSecurityPolicy())
+        {
+            m_contentSecurityPolicy->setOverrideAllowInlineStyle(true);
+        }
+
+        ~InlineStyleOverrideScope()
+        {
+            m_contentSecurityPolicy->setOverrideAllowInlineStyle(false);
+        }
+
+    private:
+        ContentSecurityPolicy* m_contentSecurityPolicy;
+    };
+
     static CSSStyleRule* asCSSStyleRule(CSSRule*);
 
     static PassOwnPtr<InspectorCSSAgent> create(InstrumentingAgents* instrumentingAgents, InspectorState* state, InspectorDOMAgent* domAgent)

diff --git a/Source/WebCore/inspector/InspectorStyleSheet.cpp b/Source/WebCore/inspector/InspectorStyleSheet.cpp
index e5527d0..898a7d5 100644 (file)
--- a/Source/WebCore/inspector/InspectorStyleSheet.cpp
+++ b/Source/WebCore/inspector/InspectorStyleSheet.cpp
@@ -36,6 +36,7 @@
 #include "CSSStyleRule.h"
 #include "CSSStyleSelector.h"
 #include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
 #include "Document.h"
 #include "Element.h"
 #include "HTMLHeadElement.h"
@@ -1319,7 +1320,12 @@ bool InspectorStyleSheetForInlineStyle::setStyleText(CSSStyleDeclaration* style,
 {
     ASSERT_UNUSED(style, style == inlineStyle());
     ExceptionCode ec = 0;
-    m_element->setAttribute("style", text, ec);
+
+    {
+        InspectorCSSAgent::InlineStyleOverrideScope overrideScope(m_element->ownerDocument());
+        m_element->setAttribute("style", text, ec);
+    }
+
     m_styleText = text;
     m_isStyleTextValid = true;
     m_ruleSourceData.clear();

diff --git a/Source/WebCore/page/ContentSecurityPolicy.cpp b/Source/WebCore/page/ContentSecurityPolicy.cpp
index 9602cf7..83b6246 100644 (file)
--- a/Source/WebCore/page/ContentSecurityPolicy.cpp
+++ b/Source/WebCore/page/ContentSecurityPolicy.cpp
@@ -487,6 +487,7 @@ ContentSecurityPolicy::ContentSecurityPolicy(ScriptExecutionContext* scriptExecu
     , m_scriptExecutionContext(scriptExecutionContext)
     , m_reportOnly(false)
     , m_haveSandboxPolicy(false)
+    , m_overrideInlineStyleAllowed(false)
 {
 }
 
@@ -622,7 +623,7 @@ bool ContentSecurityPolicy::allowInlineScript() const
 bool ContentSecurityPolicy::allowInlineStyle() const
 {
     DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to apply inline style because of Content-Security-Policy.\n"));
-    return checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
+    return m_overrideInlineStyleAllowed || checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
 }
 
 bool ContentSecurityPolicy::allowEval() const
@@ -679,6 +680,11 @@ bool ContentSecurityPolicy::allowConnectFromSource(const KURL& url) const
     return checkSourceAndReportViolation(operativeDirective(m_connectSrc.get()), url, type);
 }
 
+void ContentSecurityPolicy::setOverrideAllowInlineStyle(bool value)
+{
+    m_overrideInlineStyleAllowed = value;
+}
+
 // policy            = directive-list
 // directive-list    = [ directive *( ";" [ directive ] ) ]
 //

diff --git a/Source/WebCore/page/ContentSecurityPolicy.h b/Source/WebCore/page/ContentSecurityPolicy.h
index fa76324..5ceeb68 100644 (file)
--- a/Source/WebCore/page/ContentSecurityPolicy.h
+++ b/Source/WebCore/page/ContentSecurityPolicy.h
@@ -70,6 +70,8 @@ public:
     bool allowMediaFromSource(const KURL&) const;
     bool allowConnectFromSource(const KURL&) const;
 
+    void setOverrideAllowInlineStyle(bool);
+
 private:
     explicit ContentSecurityPolicy(ScriptExecutionContext*);
 
@@ -107,6 +109,7 @@ private:
     OwnPtr<CSPDirective> m_mediaSrc;
     OwnPtr<CSPDirective> m_connectSrc;
     bool m_haveSandboxPolicy;
+    bool m_overrideInlineStyleAllowed;
     Vector<KURL> m_reportURLs;
 };