https://bugs.webkit.org/show_bug.cgi?id=80024
Reviewed by Pavel Feldman.
Source/WebCore:
Test: inspector/styles/add-new-rule-inline-style-csp.html
* inspector/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
* inspector/InspectorCSSAgent.h:
(InlineStyleOverrideScope):
(WebCore::InspectorCSSAgent::InlineStyleOverrideScope::InlineStyleOverrideScope):
(WebCore::InspectorCSSAgent::InlineStyleOverrideScope::~InlineStyleOverrideScope):
(InspectorCSSAgent):
* inspector/InspectorStyleSheet.cpp:
(WebCore::InspectorStyleSheetForInlineStyle::setStyleText):
* page/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
(WebCore::ContentSecurityPolicy::allowInlineStyle):
(WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
(WebCore):
* page/ContentSecurityPolicy.h:
(ContentSecurityPolicy):
LayoutTests:
* inspector/styles/add-new-rule-inline-style-csp-expected.txt: Added.
* inspector/styles/add-new-rule-inline-style-csp.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109730
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-03-02 Alexander Pavlov <apavlov@chromium.org>
+
+ Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+ https://bugs.webkit.org/show_bug.cgi?id=80024
+
+ Reviewed by Pavel Feldman.
+
+ * inspector/styles/add-new-rule-inline-style-csp-expected.txt: Added.
+ * inspector/styles/add-new-rule-inline-style-csp.html: Added.
+
2012-03-05 Pavel Podivilov <podivilov@chromium.org>
Web Inspector: fix extensions-resource.html test.
--- /dev/null
+Tests that adding a new rule does not crash the renderer and modifying an inline style does not report errors when forbidden by Content-Security-Policy.
+
+Text
+
+Running: testSetUp
+
+Running: testAddRule
+=== Rule added ===
+#inspected {}
+Affects selected (#inspected) node: true
+
+Running: testAddProperty
+=== Added rule modified ===
+width: 100%;
+=== Selector changed ===
+body {
+ width: 100%;
+}
+Affects selected (#inspected) node: false
+
+Running: testModifyInlineStyle
+=== Inline style modified ===
+font-size: 14px;
+
--- /dev/null
+<html>
+<head>
+<meta http-equiv="x-webkit-csp" content="style-src https://*:443">
+<script src="../../http/tests/inspector/inspector-test.js"></script>
+<script src="../../http/tests/inspector/elements-test.js"></script>
+<script>
+
+function test()
+{
+ var nodeId;
+ var rule;
+
+ WebInspector.showPanel("elements");
+ InspectorTest.runTestSuite([
+ function testSetUp(next) {
+ InspectorTest.selectNodeAndWaitForStyles("inspected", next);
+ },
+
+ function testAddRule(next)
+ {
+ var idToDOMNode = WebInspector.domAgent._idToDOMNode;
+ for (var id in idToDOMNode) {
+ node = idToDOMNode[id];
+ if (node.getAttribute && node.getAttribute("id") === "inspected") {
+ nodeId = parseInt(id, 10);
+ WebInspector.cssModel.addRule(nodeId, "#inspected", successCallback, failureCallback);
+ break;
+ }
+ }
+
+ function successCallback(newRule, doesAffectSelectedNode)
+ {
+ rule = newRule;
+ InspectorTest.addResult("=== Rule added ===");
+ InspectorTest.addResult(rule.selectorText + " {" + rule.style.cssText + "}");
+ InspectorTest.addResult("Affects selected (#inspected) node: " + doesAffectSelectedNode);
+ next();
+ }
+
+ function failureCallback()
+ {
+ InspectorTest.addResult("[!] Failed to add rule.");
+ InspectorTest.completeTest();
+ }
+ },
+
+ function testAddProperty(next)
+ {
+ rule.style.appendProperty("width", "100%", callback);
+
+ function callback(newStyle)
+ {
+ InspectorTest.addResult("=== Added rule modified ===");
+ if (!newStyle) {
+ InspectorTest.addResult("[!] No valid rule style received");
+ InspectorTest.completeTest();
+ } else {
+ dumpProperties(newStyle);
+ WebInspector.cssModel.setRuleSelector(rule.id, nodeId, "body", successCallback, failureCallback);
+ }
+ }
+
+ function successCallback(rule, doesAffectSelectedNode)
+ {
+ InspectorTest.addResult("=== Selector changed ===");
+ InspectorTest.addResult(rule.selectorText + " {" + rule.style.cssText + "}");
+ InspectorTest.addResult("Affects selected (#inspected) node: " + doesAffectSelectedNode);
+
+ next();
+ }
+
+ function failureCallback()
+ {
+ InspectorTest.addResult("[!] Failed to change selector");
+ InspectorTest.completeTest();
+ }
+ },
+
+ function testModifyInlineStyle(next)
+ {
+ WebInspector.cssModel.getInlineStylesAsync(nodeId, stylesCallback);
+
+ function stylesCallback(inlineStyle)
+ {
+ if (!inlineStyle) {
+ InspectorTest.completeTest();
+ return;
+ }
+ inlineStyle.appendProperty("font-size", "14px", appendCallback);
+ }
+
+ function appendCallback(newStyle)
+ {
+ InspectorTest.addResult("=== Inline style modified ===");
+ if (!newStyle) {
+ InspectorTest.addResult("No valid inline style received");
+ InspectorTest.completeTest();
+ return;
+ }
+
+ dumpProperties(newStyle);
+ next();
+ }
+ }
+ ]);
+
+ function dumpProperties(style)
+ {
+ if (!style)
+ return;
+ var allProperties = style.allProperties;
+ for (var i = 0; i < allProperties.length; ++i)
+ InspectorTest.addResult(allProperties[i].text);
+ }
+}
+</script>
+</head>
+
+<body onload="runTest()">
+<p>
+Tests that adding a new rule does not crash the renderer and modifying an inline style does not report errors when forbidden by Content-Security-Policy.
+</p>
+
+<div id="inspected">Text</div>
+
+</body>
+</html>
+2012-03-02 Alexander Pavlov <apavlov@chromium.org>
+
+ Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+ https://bugs.webkit.org/show_bug.cgi?id=80024
+
+ Reviewed by Pavel Feldman.
+
+ Test: inspector/styles/add-new-rule-inline-style-csp.html
+
+ * inspector/InspectorCSSAgent.cpp:
+ (WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
+ * inspector/InspectorCSSAgent.h:
+ (InlineStyleOverrideScope):
+ (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::InlineStyleOverrideScope):
+ (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::~InlineStyleOverrideScope):
+ (InspectorCSSAgent):
+ * inspector/InspectorStyleSheet.cpp:
+ (WebCore::InspectorStyleSheetForInlineStyle::setStyleText):
+ * page/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
+ (WebCore::ContentSecurityPolicy::allowInlineStyle):
+ (WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
+ (WebCore):
+ * page/ContentSecurityPolicy.h:
+ (ContentSecurityPolicy):
+
2012-03-05 Yoshifumi Inoue <yosin@chromium.org>
[Forms] The "optgroup" element should not be a form-associated element
#include "CSSStyleRule.h"
#include "CSSStyleSelector.h"
#include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
#include "DOMWindow.h"
#include "HTMLHeadElement.h"
#include "InspectorDOMAgent.h"
targetNode = document->body();
else
return 0;
+
+ InlineStyleOverrideScope overrideScope(document);
targetNode->appendChild(styleElement, ec);
}
if (ec)
return 0;
StyleSheetList* styleSheets = document->styleSheets();
StyleSheet* styleSheet = styleSheets->item(styleSheets->length() - 1);
- if (!styleSheet->isCSSStyleSheet())
+ if (!styleSheet || !styleSheet->isCSSStyleSheet())
return 0;
CSSStyleSheet* cssStyleSheet = static_cast<CSSStyleSheet*>(styleSheet);
String id = String::number(m_lastStyleSheetId++);
#define InspectorCSSAgent_h
#include "CSSSelector.h"
+#include "ContentSecurityPolicy.h"
#include "Document.h"
#include "InspectorBaseAgent.h"
#include "InspectorDOMAgent.h"
#include "InspectorStyleSheet.h"
#include "InspectorValues.h"
#include "PlatformString.h"
+#include "SecurityContext.h"
#include <wtf/HashMap.h>
#include <wtf/PassRefPtr.h>
, public InspectorStyleSheet::Listener {
WTF_MAKE_NONCOPYABLE(InspectorCSSAgent);
public:
+ class InlineStyleOverrideScope {
+ public:
+ InlineStyleOverrideScope(SecurityContext* context)
+ : m_contentSecurityPolicy(context->contentSecurityPolicy())
+ {
+ m_contentSecurityPolicy->setOverrideAllowInlineStyle(true);
+ }
+
+ ~InlineStyleOverrideScope()
+ {
+ m_contentSecurityPolicy->setOverrideAllowInlineStyle(false);
+ }
+
+ private:
+ ContentSecurityPolicy* m_contentSecurityPolicy;
+ };
+
static CSSStyleRule* asCSSStyleRule(CSSRule*);
static PassOwnPtr<InspectorCSSAgent> create(InstrumentingAgents* instrumentingAgents, InspectorState* state, InspectorDOMAgent* domAgent)
#include "CSSStyleRule.h"
#include "CSSStyleSelector.h"
#include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
#include "Document.h"
#include "Element.h"
#include "HTMLHeadElement.h"
{
ASSERT_UNUSED(style, style == inlineStyle());
ExceptionCode ec = 0;
- m_element->setAttribute("style", text, ec);
+
+ {
+ InspectorCSSAgent::InlineStyleOverrideScope overrideScope(m_element->ownerDocument());
+ m_element->setAttribute("style", text, ec);
+ }
+
m_styleText = text;
m_isStyleTextValid = true;
m_ruleSourceData.clear();
, m_scriptExecutionContext(scriptExecutionContext)
, m_reportOnly(false)
, m_haveSandboxPolicy(false)
+ , m_overrideInlineStyleAllowed(false)
{
}
bool ContentSecurityPolicy::allowInlineStyle() const
{
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to apply inline style because of Content-Security-Policy.\n"));
- return checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
+ return m_overrideInlineStyleAllowed || checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
}
bool ContentSecurityPolicy::allowEval() const
return checkSourceAndReportViolation(operativeDirective(m_connectSrc.get()), url, type);
}
+void ContentSecurityPolicy::setOverrideAllowInlineStyle(bool value)
+{
+ m_overrideInlineStyleAllowed = value;
+}
+
// policy = directive-list
// directive-list = [ directive *( ";" [ directive ] ) ]
//
bool allowMediaFromSource(const KURL&) const;
bool allowConnectFromSource(const KURL&) const;
+ void setOverrideAllowInlineStyle(bool);
+
private:
explicit ContentSecurityPolicy(ScriptExecutionContext*);
OwnPtr<CSPDirective> m_mediaSrc;
OwnPtr<CSPDirective> m_connectSrc;
bool m_haveSandboxPolicy;
+ bool m_overrideInlineStyleAllowed;
Vector<KURL> m_reportURLs;
};