Diff
Modified: trunk/LayoutTests/ChangeLog (109729 => 109730)
--- trunk/LayoutTests/ChangeLog 2012-03-05 10:26:53 UTC (rev 109729)
+++ trunk/LayoutTests/ChangeLog 2012-03-05 10:44:40 UTC (rev 109730)
@@ -1,3 +1,13 @@
+2012-03-02 Alexander Pavlov <apav...@chromium.org>
+
+ Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+ https://bugs.webkit.org/show_bug.cgi?id=80024
+
+ Reviewed by Pavel Feldman.
+
+ * inspector/styles/add-new-rule-inline-style-csp-expected.txt: Added.
+ * inspector/styles/add-new-rule-inline-style-csp.html: Added.
+
2012-03-05 Pavel Podivilov <podivi...@chromium.org>
Web Inspector: fix extensions-resource.html test.
Added: trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt (0 => 109730)
--- trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt (rev 0)
+++ trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt 2012-03-05 10:44:40 UTC (rev 109730)
@@ -0,0 +1,24 @@
+Tests that adding a new rule does not crash the renderer and modifying an inline style does not report errors when forbidden by Content-Security-Policy.
+
+Text
+
+Running: testSetUp
+
+Running: testAddRule
+=== Rule added ===
+#inspected {}
+Affects selected (#inspected) node: true
+
+Running: testAddProperty
+=== Added rule modified ===
+width: 100%;
+=== Selector changed ===
+body {
+ width: 100%;
+}
+Affects selected (#inspected) node: false
+
+Running: testModifyInlineStyle
+=== Inline style modified ===
+font-size: 14px;
+
Property changes on: trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html (0 => 109730)
--- trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html (rev 0)
+++ trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html 2012-03-05 10:44:40 UTC (rev 109730)
@@ -0,0 +1,127 @@
+<html>
+<head>
+<meta http-equiv="x-webkit-csp" content="style-src https://*:443">
+<script src=""
+<script src=""
+<script>
+
+function test()
+{
+ var nodeId;
+ var rule;
+
+ WebInspector.showPanel("elements");
+ InspectorTest.runTestSuite([
+ function testSetUp(next) {
+ InspectorTest.selectNodeAndWaitForStyles("inspected", next);
+ },
+
+ function testAddRule(next)
+ {
+ var idToDOMNode = WebInspector.domAgent._idToDOMNode;
+ for (var id in idToDOMNode) {
+ node = idToDOMNode[id];
+ if (node.getAttribute && node.getAttribute("id") === "inspected") {
+ nodeId = parseInt(id, 10);
+ WebInspector.cssModel.addRule(nodeId, "#inspected", successCallback, failureCallback);
+ break;
+ }
+ }
+
+ function successCallback(newRule, doesAffectSelectedNode)
+ {
+ rule = newRule;
+ InspectorTest.addResult("=== Rule added ===");
+ InspectorTest.addResult(rule.selectorText + " {" + rule.style.cssText + "}");
+ InspectorTest.addResult("Affects selected (#inspected) node: " + doesAffectSelectedNode);
+ next();
+ }
+
+ function failureCallback()
+ {
+ InspectorTest.addResult("[!] Failed to add rule.");
+ InspectorTest.completeTest();
+ }
+ },
+
+ function testAddProperty(next)
+ {
+ rule.style.appendProperty("width", "100%", callback);
+
+ function callback(newStyle)
+ {
+ InspectorTest.addResult("=== Added rule modified ===");
+ if (!newStyle) {
+ InspectorTest.addResult("[!] No valid rule style received");
+ InspectorTest.completeTest();
+ } else {
+ dumpProperties(newStyle);
+ WebInspector.cssModel.setRuleSelector(rule.id, nodeId, "body", successCallback, failureCallback);
+ }
+ }
+
+ function successCallback(rule, doesAffectSelectedNode)
+ {
+ InspectorTest.addResult("=== Selector changed ===");
+ InspectorTest.addResult(rule.selectorText + " {" + rule.style.cssText + "}");
+ InspectorTest.addResult("Affects selected (#inspected) node: " + doesAffectSelectedNode);
+
+ next();
+ }
+
+ function failureCallback()
+ {
+ InspectorTest.addResult("[!] Failed to change selector");
+ InspectorTest.completeTest();
+ }
+ },
+
+ function testModifyInlineStyle(next)
+ {
+ WebInspector.cssModel.getInlineStylesAsync(nodeId, stylesCallback);
+
+ function stylesCallback(inlineStyle)
+ {
+ if (!inlineStyle) {
+ InspectorTest.completeTest();
+ return;
+ }
+ inlineStyle.appendProperty("font-size", "14px", appendCallback);
+ }
+
+ function appendCallback(newStyle)
+ {
+ InspectorTest.addResult("=== Inline style modified ===");
+ if (!newStyle) {
+ InspectorTest.addResult("No valid inline style received");
+ InspectorTest.completeTest();
+ return;
+ }
+
+ dumpProperties(newStyle);
+ next();
+ }
+ }
+ ]);
+
+ function dumpProperties(style)
+ {
+ if (!style)
+ return;
+ var allProperties = style.allProperties;
+ for (var i = 0; i < allProperties.length; ++i)
+ InspectorTest.addResult(allProperties[i].text);
+ }
+}
+</script>
+</head>
+
+<body _onload_="runTest()">
+<p>
+Tests that adding a new rule does not crash the renderer and modifying an inline style does not report errors when forbidden by Content-Security-Policy.
+</p>
+
+<div id="inspected">Text</div>
+
+</body>
+</html>
Property changes on: trunk/LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html
___________________________________________________________________
Added: svn:eol-style
Modified: trunk/Source/WebCore/ChangeLog (109729 => 109730)
--- trunk/Source/WebCore/ChangeLog 2012-03-05 10:26:53 UTC (rev 109729)
+++ trunk/Source/WebCore/ChangeLog 2012-03-05 10:44:40 UTC (rev 109730)
@@ -1,3 +1,29 @@
+2012-03-02 Alexander Pavlov <apav...@chromium.org>
+
+ Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
+ https://bugs.webkit.org/show_bug.cgi?id=80024
+
+ Reviewed by Pavel Feldman.
+
+ Test: inspector/styles/add-new-rule-inline-style-csp.html
+
+ * inspector/InspectorCSSAgent.cpp:
+ (WebCore::InspectorCSSAgent::viaInspectorStyleSheet):
+ * inspector/InspectorCSSAgent.h:
+ (InlineStyleOverrideScope):
+ (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::InlineStyleOverrideScope):
+ (WebCore::InspectorCSSAgent::InlineStyleOverrideScope::~InlineStyleOverrideScope):
+ (InspectorCSSAgent):
+ * inspector/InspectorStyleSheet.cpp:
+ (WebCore::InspectorStyleSheetForInlineStyle::setStyleText):
+ * page/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
+ (WebCore::ContentSecurityPolicy::allowInlineStyle):
+ (WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
+ (WebCore):
+ * page/ContentSecurityPolicy.h:
+ (ContentSecurityPolicy):
+
2012-03-05 Yoshifumi Inoue <yo...@chromium.org>
[Forms] The "optgroup" element should not be a form-associated element
Modified: trunk/Source/WebCore/inspector/InspectorCSSAgent.cpp (109729 => 109730)
--- trunk/Source/WebCore/inspector/InspectorCSSAgent.cpp 2012-03-05 10:26:53 UTC (rev 109729)
+++ trunk/Source/WebCore/inspector/InspectorCSSAgent.cpp 2012-03-05 10:44:40 UTC (rev 109730)
@@ -36,6 +36,7 @@
#include "CSSStyleRule.h"
#include "CSSStyleSelector.h"
#include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
#include "DOMWindow.h"
#include "HTMLHeadElement.h"
#include "InspectorDOMAgent.h"
@@ -896,13 +897,15 @@
targetNode = document->body();
else
return 0;
+
+ InlineStyleOverrideScope overrideScope(document);
targetNode->appendChild(styleElement, ec);
}
if (ec)
return 0;
StyleSheetList* styleSheets = document->styleSheets();
StyleSheet* styleSheet = styleSheets->item(styleSheets->length() - 1);
- if (!styleSheet->isCSSStyleSheet())
+ if (!styleSheet || !styleSheet->isCSSStyleSheet())
return 0;
CSSStyleSheet* cssStyleSheet = static_cast<CSSStyleSheet*>(styleSheet);
String id = String::number(m_lastStyleSheetId++);
Modified: trunk/Source/WebCore/inspector/InspectorCSSAgent.h (109729 => 109730)
--- trunk/Source/WebCore/inspector/InspectorCSSAgent.h 2012-03-05 10:26:53 UTC (rev 109729)
+++ trunk/Source/WebCore/inspector/InspectorCSSAgent.h 2012-03-05 10:44:40 UTC (rev 109730)
@@ -26,12 +26,14 @@
#define InspectorCSSAgent_h
#include "CSSSelector.h"
+#include "ContentSecurityPolicy.h"
#include "Document.h"
#include "InspectorBaseAgent.h"
#include "InspectorDOMAgent.h"
#include "InspectorStyleSheet.h"
#include "InspectorValues.h"
#include "PlatformString.h"
+#include "SecurityContext.h"
#include <wtf/HashMap.h>
#include <wtf/PassRefPtr.h>
@@ -61,6 +63,23 @@
, public InspectorStyleSheet::Listener {
WTF_MAKE_NONCOPYABLE(InspectorCSSAgent);
public:
+ class InlineStyleOverrideScope {
+ public:
+ InlineStyleOverrideScope(SecurityContext* context)
+ : m_contentSecurityPolicy(context->contentSecurityPolicy())
+ {
+ m_contentSecurityPolicy->setOverrideAllowInlineStyle(true);
+ }
+
+ ~InlineStyleOverrideScope()
+ {
+ m_contentSecurityPolicy->setOverrideAllowInlineStyle(false);
+ }
+
+ private:
+ ContentSecurityPolicy* m_contentSecurityPolicy;
+ };
+
static CSSStyleRule* asCSSStyleRule(CSSRule*);
static PassOwnPtr<InspectorCSSAgent> create(InstrumentingAgents* instrumentingAgents, InspectorState* state, InspectorDOMAgent* domAgent)
Modified: trunk/Source/WebCore/inspector/InspectorStyleSheet.cpp (109729 => 109730)
--- trunk/Source/WebCore/inspector/InspectorStyleSheet.cpp 2012-03-05 10:26:53 UTC (rev 109729)
+++ trunk/Source/WebCore/inspector/InspectorStyleSheet.cpp 2012-03-05 10:44:40 UTC (rev 109730)
@@ -36,6 +36,7 @@
#include "CSSStyleRule.h"
#include "CSSStyleSelector.h"
#include "CSSStyleSheet.h"
+#include "ContentSecurityPolicy.h"
#include "Document.h"
#include "Element.h"
#include "HTMLHeadElement.h"
@@ -1319,7 +1320,12 @@
{
ASSERT_UNUSED(style, style == inlineStyle());
ExceptionCode ec = 0;
- m_element->setAttribute("style", text, ec);
+
+ {
+ InspectorCSSAgent::InlineStyleOverrideScope overrideScope(m_element->ownerDocument());
+ m_element->setAttribute("style", text, ec);
+ }
+
m_styleText = text;
m_isStyleTextValid = true;
m_ruleSourceData.clear();
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (109729 => 109730)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-03-05 10:26:53 UTC (rev 109729)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-03-05 10:44:40 UTC (rev 109730)
@@ -487,6 +487,7 @@
, m_scriptExecutionContext(scriptExecutionContext)
, m_reportOnly(false)
, m_haveSandboxPolicy(false)
+ , m_overrideInlineStyleAllowed(false)
{
}
@@ -622,7 +623,7 @@
bool ContentSecurityPolicy::allowInlineStyle() const
{
DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to apply inline style because of Content-Security-Policy.\n"));
- return checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
+ return m_overrideInlineStyleAllowed || checkInlineAndReportViolation(operativeDirective(m_styleSrc.get()), consoleMessage);
}
bool ContentSecurityPolicy::allowEval() const
@@ -679,6 +680,11 @@
return checkSourceAndReportViolation(operativeDirective(m_connectSrc.get()), url, type);
}
+void ContentSecurityPolicy::setOverrideAllowInlineStyle(bool value)
+{
+ m_overrideInlineStyleAllowed = value;
+}
+
// policy = directive-list
// directive-list = [ directive *( ";" [ directive ] ) ]
//
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.h (109729 => 109730)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-03-05 10:26:53 UTC (rev 109729)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-03-05 10:44:40 UTC (rev 109730)
@@ -70,6 +70,8 @@
bool allowMediaFromSource(const KURL&) const;
bool allowConnectFromSource(const KURL&) const;
+ void setOverrideAllowInlineStyle(bool);
+
private:
explicit ContentSecurityPolicy(ScriptExecutionContext*);
@@ -107,6 +109,7 @@
OwnPtr<CSPDirective> m_mediaSrc;
OwnPtr<CSPDirective> m_connectSrc;
bool m_haveSandboxPolicy;
+ bool m_overrideInlineStyleAllowed;
Vector<KURL> m_reportURLs;
};
