Diff
Modified: trunk/LayoutTests/ChangeLog (187488 => 187489)
--- trunk/LayoutTests/ChangeLog 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/ChangeLog 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,3 +1,61 @@
+2015-07-28 Chris Dumez <[email protected]>
+
+ Allow lax MIME type parsing for same-origin CSS in quirks mode.
+ https://bugs.webkit.org/show_bug.cgi?id=147327
+ <rdar://problem/22010303>
+
+ Reviewed by Zalan Bujtas.
+
+ Add layout test coverage for MIME type parsing for same-origin CSS in
+ quirks mode and not.
+
+ * http/tests/inspector/css/bad-mime-type-expected.txt:
+ * http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt:
+ * http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt:
+ * http/tests/misc/css-accept-any-type-expected.txt: Removed.
+ * http/tests/misc/css-accept-any-type.html: Removed.
+ * http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt:
+ * http/tests/security/cross-origin-css-1-expected.txt:
+ * http/tests/security/cross-origin-css-2-expected.txt:
+ * http/tests/security/cross-origin-css-4-expected.txt:
+ * http/tests/security/cross-origin-css-5-expected.txt:
+ * http/tests/security/cross-origin-css-7-expected.txt:
+ * http/tests/security/cross-origin-css-in-quirks-1-expected.txt: Copied from LayoutTests/http/tests/security/cross-origin-css-1-expected.txt.
+ * http/tests/security/cross-origin-css-in-quirks-1.html: Added.
+ * http/tests/security/cross-origin-css-in-quirks-2-expected.txt: Copied from LayoutTests/http/tests/security/cross-origin-css-2-expected.txt.
+ * http/tests/security/cross-origin-css-in-quirks-2.html: Added.
+ * http/tests/security/cross-origin-css-in-quirks-3-expected.txt: Added.
+ * http/tests/security/cross-origin-css-in-quirks-3.html: Added.
+ * http/tests/security/cross-origin-css-in-quirks-4-expected.txt: Added.
+ * http/tests/security/cross-origin-css-in-quirks-4.html: Added.
+ * http/tests/security/cross-origin-css-in-quirks-5-expected.txt: Copied from LayoutTests/http/tests/security/cross-origin-css-5-expected.txt.
+ * http/tests/security/cross-origin-css-in-quirks-5.html: Added.
+ * http/tests/security/cross-origin-css-in-quirks-6-expected.txt: Added.
+ * http/tests/security/cross-origin-css-in-quirks-6.html: Added.
+ * http/tests/security/cross-origin-css-in-quirks-7-expected.txt: Added.
+ * http/tests/security/cross-origin-css-in-quirks-7.html: Added.
+ * http/tests/security/cross-origin-css-in-quirks-8-expected.txt: Added.
+ * http/tests/security/cross-origin-css-in-quirks-8.html: Added.
+ * http/tests/security/same-origin-css-1-expected.txt: Added.
+ * http/tests/security/same-origin-css-1.html: Added.
+ * http/tests/security/same-origin-css-2-expected.txt: Added.
+ * http/tests/security/same-origin-css-2.html: Added.
+ * http/tests/security/same-origin-css-3-expected.txt: Added.
+ * http/tests/security/same-origin-css-3.html: Added.
+ * http/tests/security/same-origin-css-4-expected.txt: Added.
+ * http/tests/security/same-origin-css-4.html: Added.
+ * http/tests/security/same-origin-css-5-expected.txt: Added.
+ * http/tests/security/same-origin-css-5.html: Added.
+ * http/tests/security/same-origin-css-6-expected.txt: Added.
+ * http/tests/security/same-origin-css-6.html: Added.
+ * http/tests/security/same-origin-css-7-expected.txt: Copied from LayoutTests/http/tests/security/cross-origin-css-7-expected.txt.
+ * http/tests/security/same-origin-css-7.html: Added.
+ * http/tests/security/same-origin-css-8-expected.txt: Added.
+ * http/tests/security/same-origin-css-8.html: Added.
+ * http/tests/security/same-origin-css-in-quirks-expected.txt: Added.
+ * http/tests/security/same-origin-css-in-quirks.html: Added.
+ * platform/mac/http/tests/misc/acid3-expected.txt:
+
2015-07-28 Alexey Proskuryakov <[email protected]>
Rolling out r187463, because it caused memory corruption on multiple tests.
Modified: trunk/LayoutTests/http/tests/inspector/css/bad-mime-type-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/inspector/css/bad-mime-type-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/inspector/css/bad-mime-type-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because non CSS MIME types are not allowed in strict mode.
Tests that showing Web Inspector on a page that has a stylesheet with an invalid MIME type does not crash.
This test passes if it does not crash.
Modified: trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,2 +1,2 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/mime/resources/style-with-text-plain.php/foo.css' because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/mime/resources/style-with-text-plain.php/foo.css' because non CSS MIME types are not allowed in strict mode.
This test passes if we do NOT apply the stylesheet (which turns the background color red.) The background color is: rgba(0, 0, 0, 0).
Modified: trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,2 +1,2 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/mime/resources/style-with-text-plain.php' because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/mime/resources/style-with-text-plain.php' because non CSS MIME types are not allowed in strict mode.
This test passes if we do NOT apply the stylesheet (which turns the background color red.) The background color is: rgba(0, 0, 0, 0).
Deleted: trunk/LayoutTests/http/tests/misc/css-accept-any-type-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/misc/css-accept-any-type-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/misc/css-accept-any-type-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because its MIME type was invalid.
-This was a test for http://bugs.webkit.org/show_bug.cgi?id=11451 REGRESSION: Dell.com does not render correctly in ToT (stylesheet not loaded): given the security implications of accepting bad MIME types, we're now intentionally breaking this case to match other browsers.
-
-SUCCESS
Deleted: trunk/LayoutTests/http/tests/misc/css-accept-any-type.html (187488 => 187489)
--- trunk/LayoutTests/http/tests/misc/css-accept-any-type.html 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/misc/css-accept-any-type.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,28 +0,0 @@
-<html>
-<head>
- <title></title>
- <link rel="stylesheet" href=""
- <script>
- function test()
- {
- if (window.testRunner)
- testRunner.dumpAsText();
-
- var target = document.getElementById("target");
- var style = getComputedStyle(target);
- target.innerText = style.position == "relative" ? "FAIL" : "SUCCESS";
- }
- </script>
-</head>
-<body _onload_="test()">
- <p>
- This was a test for
- <i><a href=""
- REGRESSION: Dell.com does not render correctly in ToT (stylesheet not loaded)</i>:
- given the security implications of accepting bad MIME types, we're now
- intentionally breaking this case to match other browsers.
- </p>
- <p id="target">
- </p>
-</body>
-</html>
Modified: trunk/LayoutTests/http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because non CSS MIME types are not allowed in strict mode.
Related test to http://bugs.webkit.org/show_bug.cgi?id=11451 REGRESSION: Dell.com does not render correctly in ToT (stylesheet not loaded). Making sure that in strict mode we would not load such a stylesheet.
SUCCESS
Modified: trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed in strict mode.
PASS Testing cross-origin and MIME behavior for CSS.
PASS xorigincss1.html should not be loaded via <link>.
Modified: trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed in strict mode.
PASS Testing cross-origin and MIME behavior for CSS.
PASS xorigincss2.html should not be loaded either via <link> or @import.
Modified: trunk/LayoutTests/http/tests/security/cross-origin-css-4-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-4-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-4-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/security/resources/xorigincss3.html' because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/security/resources/xorigincss3.html' because non CSS MIME types are not allowed in strict mode.
PASS Testing cross-origin and MIME behavior for CSS.
PASS xorigincss3.html should not be loaded, even though it is same-origin
Modified: trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed in strict mode.
PASS Testing cross-origin and MIME behavior for CSS.
PASS xorigincss4.html should not be loaded via @import.
Modified: trunk/LayoutTests/http/tests/security/cross-origin-css-7-expected.txt (187488 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-7-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-7-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/security/resources/xorigincss5.html' because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/security/resources/xorigincss5.html' because non CSS MIME types are not allowed in strict mode.
PASS Testing cross-origin and MIME behavior for CSS.
PASS xorigincss5.html should not be loaded.
Copied: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-1-expected.txt (from rev 187488, trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt) (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-1-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-1-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed for cross-origin stylesheets.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss1.html should not be loaded via <link>.
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-1.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-1.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-1.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,33 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet" href=""
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id1'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss1.html should not be loaded via <link>.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id1" class="id1"></div>
+</body>
+</html>
Copied: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-2-expected.txt (from rev 187488, trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt) (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-2-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-2-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed for cross-origin stylesheets.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss2.html should not be loaded either via <link> or @import.
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-2.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-2.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-2.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,32 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet" type="text/css" href=""
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id2'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss2.html should not be loaded either via <link> or @import.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id2" class="id2"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-3-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-3-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-3-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,4 @@
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss1.css should be loaded via <link>
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-3.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-3.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-3.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,34 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet"
+ href=""
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id3'), 'rgb(255, 255, 0)');
+ }, 'xorigincss1.css should be loaded via <link>');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id3" class="id3"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-4-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-4-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-4-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,4 @@
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss3.html should be loaded via <link>
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-4.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-4.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-4.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,33 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet" href=""
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id4'), 'rgb(255, 255, 0)');
+ }, 'xorigincss3.html should be loaded via <link>');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id4" class="id4"></div>
+</body>
+</html>
Copied: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-5-expected.txt (from rev 187488, trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt) (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-5-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-5-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed for cross-origin stylesheets.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss4.html should not be loaded via @import.
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-5.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-5.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-5.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,34 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+@import "/resources/redirect.php?url=""
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id5'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss4.html should not be loaded via @import.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id5" class="id5"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-6-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-6-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-6-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,4 @@
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss2.css should be loaded.
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-6.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-6.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-6.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,34 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+@import "/resources/redirect.php?url=""
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id6'), 'rgb(255, 255, 0)');
+ }, 'xorigincss2.css should be loaded.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id6" class="id6"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-7-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-7-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-7-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,4 @@
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss5.html should be loaded via @import.
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-7.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-7.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-7.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,34 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+@import "resources/xorigincss5.html";
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id7'), 'rgb(255, 255, 0)');
+ }, 'xorigincss5.html should be loaded via @import.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id7" class="id7"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-8-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-8-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-8-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,6 @@
+Check that data: is still allowed for non-CORS cross-origin image fetches.
+
+PASS background image loaded
+
+PASS Testing cross-origin and MIME behavior for CSS.
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-8.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-8.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-in-quirks-8.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,34 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Cross-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+#data-background-url {
+ content: "PASS (image loaded)";
+ background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='0px' height='0px'></svg>");
+}
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <p>Check that data: is still allowed for non-CORS cross-origin image fetches.</p>
+ <div id="data-background-url">PASS background image loaded</div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-1-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-1-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-1-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed in strict mode.
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss1.html should not be loaded via <link>.
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-1.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-1.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-1.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet" href=""
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id1'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss1.html should not be loaded via <link>.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id1" class="id1"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-2-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-2-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-2-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed in strict mode.
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss2.html should not be loaded either via <link> or @import.
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-2.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-2.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-2.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet" type="text/css" href=""
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id2'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss2.html should not be loaded either via <link> or @import.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id2" class="id2"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-3-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-3-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-3-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,4 @@
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss1.css should be loaded via <link>
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-3.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-3.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-3.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet"
+ href=""
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id3'), 'rgb(255, 255, 0)');
+ }, 'xorigincss1.css should be loaded via <link>');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id3" class="id3"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-4-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-4-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-4-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,4 @@
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss3.html should not be loaded, even though it is same-origin
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-4.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-4.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-4.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet" href=""
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id4'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss3.html should not be loaded, even though it is same-origin');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id4" class="id4"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-5-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-5-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-5-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url="" because non CSS MIME types are not allowed in strict mode.
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss4.html should not be loaded via @import.
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-5.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-5.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-5.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+@import "/resources/redirect.php?url=""
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id5'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss4.html should not be loaded via @import.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id5" class="id5"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-6-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-6-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-6-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,4 @@
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss2.css should be loaded.
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-6.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-6.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-6.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+@import "/resources/redirect.php?url=""
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id6'), 'rgb(255, 255, 0)');
+ }, 'xorigincss2.css should be loaded.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id6" class="id6"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-7-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-7-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-7-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/security/resources/xorigincss5.html' because non CSS MIME types are not allowed in strict mode.
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss5.html should not be loaded.
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-7.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-7.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-7.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+@import "resources/xorigincss5.html";
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id7'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss5.html should not be loaded.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id7" class="id7"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-8-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-8-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-8-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,6 @@
+Check that data: is still allowed for non-CORS cross-origin image fetches.
+
+PASS background image loaded
+
+PASS Testing same-origin and MIME behavior for CSS.
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-8.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-8.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-8.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Same-origin CSS</title>
+
+<script src=""
+<script src=""
+
+<style>
+#data-background-url {
+ content: "PASS (image loaded)";
+ background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='0px' height='0px'></svg>");
+}
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+
+window._onload_ = function () {
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <p>Check that data: is still allowed for non-CORS cross-origin image fetches.</p>
+ <div id="data-background-url">PASS background image loaded</div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/same-origin-css-in-quirks-expected.txt (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-in-quirks-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-in-quirks-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,11 @@
+PASS background image loaded
+
+PASS Testing same-origin and MIME behavior for CSS.
+PASS xorigincss1.html should be loaded via <link>.
+PASS xorigincss2.html should be loaded either via <link> or @import.
+PASS xorigincss1.css should be loaded via <link>
+PASS xorigincss3.html should be loaded
+PASS xorigincss4.html should be loaded via @import.
+PASS xorigincss2.css should be loaded.
+PASS xorigincss5.html should be loaded.
+
Added: trunk/LayoutTests/http/tests/security/same-origin-css-in-quirks.html (0 => 187489)
--- trunk/LayoutTests/http/tests/security/same-origin-css-in-quirks.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/same-origin-css-in-quirks.html 2015-07-28 17:24:26 UTC (rev 187489)
@@ -0,0 +1,76 @@
+<html>
+<!--
+ Note the lack of doctype above: That is intentional. This test
+ MUST be in quirks mode to have any real testing power.
+-->
+<head>
+<title>Same-origin CSS in quirks mode</title>
+
+<script src=""
+<script src=""
+
+<link rel="stylesheet"
+ href=""
+<link rel="stylesheet"
+ type="text/css"
+ href=""
+<link rel="stylesheet"
+ href=""
+<link rel="stylesheet"
+ href=""
+<style>
+/* Deliberately reuse the same file / class / id on this first one */
+@import "/resources/redirect.php?url=""
+@import "/resources/redirect.php?url=""
+@import "/resources/redirect.php?url=""
+@import "resources/xorigincss5.html";
+
+/* Check that data: is still allowed for non-CORS cross-origin image fetches. */
+#data-background-url {
+ content: "PASS (image loaded)";
+ background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='0px' height='0px'></svg>");
+}
+</style>
+<script>
+ function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+ }
+ var _onloadTest_ = async_test("Testing same-origin and MIME behavior for CSS.");
+ window._onload_ = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id1'), 'rgb(255, 255, 0)');
+ }, 'xorigincss1.html should be loaded via <link>.');
+ test(function () {
+ assert_equals(getBackgroundColorForId('id2'), 'rgb(255, 255, 0)');
+ }, 'xorigincss2.html should be loaded either via <link> or @import.');
+ test(function () {
+ assert_equals(getBackgroundColorForId('id3'), 'rgb(255, 255, 0)');
+ }, 'xorigincss1.css should be loaded via <link>');
+ test(function () {
+ assert_equals(getBackgroundColorForId('id4'), 'rgb(255, 255, 0)');
+ }, 'xorigincss3.html should be loaded');
+ test(function () {
+ assert_equals(getBackgroundColorForId('id5'), 'rgb(255, 255, 0)');
+ }, 'xorigincss4.html should be loaded via @import.');
+ test(function () {
+ assert_equals(getBackgroundColorForId('id6'), 'rgb(255, 255, 0)');
+ }, 'xorigincss2.css should be loaded.');
+ test(function () {
+ assert_equals(getBackgroundColorForId('id7'), 'rgb(255, 255, 0)');
+ }, 'xorigincss5.html should be loaded.');
+ onloadTest.done();
+ };
+</script>
+</head>
+<body>
+ <div id="id1" class="id1"></div>
+ <div id="id2" class="id2"></div>
+ <div id="id3" class="id3"></div>
+ <div id="id4" class="id4"></div>
+ <div id="id5" class="id5"></div>
+ <div id="id6" class="id6"></div>
+ <div id="id7" class="id7"></div>
+ <div id="id8" class="id8"></div>
+ <div id="data-background-url">PASS background image loaded</div>
+</body>
+</html>
Modified: trunk/LayoutTests/platform/mac/http/tests/misc/acid3-expected.txt (187488 => 187489)
--- trunk/LayoutTests/platform/mac/http/tests/misc/acid3-expected.txt 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/LayoutTests/platform/mac/http/tests/misc/acid3-expected.txt 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/acid3/empty.css' because its MIME type was invalid.
+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/acid3/empty.css' because non CSS MIME types are not allowed in strict mode.
layer at (0,0) size 800x600
RenderView at (0,0) size 800x600
layer at (20,20) size 644x433
Modified: trunk/Source/WebCore/ChangeLog (187488 => 187489)
--- trunk/Source/WebCore/ChangeLog 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/Source/WebCore/ChangeLog 2015-07-28 17:24:26 UTC (rev 187489)
@@ -1,3 +1,53 @@
+2015-07-28 Chris Dumez <[email protected]>
+
+ Allow lax MIME type parsing for same-origin CSS in quirks mode.
+ https://bugs.webkit.org/show_bug.cgi?id=147327
+ <rdar://problem/22010303>
+
+ Reviewed by Zalan Bujtas.
+
+ The change made in r180020 is too strict for the web, and doesn't match Firefox
+ Chrome, or IE's behavior. In particular, it does not respect the same-origin
+ carveout that the HTML spec specifies:
+ https://html.spec.whatwg.org/multipage/semantics.html#link-type-stylesheet
+
+ This patch corrects that oversight and aligns our behavior with other popular
+ browsers.
+
+ This change was adapted from Blink r196678:
+ https://src.chromium.org/viewvc/blink?revision=196678&view=revision
+
+ Tests: http/tests/security/cross-origin-css-in-quirks-1.html
+ http/tests/security/cross-origin-css-in-quirks-2.html
+ http/tests/security/cross-origin-css-in-quirks-3.html
+ http/tests/security/cross-origin-css-in-quirks-4.html
+ http/tests/security/cross-origin-css-in-quirks-5.html
+ http/tests/security/cross-origin-css-in-quirks-6.html
+ http/tests/security/cross-origin-css-in-quirks-7.html
+ http/tests/security/cross-origin-css-in-quirks-8.html
+ http/tests/security/same-origin-css-1.html
+ http/tests/security/same-origin-css-2.html
+ http/tests/security/same-origin-css-3.html
+ http/tests/security/same-origin-css-4.html
+ http/tests/security/same-origin-css-5.html
+ http/tests/security/same-origin-css-6.html
+ http/tests/security/same-origin-css-7.html
+ http/tests/security/same-origin-css-8.html
+ http/tests/security/same-origin-css-in-quirks.html
+
+ * css/StyleRuleImport.cpp:
+ (WebCore::StyleRuleImport::setCSSStyleSheet):
+ * css/StyleSheetContents.cpp:
+ (WebCore::StyleSheetContents::parseAuthorStyleSheet):
+ * css/StyleSheetContents.h:
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::setCSSStyleSheet):
+ * loader/cache/CachedCSSStyleSheet.cpp:
+ (WebCore::CachedCSSStyleSheet::sheetText):
+ (WebCore::CachedCSSStyleSheet::canUseSheet):
+ (WebCore::CachedCSSStyleSheet::checkNotify): Deleted.
+ * loader/cache/CachedCSSStyleSheet.h:
+
2015-07-28 Alexey Proskuryakov <[email protected]>
Rolling out r187463, because it caused memory corruption on multiple tests.
Modified: trunk/Source/WebCore/css/StyleRuleImport.cpp (187488 => 187489)
--- trunk/Source/WebCore/css/StyleRuleImport.cpp 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/Source/WebCore/css/StyleRuleImport.cpp 2015-07-28 17:24:26 UTC (rev 187489)
@@ -70,8 +70,9 @@
if (!baseURL.isNull())
context.baseURL = baseURL;
+ Document* document = m_parentStyleSheet ? m_parentStyleSheet->singleOwnerDocument() : nullptr;
m_styleSheet = StyleSheetContents::create(this, href, context);
- m_styleSheet->parseAuthorStyleSheet(cachedStyleSheet);
+ m_styleSheet->parseAuthorStyleSheet(cachedStyleSheet, document ? document->securityOrigin() : nullptr);
m_loading = false;
Modified: trunk/Source/WebCore/css/StyleSheetContents.cpp (187488 => 187489)
--- trunk/Source/WebCore/css/StyleSheetContents.cpp 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/Source/WebCore/css/StyleSheetContents.cpp 2015-07-28 17:24:26 UTC (rev 187489)
@@ -31,6 +31,7 @@
#include "Page.h"
#include "PageConsoleClient.h"
#include "RuleSet.h"
+#include "SecurityOrigin.h"
#include "StyleProperties.h"
#include "StyleRule.h"
#include "StyleRuleImport.h"
@@ -290,16 +291,22 @@
return it->value;
}
-void StyleSheetContents::parseAuthorStyleSheet(const CachedCSSStyleSheet* cachedStyleSheet)
+void StyleSheetContents::parseAuthorStyleSheet(const CachedCSSStyleSheet* cachedStyleSheet, const SecurityOrigin* securityOrigin)
{
+ bool isSameOriginRequest = securityOrigin && securityOrigin->canRequest(baseURL());
+ CachedCSSStyleSheet::MIMETypeCheck mimeTypeCheck = isStrictParserMode(m_parserContext.mode) || !isSameOriginRequest ? CachedCSSStyleSheet::MIMETypeCheck::Strict : CachedCSSStyleSheet::MIMETypeCheck::Lax;
bool hasValidMIMEType = true;
- String sheetText = cachedStyleSheet->sheetText(&hasValidMIMEType);
+ String sheetText = cachedStyleSheet->sheetText(mimeTypeCheck, &hasValidMIMEType);
if (!hasValidMIMEType) {
ASSERT(sheetText.isNull());
if (auto* document = singleOwnerDocument()) {
- if (auto* page = document->page())
- page->console().addMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because its MIME type was invalid.");
+ if (auto* page = document->page()) {
+ if (isStrictParserMode(m_parserContext.mode))
+ page->console().addMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because non CSS MIME types are not allowed in strict mode.");
+ else
+ page->console().addMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because non CSS MIME types are not allowed for cross-origin stylesheets.");
+ }
}
return;
}
Modified: trunk/Source/WebCore/css/StyleSheetContents.h (187488 => 187489)
--- trunk/Source/WebCore/css/StyleSheetContents.h 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/Source/WebCore/css/StyleSheetContents.h 2015-07-28 17:24:26 UTC (rev 187489)
@@ -40,6 +40,7 @@
class Node;
class StyleRuleBase;
class StyleRuleImport;
+class SecurityOrigin;
class StyleSheetContents : public RefCounted<StyleSheetContents> {
public:
@@ -62,7 +63,7 @@
const AtomicString& determineNamespace(const AtomicString& prefix);
- void parseAuthorStyleSheet(const CachedCSSStyleSheet*);
+ void parseAuthorStyleSheet(const CachedCSSStyleSheet*, const SecurityOrigin*);
WEBCORE_EXPORT bool parseString(const String&);
bool parseStringAtPosition(const String&, const TextPosition&, bool createdByParser);
Modified: trunk/Source/WebCore/html/HTMLLinkElement.cpp (187488 => 187489)
--- trunk/Source/WebCore/html/HTMLLinkElement.cpp 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/Source/WebCore/html/HTMLLinkElement.cpp 2015-07-28 17:24:26 UTC (rev 187489)
@@ -346,7 +346,7 @@
m_sheet->setMediaQueries(MediaQuerySet::createAllowingDescriptionSyntax(m_media));
m_sheet->setTitle(title());
- styleSheet.get().parseAuthorStyleSheet(cachedStyleSheet);
+ styleSheet.get().parseAuthorStyleSheet(cachedStyleSheet, document().securityOrigin());
m_loading = false;
styleSheet.get().notifyLoadedSheet(cachedStyleSheet);
Modified: trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp (187488 => 187489)
--- trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2015-07-28 17:24:26 UTC (rev 187489)
@@ -78,9 +78,9 @@
return m_decoder->encoding().name();
}
-const String CachedCSSStyleSheet::sheetText(bool* hasValidMIMEType) const
+const String CachedCSSStyleSheet::sheetText(MIMETypeCheck mimeTypeCheck, bool* hasValidMIMEType) const
{
- if (!m_data || m_data->isEmpty() || !canUseSheet(hasValidMIMEType))
+ if (!m_data || m_data->isEmpty() || !canUseSheet(mimeTypeCheck, hasValidMIMEType))
return String();
if (!m_decodedSheetText.isNull())
@@ -113,11 +113,14 @@
c->setCSSStyleSheet(m_resourceRequest.url(), m_response.url(), m_decoder->encoding().name(), this);
}
-bool CachedCSSStyleSheet::canUseSheet(bool* hasValidMIMEType) const
+bool CachedCSSStyleSheet::canUseSheet(MIMETypeCheck mimeTypeCheck, bool* hasValidMIMEType) const
{
if (errorOccurred())
return false;
+ if (mimeTypeCheck == MIMETypeCheck::Lax)
+ return true;
+
// This check exactly matches Firefox. Note that we grab the Content-Type
// header directly because we want to see what the value is BEFORE content
// sniffing. Firefox does this by setting a "type hint" on the channel.
Modified: trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h (187488 => 187489)
--- trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h 2015-07-28 16:58:08 UTC (rev 187488)
+++ trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h 2015-07-28 17:24:26 UTC (rev 187489)
@@ -41,13 +41,14 @@
CachedCSSStyleSheet(const ResourceRequest&, const String& charset, SessionID);
virtual ~CachedCSSStyleSheet();
- const String sheetText(bool* hasValidMIMEType = nullptr) const;
+ enum class MIMETypeCheck { Strict, Lax };
+ const String sheetText(MIMETypeCheck = MIMETypeCheck::Strict, bool* hasValidMIMEType = nullptr) const;
PassRefPtr<StyleSheetContents> restoreParsedStyleSheet(const CSSParserContext&, CachePolicy);
void saveParsedStyleSheet(Ref<StyleSheetContents>&&);
private:
- bool canUseSheet(bool* hasValidMIMEType) const;
+ bool canUseSheet(MIMETypeCheck, bool* hasValidMIMEType) const;
virtual bool mayTryReplaceEncodedData() const override { return true; }
virtual void didAddClient(CachedResourceClient*) override;
