128990 2014-02-18 12:47:30 -0800 CSP breaks soft-wrapping of plaintext documents unless unsafe-inline is used 2016-05-27 12:30:12 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) Mac (Intel) OS X 10.9 NEW InRadar P2 Normal --- 1 aroben webkit-unassigned bfulgham dbates webkit-bug-importer oldest_to_newest 982048 0 aroben 2014-02-18 12:47:30 -0800 To reproduce: 1. Serve a plaintext document containing long lines with Content-Security-Policy header of "style-src 'none'" or stronger (like "default-src 'none'"). The lines should soft-wrap to match the browser width. But the lines do not wrap. In the JS console there is a warning that says: > Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. It looks like CSP is breaking the style attribute that WebKit puts on the <pre> element that wraps the plaintext contents. We were running into this when serving raw file contents from raw.github.com (I'm a GitHub engineer), so we added a "style-src 'unsafe-inline'" directive. 1197169 1 webkit-bug-importer 2016-05-27 12:30:12 -0700 <rdar://problem/26522742>