Bug 128990
| Summary: | CSP breaks soft-wrapping of plaintext documents unless unsafe-inline is used | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Adam Roben (:aroben) <aroben> |
| Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | bfulgham, dbates, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac (Intel) | ||
| OS: | OS X 10.9 | ||
Adam Roben (:aroben)
To reproduce:
1. Serve a plaintext document containing long lines with Content-Security-Policy header of "style-src 'none'" or stronger (like "default-src 'none'").
The lines should soft-wrap to match the browser width.
But the lines do not wrap. In the JS console there is a warning that says:
> Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
It looks like CSP is breaking the style attribute that WebKit puts on the <pre> element that wraps the plaintext contents.
We were running into this when serving raw file contents from raw.github.com (I'm a GitHub engineer), so we added a "style-src 'unsafe-inline'" directive.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/26522742>