Bug 59292

Summary: style-src should block inline style from <style>
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, commit-queue, dglazkov, eric, gustavo.noronha, gustavo, webkit-ews, webkit.review.bot, xan.lopez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 53572    
Attachments:
Description Flags
Patch
none
Patch for landing
none
Patch for landing none

Description Adam Barth 2011-04-23 22:07:22 PDT 
style-src should block inline style from <style>
Comment 1 Adam Barth 2011-04-23 22:09:11 PDT 
Created attachment 90869 [details]
Patch
Comment 2 WebKit Review Bot 2011-04-23 22:12:55 PDT 
Attachment 90869 [details] did not pass chromium-ews:
Output: http://queues.webkit.org/results/8504288
Comment 3 Early Warning System Bot 2011-04-23 22:19:14 PDT 
Attachment 90869 [details] did not build on qt:
Build output: http://queues.webkit.org/results/8497899
Comment 4 Build Bot 2011-04-23 22:30:33 PDT 
Attachment 90869 [details] did not build on win:
Build output: http://queues.webkit.org/results/8495952
Comment 5 WebKit Review Bot 2011-04-23 22:53:48 PDT 
Attachment 90869 [details] did not build on mac:
Build output: http://queues.webkit.org/results/8504297
Comment 6 Collabora GTK+ EWS bot 2011-04-23 22:54:04 PDT 
Attachment 90869 [details] did not build on gtk:
Build output: http://queues.webkit.org/results/8497910
Comment 7 WebKit Review Bot 2011-04-23 22:56:22 PDT 
Attachment 90869 [details] did not build on chromium:
Build output: http://queues.webkit.org/results/8505131
Comment 8 Eric Seidel (no email) 2011-04-26 16:15:23 PDT 
Comment on attachment 90869 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=90869&action=review

Seems reasonable though.

> Source/WebCore/dom/StyleElement.cpp:145
> +    if (document->contentSecurityPolicy()->allowInlineStyle()
> +        && (type.isEmpty() || (e->isHTMLElement() ? equalIgnoringCase(type, "text/css") : (type == "text/css")))) {

I would have probably made this a helper method.
Comment 9 Adam Barth 2011-04-29 18:21:40 PDT 
Created attachment 91785 [details]
Patch for landing
Comment 10 Adam Barth 2011-04-29 18:23:20 PDT 
Created attachment 91786 [details]
Patch for landing
Comment 11 WebKit Commit Bot 2011-04-29 19:22:47 PDT 
Comment on attachment 91786 [details]
Patch for landing

Clearing flags on attachment: 91786

Committed r85381: <http://trac.webkit.org/changeset/85381>
Comment 12 WebKit Commit Bot 2011-04-29 19:22:52 PDT 
All reviewed patches have been landed.  Closing bug.