| Summary: | Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Alexander Pavlov (apavlov) <apavlov> | ||||||||||
| Component: | Web Inspector (Deprecated) | Assignee: | Alexander Pavlov (apavlov) <apavlov> | ||||||||||
| Status: | RESOLVED FIXED | ||||||||||||
| Severity: | Normal | CC: | abarth, apavlov, bweinstein, dglazkov, joepeck, keishi, loislo, pfeldman, pmuellr, rik, timothy, webkit.review.bot, yurys | ||||||||||
| Priority: | P2 | ||||||||||||
| Version: | 528+ (Nightly build) | ||||||||||||
| Hardware: | All | ||||||||||||
| OS: | All | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
Alexander Pavlov (apavlov)
2012-03-01 06:38:59 PST
Created attachment 129699 [details]
Patch
Comment on attachment 129699 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=129699&action=review > Source/WebCore/inspector/InspectorCSSAgent.cpp:905 > + // BUG80024: We may have failed to add an actual StyleSheet into the document due to CSP getting in our way. CSP should not block native code from adding rule. Or you should build a way to override CSP. Created attachment 129707 [details]
Patch
Comment on attachment 129707 [details] Patch Attachment 129707 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/11770571 New failing tests: http/tests/security/contentSecurityPolicy/inline-style-blocked.html Comment on attachment 129707 [details]
Patch
r- for regressing CSP
Created attachment 129893 [details]
[PATCH] Fixed CSP violation reporting for inline styles
Comment on attachment 129893 [details] [PATCH] Fixed CSP violation reporting for inline styles View in context: https://bugs.webkit.org/attachment.cgi?id=129893&action=review > Source/WebCore/dom/Document.cpp:2579 > +void Document::setAllowInlineStyle(bool value) You should override content security policy in ContentSecurityPolicy.cpp. > Source/WebCore/dom/StyledElement.cpp:-101 > - else if (document()->contentSecurityPolicy()->allowInlineStyle()) Please do not change call sites. > Source/WebCore/inspector/InspectorCSSAgent.cpp:900 > + bool inlineStyleEnabled = document->allowInlineStyle(false); Should be: ContentSecurityPolicy* policy = document->contentSecurityPolicy(); policy->setOverrideAllowInlineStyle(true); targetNode->... policy->setOverrideAllowInlineStyle(false); > Source/WebCore/page/ContentSecurityPolicy.cpp:525 > + CSPDirective* styleSrcDirective = operativeDirective(m_styleSrc.get()); drop this > LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html:13 > + InspectorTest.selectNodeAndWaitForStyles("inspected", step1); These are not 3 steps, these are 3 tests. Created attachment 129903 [details]
[PATCH] Comments addressed
Comment on attachment 129903 [details]
[PATCH] Comments addressed
The changes to ContentSecurityPolicy.cpp/h look fine.
Comment on attachment 129903 [details] [PATCH] Comments addressed View in context: https://bugs.webkit.org/attachment.cgi?id=129903&action=review > Source/WebCore/inspector/InspectorCSSAgent.cpp:745 > + *errorString = "Failed to find or create inspector stylesheet, probably due to Content-Security-Policy"; This is no longer the case. > Source/WebCore/inspector/InspectorStyleSheet.cpp:1324 > + ContentSecurityPolicy* policy = m_element->ownerDocument() ? m_element->ownerDocument()->contentSecurityPolicy() : 0; ownerDocument never returns NULL for an element. Also, I would recommend using raii idiom for this case. > Source/WebCore/page/ContentSecurityPolicy.h:73 > + void setOverrideAllowInlineStyle(bool); Do we need a better name for this method? setOverrideAllowInlineStyleForInspector ? > Do we need a better name for this method? setOverrideAllowInlineStyleForInspector ?
setOverrideAllowInlineStyle ?
(In reply to comment #11) > > Do we need a better name for this method? setOverrideAllowInlineStyleForInspector ? > > setOverrideAllowInlineStyle ? Will revert to this name when landing. Committed r109730: <http://trac.webkit.org/changeset/109730> |