Bug 80024

Summary: Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page
Product: WebKit Reporter: Alexander Pavlov (apavlov) <apavlov>
Component: Web Inspector (Deprecated)Assignee: Alexander Pavlov (apavlov) <apavlov>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, apavlov, bweinstein, dglazkov, joepeck, keishi, loislo, pfeldman, pmuellr, rik, timothy, webkit.review.bot, yurys
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch
none
Patch
none
[PATCH] Fixed CSP violation reporting for inline styles
none
[PATCH] Comments addressed pfeldman: review+

Alexander Pavlov (apavlov)
Reported 2012-03-01 06:38:59 PST
Patch to follow.
Attachments
Patch (4.88 KB, patch)
2012-03-01 06:56 PST, Alexander Pavlov (apavlov) 		no flags
DetailsFormatted DiffDiff
Patch (11.08 KB, patch)
2012-03-01 08:23 PST, Alexander Pavlov (apavlov) 		no flags
DetailsFormatted DiffDiff
[PATCH] Fixed CSP violation reporting for inline styles (13.76 KB, patch)
2012-03-02 06:28 PST, Alexander Pavlov (apavlov) 		no flags
DetailsFormatted DiffDiff
[PATCH] Comments addressed (12.63 KB, patch)
2012-03-02 08:33 PST, Alexander Pavlov (apavlov) 		pfeldman: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Alexander Pavlov (apavlov)
Comment 1 2012-03-01 06:56:50 PST
Created attachment 129699 [details] Patch
Pavel Feldman
Comment 2 2012-03-01 07:07:45 PST
Comment on attachment 129699 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=129699&action=review > Source/WebCore/inspector/InspectorCSSAgent.cpp:905 > + // BUG80024: We may have failed to add an actual StyleSheet into the document due to CSP getting in our way. CSP should not block native code from adding rule. Or you should build a way to override CSP.
Alexander Pavlov (apavlov)
Comment 3 2012-03-01 08:23:12 PST
Created attachment 129707 [details] Patch
WebKit Review Bot
Comment 4 2012-03-01 12:21:30 PST
Comment on attachment 129707 [details] Patch Attachment 129707 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/11770571 New failing tests: http/tests/security/contentSecurityPolicy/inline-style-blocked.html
Pavel Feldman
Comment 5 2012-03-02 01:29:55 PST
Comment on attachment 129707 [details] Patch r- for regressing CSP
Alexander Pavlov (apavlov)
Comment 6 2012-03-02 06:28:07 PST
Created attachment 129893 [details] [PATCH] Fixed CSP violation reporting for inline styles
Pavel Feldman
Comment 7 2012-03-02 07:55:56 PST
Comment on attachment 129893 [details] [PATCH] Fixed CSP violation reporting for inline styles View in context: https://bugs.webkit.org/attachment.cgi?id=129893&action=review > Source/WebCore/dom/Document.cpp:2579 > +void Document::setAllowInlineStyle(bool value) You should override content security policy in ContentSecurityPolicy.cpp. > Source/WebCore/dom/StyledElement.cpp:-101 > - else if (document()->contentSecurityPolicy()->allowInlineStyle()) Please do not change call sites. > Source/WebCore/inspector/InspectorCSSAgent.cpp:900 > + bool inlineStyleEnabled = document->allowInlineStyle(false); Should be: ContentSecurityPolicy* policy = document->contentSecurityPolicy(); policy->setOverrideAllowInlineStyle(true); targetNode->... policy->setOverrideAllowInlineStyle(false); > Source/WebCore/page/ContentSecurityPolicy.cpp:525 > + CSPDirective* styleSrcDirective = operativeDirective(m_styleSrc.get()); drop this > LayoutTests/inspector/styles/add-new-rule-inline-style-csp.html:13 > + InspectorTest.selectNodeAndWaitForStyles("inspected", step1); These are not 3 steps, these are 3 tests.
Alexander Pavlov (apavlov)
Comment 8 2012-03-02 08:33:41 PST
Created attachment 129903 [details] [PATCH] Comments addressed
Adam Barth
Comment 9 2012-03-02 09:10:07 PST
Comment on attachment 129903 [details] [PATCH] Comments addressed The changes to ContentSecurityPolicy.cpp/h look fine.
Pavel Feldman
Comment 10 2012-03-02 09:11:03 PST
Comment on attachment 129903 [details] [PATCH] Comments addressed View in context: https://bugs.webkit.org/attachment.cgi?id=129903&action=review > Source/WebCore/inspector/InspectorCSSAgent.cpp:745 > + *errorString = "Failed to find or create inspector stylesheet, probably due to Content-Security-Policy"; This is no longer the case. > Source/WebCore/inspector/InspectorStyleSheet.cpp:1324 > + ContentSecurityPolicy* policy = m_element->ownerDocument() ? m_element->ownerDocument()->contentSecurityPolicy() : 0; ownerDocument never returns NULL for an element. Also, I would recommend using raii idiom for this case. > Source/WebCore/page/ContentSecurityPolicy.h:73 > + void setOverrideAllowInlineStyle(bool); Do we need a better name for this method? setOverrideAllowInlineStyleForInspector ?
Adam Barth
Comment 11 2012-03-02 09:21:31 PST
> Do we need a better name for this method? setOverrideAllowInlineStyleForInspector ? setOverrideAllowInlineStyle ?
Alexander Pavlov (apavlov)
Comment 12 2012-03-02 09:27:40 PST
(In reply to comment #11) > > Do we need a better name for this method? setOverrideAllowInlineStyleForInspector ? > > setOverrideAllowInlineStyle ? Will revert to this name when landing.
Alexander Pavlov (apavlov)
Comment 13 2012-03-05 02:45:12 PST
Committed r109730: <http://trac.webkit.org/changeset/109730>
Note You need to log in before you can comment on or make changes to this bug.