style-src should block inline style from <style>
Created attachment 90869 [details] Patch
Attachment 90869 [details] did not pass chromium-ews: Output: http://queues.webkit.org/results/8504288
Attachment 90869 [details] did not build on qt: Build output: http://queues.webkit.org/results/8497899
Attachment 90869 [details] did not build on win: Build output: http://queues.webkit.org/results/8495952
Attachment 90869 [details] did not build on mac: Build output: http://queues.webkit.org/results/8504297
Attachment 90869 [details] did not build on gtk: Build output: http://queues.webkit.org/results/8497910
Attachment 90869 [details] did not build on chromium: Build output: http://queues.webkit.org/results/8505131
Comment on attachment 90869 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=90869&action=review Seems reasonable though. > Source/WebCore/dom/StyleElement.cpp:145 > + if (document->contentSecurityPolicy()->allowInlineStyle() > + && (type.isEmpty() || (e->isHTMLElement() ? equalIgnoringCase(type, "text/css") : (type == "text/css")))) { I would have probably made this a helper method.
Created attachment 91785 [details] Patch for landing
Created attachment 91786 [details] Patch for landing
Comment on attachment 91786 [details] Patch for landing Clearing flags on attachment: 91786 Committed r85381: <http://trac.webkit.org/changeset/85381>
All reviewed patches have been landed. Closing bug.