59292 – style-src should block inline style from <style>

Bug 59292 - style-src should block inline style from <style>

Summary: style-src should block inline style from <style>

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Other OS X 10.5

Importance:	P2 Normal
Assignee:	Adam Barth

URL:
Keywords:

Depends on:
Blocks:	53572
	Show dependency tree / graph

Reported:	2011-04-23 22:07 PDT by Adam Barth
Modified:	2011-04-29 19:22 PDT (History)
CC List:	9 users (show)

See Also:

Attachments
Patch (7.28 KB, patch) 2011-04-23 22:09 PDT, Adam Barth	no flags	Details \| Formatted Diff \| Diff
Patch for landing (7.79 KB, patch) 2011-04-29 18:21 PDT, Adam Barth	no flags	Details \| Formatted Diff \| Diff
Patch for landing (7.62 KB, patch) 2011-04-29 18:23 PDT, Adam Barth	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Barth 2011-04-23 22:07:22 PDT

style-src should block inline style from <style>

Comment 1 Adam Barth 2011-04-23 22:09:11 PDT

Created attachment 90869 [details]
Patch

Comment 2 WebKit Review Bot 2011-04-23 22:12:55 PDT

Attachment 90869 [details] did not pass chromium-ews:
Output: http://queues.webkit.org/results/8504288

Comment 3 Early Warning System Bot 2011-04-23 22:19:14 PDT

Attachment 90869 [details] did not build on qt:
Build output: http://queues.webkit.org/results/8497899

Comment 4 Build Bot 2011-04-23 22:30:33 PDT

Attachment 90869 [details] did not build on win:
Build output: http://queues.webkit.org/results/8495952

Comment 5 WebKit Review Bot 2011-04-23 22:53:48 PDT

Attachment 90869 [details] did not build on mac:
Build output: http://queues.webkit.org/results/8504297

Comment 6 Collabora GTK+ EWS bot 2011-04-23 22:54:04 PDT

Attachment 90869 [details] did not build on gtk:
Build output: http://queues.webkit.org/results/8497910

Comment 7 WebKit Review Bot 2011-04-23 22:56:22 PDT

Attachment 90869 [details] did not build on chromium:
Build output: http://queues.webkit.org/results/8505131

Comment 8 Eric Seidel (no email) 2011-04-26 16:15:23 PDT

Comment on attachment 90869 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=90869&action=review

Seems reasonable though.

> Source/WebCore/dom/StyleElement.cpp:145
> +    if (document->contentSecurityPolicy()->allowInlineStyle()
> +        && (type.isEmpty() || (e->isHTMLElement() ? equalIgnoringCase(type, "text/css") : (type == "text/css")))) {

I would have probably made this a helper method.

Comment 9 Adam Barth 2011-04-29 18:21:40 PDT

Created attachment 91785 [details]
Patch for landing

Comment 10 Adam Barth 2011-04-29 18:23:20 PDT

Created attachment 91786 [details]
Patch for landing

Comment 11 WebKit Commit Bot 2011-04-29 19:22:47 PDT

Comment on attachment 91786 [details]
Patch for landing

Clearing flags on attachment: 91786

Committed r85381: <http://trac.webkit.org/changeset/85381>

Comment 12 WebKit Commit Bot 2011-04-29 19:22:52 PDT

All reviewed patches have been landed.  Closing bug.