RESOLVED FIXED 59292
style-src should block inline style from <style> 
https://bugs.webkit.org/show_bug.cgi?id=59292
Summary style-src should block inline style from <style>
Adam Barth
Reported 2011-04-23 22:07:22 PDT
style-src should block inline style from <style>
Attachments
Patch (7.28 KB, patch)
2011-04-23 22:09 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Patch for landing (7.79 KB, patch)
2011-04-29 18:21 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Patch for landing (7.62 KB, patch)
2011-04-29 18:23 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2011-04-23 22:09:11 PDT
Created attachment 90869 [details] Patch
WebKit Review Bot
Comment 2 2011-04-23 22:12:55 PDT
Attachment 90869 [details] did not pass chromium-ews: Output: http://queues.webkit.org/results/8504288
Early Warning System Bot
Comment 3 2011-04-23 22:19:14 PDT
Attachment 90869 [details] did not build on qt: Build output: http://queues.webkit.org/results/8497899
Build Bot
Comment 4 2011-04-23 22:30:33 PDT
Attachment 90869 [details] did not build on win: Build output: http://queues.webkit.org/results/8495952
WebKit Review Bot
Comment 5 2011-04-23 22:53:48 PDT
Attachment 90869 [details] did not build on mac: Build output: http://queues.webkit.org/results/8504297
Collabora GTK+ EWS bot
Comment 6 2011-04-23 22:54:04 PDT
Attachment 90869 [details] did not build on gtk: Build output: http://queues.webkit.org/results/8497910
WebKit Review Bot
Comment 7 2011-04-23 22:56:22 PDT
Attachment 90869 [details] did not build on chromium: Build output: http://queues.webkit.org/results/8505131
Eric Seidel (no email)
Comment 8 2011-04-26 16:15:23 PDT
Comment on attachment 90869 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=90869&action=review Seems reasonable though. > Source/WebCore/dom/StyleElement.cpp:145 > + if (document->contentSecurityPolicy()->allowInlineStyle() > + && (type.isEmpty() || (e->isHTMLElement() ? equalIgnoringCase(type, "text/css") : (type == "text/css")))) { I would have probably made this a helper method.
Adam Barth
Comment 9 2011-04-29 18:21:40 PDT
Created attachment 91785 [details] Patch for landing
Adam Barth
Comment 10 2011-04-29 18:23:20 PDT
Created attachment 91786 [details] Patch for landing
WebKit Commit Bot
Comment 11 2011-04-29 19:22:47 PDT
Comment on attachment 91786 [details] Patch for landing Clearing flags on attachment: 91786 Committed r85381: <http://trac.webkit.org/changeset/85381>
WebKit Commit Bot
Comment 12 2011-04-29 19:22:52 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.