Bug 59293 - style-src should block @style
Summary: style-src should block @style
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks: 53572
  Show dependency treegraph
 
Reported: 2011-04-23 22:24 PDT by Adam Barth
Modified: 2011-04-29 19:56 PDT (History)
9 users (show)

See Also:

Attachments
Patch (5.61 KB, patch)
2011-04-23 22:27 PDT, Adam Barth 		no flags Details | Formatted Diff | Diff
Patch (7.43 KB, patch)
2011-04-29 18:41 PDT, Adam Barth 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2011-04-23 22:24:54 PDT 
style-src should block @style
Comment 1 Adam Barth 2011-04-23 22:27:11 PDT 
Created attachment 90870 [details]
Patch
Comment 2 WebKit Review Bot 2011-04-23 22:29:36 PDT 
Attachment 90870 [details] did not pass chromium-ews:
Output: http://queues.webkit.org/results/8497902
Comment 3 Early Warning System Bot 2011-04-23 22:35:19 PDT 
Attachment 90870 [details] did not build on qt:
Build output: http://queues.webkit.org/results/8498897
Comment 4 WebKit Review Bot 2011-04-23 22:43:19 PDT 
Attachment 90870 [details] did not build on chromium:
Build output: http://queues.webkit.org/results/8494985
Comment 5 WebKit Review Bot 2011-04-23 22:45:16 PDT 
Attachment 90870 [details] did not build on mac:
Build output: http://queues.webkit.org/results/8495954
Comment 6 Build Bot 2011-04-23 23:03:27 PDT 
Attachment 90870 [details] did not build on win:
Build output: http://queues.webkit.org/results/8495964
Comment 7 Collabora GTK+ EWS bot 2011-04-23 23:09:38 PDT 
Attachment 90870 [details] did not build on gtk:
Build output: http://queues.webkit.org/results/8497916
Comment 8 Eric Seidel (no email) 2011-04-24 06:26:32 PDT 
Comment on attachment 90870 [details]
Patch

No r+ for you, build-breaker! :p
Comment 9 Eric Seidel (no email) 2011-04-24 06:27:34 PDT 
Comment on attachment 90870 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=90870&action=review

> Source/WebCore/dom/StyledElement.cpp:244
> +        else if (document()->contentSecurityPolicy()->allowInlineStyle())

Should it early return instead?  Should it be going down the destoryInlineStleDecl case instead?  Why should it be re-calcing after?
Comment 10 Adam Barth 2011-04-24 11:13:21 PDT 
> No r+ for you, build-breaker! :p

It's just dependent on earlier patches.  I should have mentioned that.

> (From update of attachment 90870 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=90870&action=review
> 
> > Source/WebCore/dom/StyledElement.cpp:244
> > +        else if (document()->contentSecurityPolicy()->allowInlineStyle())
> 
> Should it early return instead?  Should it be going down the destoryInlineStleDecl case instead?  Why should it be re-calcing after?

This seemed like a less disruptive way of blocking the attribute.  We could destroy the attribute if you like, but that could have some odd behavior if there was some way of dynamically changing the CSP policy (which there isn't really today).
Comment 11 Adam Barth 2011-04-29 18:41:11 PDT 
Created attachment 91789 [details]
Patch
Comment 12 Eric Seidel (no email) 2011-04-29 18:47:00 PDT 
Comment on attachment 91789 [details]
Patch

OK.
Comment 13 Early Warning System Bot 2011-04-29 18:49:43 PDT 
Attachment 91789 [details] did not build on qt:
Build output: http://queues.webkit.org/results/8523353
Comment 14 WebKit Review Bot 2011-04-29 18:50:58 PDT 
Attachment 91789 [details] did not build on chromium:
Build output: http://queues.webkit.org/results/8521520
Comment 15 WebKit Commit Bot 2011-04-29 19:25:30 PDT 
Comment on attachment 91789 [details]
Patch

Rejecting attachment 91789 [details] from commit-queue.

Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'build'..." exit_code: 2

Last 500 characters of output:
VERSION_MINOR 0320
    setenv YACC /Developer/usr/bin/yacc
    /bin/sh -c /mnt/git/webkit-commit-queue/WebKitBuild/WebCore.build/Debug/WebCore.build/Script-5DF50887116F3077005202AB.sh

** BUILD FAILED **


The following build commands failed:
WebCore:
	CompileC /mnt/git/webkit-commit-queue/WebKitBuild/WebCore.build/Debug/WebCore.build/Objects-normal/x86_64/StyledElement.o /mnt/git/webkit-commit-queue/Source/WebCore/dom/StyledElement.cpp normal x86_64 c++ com.apple.compilers.gcc.4_2
(1 failure)


Full output: http://queues.webkit.org/results/8460022
Comment 16 WebKit Commit Bot 2011-04-29 19:56:34 PDT 
Comment on attachment 91789 [details]
Patch

Clearing flags on attachment: 91789

Committed r85384: <http://trac.webkit.org/changeset/85384>
Comment 17 WebKit Commit Bot 2011-04-29 19:56:41 PDT 
All reviewed patches have been landed.  Closing bug.