[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
abarth at webkit.org
abarth at webkit.org
Thu Apr 8 00:54:16 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit f85bcb1eb286688d00985ff5b61e53d6dc624315
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Jan 5 05:19:56 2010 +0000
2010-01-04 Chris Evans <cevans at chromium.org>
Reviewed by Adam Barth.
Test for https://bugs.webkit.org/show_bug.cgi?id=29820
Adopt a more conservative approach for loading CSS cross-origin.
* http/tests/security/cross-origin-css.html: Added.
* http/tests/security/cross-origin-css-expected.txt: Added.
* http/tests/security/cross-origin-css-in-xml.xml: Added.
* http/tests/security/cross-origin-css-in-xml-expected.txt: Added.
* http/tests/security/resources/xorigincss1.css: Added.
* http/tests/security/resources/xorigincss2.css: Added.
* http/tests/security/resources/xorigincss1.html: Added.
* http/tests/security/resources/xorigincss2.html: Added.
* http/tests/security/resources/xorigincss3.html: Added.
* http/tests/security/resources/xorigincss4.html: Added.
* http/tests/security/resources/xorigincss5.html: Added.
* http/tests/security/resources/xorigincss6.html: Added.
2010-01-04 Chris Evans <cevans at chromium.org>
Reviewed by Adam Barth.
Adopt a more conservative approach for loading CSS cross-origin. When
loading CSS cross-origin, it must be start with valid CSS if the MIME
type is broken.
https://bugs.webkit.org/show_bug.cgi?id=29820
Test: http/tests/security/cross-origin-css.html
Test: http/tests/security/cross-origin-css-in-xml.xml
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet): Enforce stricter load
requirements for cross-origin loads.
* css/CSSImportRule.cpp:
(WebCore::CSSImportRule::setCSSStyleSheet): Enforce stricter load
requirements for cross-origin loads.
* css/CSSStyleSheet.h:
* css/CSSStyleSheet.cpp:
* css/CSSParser.cpp:
* css/CSSGrammar.y:
* css/CSSParser.h:
Add ability to tell whether the CSS parse started with a syntactically
valid CSS rule.
* loader/CachedCSSStyleSheet.h:
* loader/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::sheetText): Add ability to return
whether the MIME type was acceptable for CSS.
(WebCore::CachedCSSStyleSheet::canUseSheet): If requested, return
whether the MIME type was valid or not.
* dom/ProcessingInstruction.cpp
(WebCore::ProcessingInstruction::setCSSStyleSheet): Make use of strict
mode explicit and add comment.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52784 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 3f45ffd..e7f544f 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,23 @@
+2010-01-04 Chris Evans <cevans at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Test for https://bugs.webkit.org/show_bug.cgi?id=29820
+ Adopt a more conservative approach for loading CSS cross-origin.
+
+ * http/tests/security/cross-origin-css.html: Added.
+ * http/tests/security/cross-origin-css-expected.txt: Added.
+ * http/tests/security/cross-origin-css-in-xml.xml: Added.
+ * http/tests/security/cross-origin-css-in-xml-expected.txt: Added.
+ * http/tests/security/resources/xorigincss1.css: Added.
+ * http/tests/security/resources/xorigincss2.css: Added.
+ * http/tests/security/resources/xorigincss1.html: Added.
+ * http/tests/security/resources/xorigincss2.html: Added.
+ * http/tests/security/resources/xorigincss3.html: Added.
+ * http/tests/security/resources/xorigincss4.html: Added.
+ * http/tests/security/resources/xorigincss5.html: Added.
+ * http/tests/security/resources/xorigincss6.html: Added.
+
2010-01-04 Dan Bernstein <mitz at apple.com>
Reviewed by Simon Fraser.
diff --git a/LayoutTests/http/tests/security/cross-origin-css-expected.txt b/LayoutTests/http/tests/security/cross-origin-css-expected.txt
new file mode 100644
index 0000000..6780acf
--- /dev/null
+++ b/LayoutTests/http/tests/security/cross-origin-css-expected.txt
@@ -0,0 +1,7 @@
+LINK Cross-origin, HTML, valid: rgb(255, 255, 0)
+LINK + IMPORT Cross-origin, HTML, invalid: rgba(0, 0, 0, 0)
+LINK Cross-origin, CSS, invalid: rgb(255, 255, 0)
+LINK Same-origin, HTML, invalid: rgb(255, 255, 0)
+IMPORT Cross-origin, HTML, valid: rgb(255, 255, 0)
+IMPORT Cross-origin, CSS, invalid: rgb(255, 255, 0)
+IMPORT Same-origin, HTML, invalid: rgb(255, 255, 0)
diff --git a/LayoutTests/http/tests/security/cross-origin-css-in-xml-expected.txt b/LayoutTests/http/tests/security/cross-origin-css-in-xml-expected.txt
new file mode 100644
index 0000000..96a1b7d
--- /dev/null
+++ b/LayoutTests/http/tests/security/cross-origin-css-in-xml-expected.txt
@@ -0,0 +1 @@
+XML CSS Same-origin, HTML, valid: rgba(0, 0, 0, 0)
diff --git a/LayoutTests/http/tests/security/cross-origin-css-in-xml.xml b/LayoutTests/http/tests/security/cross-origin-css-in-xml.xml
new file mode 100644
index 0000000..ce215e4
--- /dev/null
+++ b/LayoutTests/http/tests/security/cross-origin-css-in-xml.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/css" href="resources/xorigincss6.html"?>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+}
+
+window.onload = function() {
+ ele = document.getElementById("id1");
+ // For now, simply test that an invalid MIME type (HTML) is rejected due to
+ // strict mode. It doesn't matter if we test same-origin or cross-origin.
+ ele.innerText = "XML CSS Same-origin, HTML, valid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body><div id="id1"></div></body>
+</html>
diff --git a/LayoutTests/http/tests/security/cross-origin-css.html b/LayoutTests/http/tests/security/cross-origin-css.html
new file mode 100644
index 0000000..abc3814
--- /dev/null
+++ b/LayoutTests/http/tests/security/cross-origin-css.html
@@ -0,0 +1,47 @@
+<html>
+<head>
+<link rel="stylesheet"
+ href="resources/redir.php?url=http://localhost:8000/security/resources/xorigincss1.html"></link>
+<link rel="stylesheet"
+ type="text/css"
+ href="resources/redir.php?url=http://localhost:8000/security/resources/xorigincss2.html"></link>
+<link rel="stylesheet"
+ href="resources/redir.php?url=http://localhost:8000/security/resources/xorigincss1.css"></link>
+<link rel="stylesheet"
+ href="resources/xorigincss3.html"></link>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+}
+
+window.onload = function() {
+ ele = document.getElementById("id1");
+ ele.innerText = "LINK Cross-origin, HTML, valid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+ ele = document.getElementById("id2");
+ ele.innerText = "LINK + IMPORT Cross-origin, HTML, invalid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+ ele = document.getElementById("id3");
+ ele.innerText = "LINK Cross-origin, CSS, invalid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+ ele = document.getElementById("id4");
+ ele.innerText = "LINK Same-origin, HTML, invalid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+ ele = document.getElementById("id5");
+ ele.innerText = "IMPORT Cross-origin, HTML, valid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+ ele = document.getElementById("id6");
+ ele.innerText = "IMPORT Cross-origin, CSS, invalid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+ ele = document.getElementById("id7");
+ ele.innerText = "IMPORT Same-origin, HTML, invalid: " + window.getComputedStyle(ele, null).getPropertyValue('background-color');
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+<style>
+/* Deliberately reuse the same file / class / id on this first one */
+ at import "resources/redir.php?url=http://localhost:8000/security/resources/xorigincss2.html";
+ at import "resources/redir.php?url=http://localhost:8000/security/resources/xorigincss4.html";
+ at import "resources/redir.php?url=http://localhost:8000/security/resources/xorigincss2.css";
+ at import "resources/xorigincss5.html";
+</style>
+</head>
+<body><div id="id1" class="id1"></div><div id="id2" class="id2"></div><div id="id3" class="id3"></div><div id="id4" class="id4"></div><div id="id5" class="id5"></div><div id="id6" class="id6"></div><div id="id7" class="id7"></div></body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/xorigincss1.css b/LayoutTests/http/tests/security/resources/xorigincss1.css
new file mode 100644
index 0000000..574e8c5
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss1.css
@@ -0,0 +1,5 @@
+<html>{}
+.id3 {
+ background-color: yellow;
+}
+</html>
diff --git a/LayoutTests/http/tests/security/resources/xorigincss1.html b/LayoutTests/http/tests/security/resources/xorigincss1.html
new file mode 100644
index 0000000..7e5ec2c
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss1.html
@@ -0,0 +1,4 @@
+.id1 {
+ nosuchproperty: blahblah;
+ background-color: yellow;
+}
diff --git a/LayoutTests/http/tests/security/resources/xorigincss2.css b/LayoutTests/http/tests/security/resources/xorigincss2.css
new file mode 100644
index 0000000..829fc12
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss2.css
@@ -0,0 +1,5 @@
+<html>{}
+.id6 {
+ background-color: yellow;
+}
+</html>
diff --git a/LayoutTests/http/tests/security/resources/xorigincss2.html b/LayoutTests/http/tests/security/resources/xorigincss2.html
new file mode 100644
index 0000000..cb83739
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss2.html
@@ -0,0 +1,5 @@
+<html>{}
+.id2 {
+ background-color: yellow;
+}
+</html>
diff --git a/LayoutTests/http/tests/security/resources/xorigincss3.html b/LayoutTests/http/tests/security/resources/xorigincss3.html
new file mode 100644
index 0000000..c103f32
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss3.html
@@ -0,0 +1,5 @@
+<html>{}
+.id4 {
+ background-color: yellow;
+}
+</html>
diff --git a/LayoutTests/http/tests/security/resources/xorigincss4.html b/LayoutTests/http/tests/security/resources/xorigincss4.html
new file mode 100644
index 0000000..42da35e
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss4.html
@@ -0,0 +1,3 @@
+.id5 {
+ background-color: yellow;
+}
diff --git a/LayoutTests/http/tests/security/resources/xorigincss5.html b/LayoutTests/http/tests/security/resources/xorigincss5.html
new file mode 100644
index 0000000..0573623
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss5.html
@@ -0,0 +1,5 @@
+<html>{}
+.id7 {
+ background-color: yellow;
+}
+</html>
diff --git a/LayoutTests/http/tests/security/resources/xorigincss6.html b/LayoutTests/http/tests/security/resources/xorigincss6.html
new file mode 100644
index 0000000..f0176f9
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/xorigincss6.html
@@ -0,0 +1,3 @@
+#id1 {
+ background-color: yellow;
+}
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 217228d..997226e 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,39 @@
+2010-01-04 Chris Evans <cevans at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Adopt a more conservative approach for loading CSS cross-origin. When
+ loading CSS cross-origin, it must be start with valid CSS if the MIME
+ type is broken.
+
+ https://bugs.webkit.org/show_bug.cgi?id=29820
+
+ Test: http/tests/security/cross-origin-css.html
+ Test: http/tests/security/cross-origin-css-in-xml.xml
+
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::setCSSStyleSheet): Enforce stricter load
+ requirements for cross-origin loads.
+ * css/CSSImportRule.cpp:
+ (WebCore::CSSImportRule::setCSSStyleSheet): Enforce stricter load
+ requirements for cross-origin loads.
+ * css/CSSStyleSheet.h:
+ * css/CSSStyleSheet.cpp:
+ * css/CSSParser.cpp:
+ * css/CSSGrammar.y:
+ * css/CSSParser.h:
+ Add ability to tell whether the CSS parse started with a syntactically
+ valid CSS rule.
+ * loader/CachedCSSStyleSheet.h:
+ * loader/CachedCSSStyleSheet.cpp:
+ (WebCore::CachedCSSStyleSheet::sheetText): Add ability to return
+ whether the MIME type was acceptable for CSS.
+ (WebCore::CachedCSSStyleSheet::canUseSheet): If requested, return
+ whether the MIME type was valid or not.
+ * dom/ProcessingInstruction.cpp
+ (WebCore::ProcessingInstruction::setCSSStyleSheet): Make use of strict
+ mode explicit and add comment.
+
2010-01-04 Dan Bernstein <mitz at apple.com>
Reviewed by Simon Fraser.
diff --git a/WebCore/css/CSSGrammar.y b/WebCore/css/CSSGrammar.y
index 22e3aaf..cf87105 100644
--- a/WebCore/css/CSSGrammar.y
+++ b/WebCore/css/CSSGrammar.y
@@ -386,7 +386,9 @@ valid_rule:
;
rule:
- valid_rule
+ valid_rule {
+ static_cast<CSSParser*>(parser)->m_hadSyntacticallyValidCSSRule = true;
+ }
| invalid_rule
| invalid_at
;
@@ -1477,8 +1479,12 @@ invalid_rule:
;
invalid_block:
- '{' error invalid_block_list error closing_brace
- | '{' error closing_brace
+ '{' error invalid_block_list error closing_brace {
+ static_cast<CSSParser*>(parser)->invalidBlockHit();
+ }
+ | '{' error closing_brace {
+ static_cast<CSSParser*>(parser)->invalidBlockHit();
+ }
;
invalid_block_list:
diff --git a/WebCore/css/CSSImportRule.cpp b/WebCore/css/CSSImportRule.cpp
index 5c13bc6..be2d3a1 100644
--- a/WebCore/css/CSSImportRule.cpp
+++ b/WebCore/css/CSSImportRule.cpp
@@ -25,6 +25,7 @@
#include "CachedCSSStyleSheet.h"
#include "DocLoader.h"
#include "Document.h"
+#include "SecurityOrigin.h"
#include "Settings.h"
#include <wtf/StdLibExtras.h>
@@ -59,6 +60,8 @@ void CSSImportRule::setCSSStyleSheet(const String& url, const String& charset, c
m_styleSheet->setParent(0);
m_styleSheet = CSSStyleSheet::create(this, url, charset);
+ bool crossOriginCSS = false;
+ bool validMIMEType = false;
CSSStyleSheet* parent = parentStyleSheet();
bool strict = !parent || parent->useStrictParsing();
bool enforceMIMEType = strict;
@@ -72,9 +75,15 @@ void CSSImportRule::setCSSStyleSheet(const String& url, const String& charset, c
}
#endif
- String sheetText = sheet->sheetText(enforceMIMEType);
+ String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
m_styleSheet->parseString(sheetText, strict);
+ if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
+ crossOriginCSS = true;
+
+ if (crossOriginCSS && !validMIMEType && !m_styleSheet->hasSyntacticallyValidCSSHeader())
+ m_styleSheet = CSSStyleSheet::create(this, url, charset);
+
if (strict && needsSiteSpecificQuirks) {
// Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
diff --git a/WebCore/css/CSSParser.cpp b/WebCore/css/CSSParser.cpp
index b4beaba..e71443c 100644
--- a/WebCore/css/CSSParser.cpp
+++ b/WebCore/css/CSSParser.cpp
@@ -139,6 +139,7 @@ CSSParser::CSSParser(bool strictParsing)
, m_currentShorthand(0)
, m_implicitShorthand(false)
, m_hasFontFaceOnlyValues(false)
+ , m_hadSyntacticallyValidCSSRule(false)
, m_defaultNamespace(starAtom)
, m_data(0)
, yy_start(1)
@@ -5233,6 +5234,12 @@ WebKitCSSKeyframeRule* CSSParser::createKeyframeRule(CSSParserValueList* keys)
return keyframePtr;
}
+void CSSParser::invalidBlockHit()
+{
+ if (m_styleSheet && !m_hadSyntacticallyValidCSSRule)
+ m_styleSheet->setHasSyntacticallyValidCSSHeader(false);
+}
+
static int cssPropertyID(const UChar* propertyName, unsigned length)
{
if (!length)
diff --git a/WebCore/css/CSSParser.h b/WebCore/css/CSSParser.h
index d032886..3922a2a 100644
--- a/WebCore/css/CSSParser.h
+++ b/WebCore/css/CSSParser.h
@@ -193,6 +193,7 @@ namespace WebCore {
bool addVariableDeclarationBlock(const CSSParserString&);
bool checkForVariables(CSSParserValueList*);
void addUnresolvedProperty(int propId, bool important);
+ void invalidBlockHit();
Vector<CSSSelector*>* reusableSelectorVector() { return &m_reusableSelectorVector; }
@@ -214,6 +215,7 @@ namespace WebCore {
bool m_implicitShorthand;
bool m_hasFontFaceOnlyValues;
+ bool m_hadSyntacticallyValidCSSRule;
Vector<String> m_variableNames;
Vector<RefPtr<CSSValue> > m_variableValues;
diff --git a/WebCore/css/CSSStyleSheet.cpp b/WebCore/css/CSSStyleSheet.cpp
index f6cd6f2..3ce7fb4 100644
--- a/WebCore/css/CSSStyleSheet.cpp
+++ b/WebCore/css/CSSStyleSheet.cpp
@@ -42,6 +42,7 @@ CSSStyleSheet::CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, con
, m_loadCompleted(false)
, m_strictParsing(!parentSheet || parentSheet->useStrictParsing())
, m_isUserStyleSheet(parentSheet ? parentSheet->isUserStyleSheet() : false)
+ , m_hasSyntacticallyValidCSSHeader(true)
{
}
@@ -53,6 +54,7 @@ CSSStyleSheet::CSSStyleSheet(Node* parentNode, const String& href, const String&
, m_loadCompleted(false)
, m_strictParsing(false)
, m_isUserStyleSheet(false)
+ , m_hasSyntacticallyValidCSSHeader(true)
{
}
@@ -62,6 +64,7 @@ CSSStyleSheet::CSSStyleSheet(CSSRule* ownerRule, const String& href, const Strin
, m_charset(charset)
, m_loadCompleted(false)
, m_strictParsing(!ownerRule || ownerRule->useStrictParsing())
+ , m_hasSyntacticallyValidCSSHeader(true)
{
CSSStyleSheet* parentSheet = ownerRule ? ownerRule->parentStyleSheet() : 0;
m_doc = parentSheet ? parentSheet->doc() : 0;
diff --git a/WebCore/css/CSSStyleSheet.h b/WebCore/css/CSSStyleSheet.h
index f534104..d4b353a 100644
--- a/WebCore/css/CSSStyleSheet.h
+++ b/WebCore/css/CSSStyleSheet.h
@@ -95,6 +95,8 @@ public:
void setIsUserStyleSheet(bool b) { m_isUserStyleSheet = b; }
bool isUserStyleSheet() const { return m_isUserStyleSheet; }
+ void setHasSyntacticallyValidCSSHeader(bool b) { m_hasSyntacticallyValidCSSHeader = b; }
+ bool hasSyntacticallyValidCSSHeader() const { return m_hasSyntacticallyValidCSSHeader; }
private:
CSSStyleSheet(Node* ownerNode, const String& href, const String& charset);
@@ -110,6 +112,7 @@ private:
bool m_loadCompleted : 1;
bool m_strictParsing : 1;
bool m_isUserStyleSheet : 1;
+ bool m_hasSyntacticallyValidCSSHeader : 1;
};
} // namespace
diff --git a/WebCore/dom/ProcessingInstruction.cpp b/WebCore/dom/ProcessingInstruction.cpp
index 60c5992..e4599dd 100644
--- a/WebCore/dom/ProcessingInstruction.cpp
+++ b/WebCore/dom/ProcessingInstruction.cpp
@@ -204,7 +204,10 @@ void ProcessingInstruction::setCSSStyleSheet(const String& url, const String& ch
#endif
RefPtr<CSSStyleSheet> newSheet = CSSStyleSheet::create(this, url, charset);
m_sheet = newSheet;
- parseStyleSheet(sheet->sheetText());
+ // We don't need the cross-origin security check here because we are
+ // getting the sheet text in "strict" mode. This enforces a valid CSS MIME
+ // type.
+ parseStyleSheet(sheet->sheetText(true));
newSheet->setTitle(m_title);
newSheet->setMedia(MediaList::create(newSheet.get(), m_media));
newSheet->setDisabled(m_alternate);
diff --git a/WebCore/html/HTMLLinkElement.cpp b/WebCore/html/HTMLLinkElement.cpp
index 6036184..c89ddf4 100644
--- a/WebCore/html/HTMLLinkElement.cpp
+++ b/WebCore/html/HTMLLinkElement.cpp
@@ -260,6 +260,8 @@ void HTMLLinkElement::setCSSStyleSheet(const String& url, const String& charset,
bool strictParsing = !document()->inCompatMode();
bool enforceMIMEType = strictParsing;
+ bool crossOriginCSS = false;
+ bool validMIMEType = false;
bool needsSiteSpecificQuirks = document()->page() && document()->page()->settings()->needsSiteSpecificQuirks();
// Check to see if we should enforce the MIME type of the CSS resource in strict mode.
@@ -275,9 +277,20 @@ void HTMLLinkElement::setCSSStyleSheet(const String& url, const String& charset,
}
#endif
- String sheetText = sheet->sheetText(enforceMIMEType);
+ String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
m_sheet->parseString(sheetText, strictParsing);
+ // If we're loading a stylesheet cross-origin, and the MIME type is not
+ // standard, require the CSS to at least start with a syntactically
+ // valid CSS rule.
+ // This prevents an attacker playing games by injecting CSS strings into
+ // HTML, XML, JSON, etc. etc.
+ if (!document()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
+ crossOriginCSS = true;
+
+ if (crossOriginCSS && !validMIMEType && !m_sheet->hasSyntacticallyValidCSSHeader())
+ m_sheet = CSSStyleSheet::create(this, url, charset);
+
if (strictParsing && needsSiteSpecificQuirks) {
// Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
diff --git a/WebCore/loader/CachedCSSStyleSheet.cpp b/WebCore/loader/CachedCSSStyleSheet.cpp
index 4c466fa..82b3551 100644
--- a/WebCore/loader/CachedCSSStyleSheet.cpp
+++ b/WebCore/loader/CachedCSSStyleSheet.cpp
@@ -71,11 +71,11 @@ String CachedCSSStyleSheet::encoding() const
return m_decoder->encoding().name();
}
-const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType) const
+const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType, bool* hasValidMIMEType) const
{
ASSERT(!isPurgeable());
- if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType))
+ if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType, hasValidMIMEType))
return String();
if (!m_decodedSheetText.isNull())
@@ -122,12 +122,12 @@ void CachedCSSStyleSheet::error()
checkNotify();
}
-bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType) const
+bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const
{
if (errorOccurred())
return false;
- if (!enforceMIMEType)
+ if (!enforceMIMEType && !hasValidMIMEType)
return true;
// This check exactly matches Firefox. Note that we grab the Content-Type
@@ -138,7 +138,12 @@ bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType) const
// This code defaults to allowing the stylesheet for non-HTTP protocols so
// folks can use standards mode for local HTML documents.
String mimeType = extractMIMETypeFromMediaType(response().httpHeaderField("Content-Type"));
- return mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type");
+ bool typeOK = mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type");
+ if (hasValidMIMEType)
+ *hasValidMIMEType = typeOK;
+ if (!enforceMIMEType)
+ return true;
+ return typeOK;
}
}
diff --git a/WebCore/loader/CachedCSSStyleSheet.h b/WebCore/loader/CachedCSSStyleSheet.h
index e782f2e..908c4c0 100644
--- a/WebCore/loader/CachedCSSStyleSheet.h
+++ b/WebCore/loader/CachedCSSStyleSheet.h
@@ -40,7 +40,7 @@ namespace WebCore {
CachedCSSStyleSheet(const String& URL, const String& charset);
virtual ~CachedCSSStyleSheet();
- const String sheetText(bool enforceMIMEType = true) const;
+ const String sheetText(bool enforceMIMEType = true, bool* hasValidMIMEType = 0) const;
virtual void didAddClient(CachedResourceClient*);
@@ -56,7 +56,7 @@ namespace WebCore {
void checkNotify();
private:
- bool canUseSheet(bool enforceMIMEType) const;
+ bool canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const;
protected:
RefPtr<TextResourceDecoder> m_decoder;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list