Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Jul 2015 00:42:50 +0000 (00:42 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Jul 2015 00:42:50 +0000 (00:42 +0000)
should be exempt from Content Security Policy
https://bugs.webkit.org/show_bug.cgi?id=144830
<rdar://problem/18860261>

Reviewed by Geoffrey Garen.

Source/WebCore:

Make scripts that run in an isolated world be subject to the Content Security Policy (CSP) of the page
and exempt features implemented using a user agent shadow DOM. As a side effect of this change,
Safari Content Extensions will respect the CSP policy of the page when loading subresources (e.g. an image).

Tests: http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
       http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html

* Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
* css/CSSCanvasValue.h:
(WebCore::CSSCanvasValue::loadSubimages): Modified to take argument ResourceLoaderOptions (unused).
* css/CSSCrossfadeValue.cpp:
(WebCore::CSSCrossfadeValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
the cross fade is applied to an element in a user agent shadow tree.
(WebCore::CSSCrossfadeValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
(WebCore::CSSCrossfadeValue::image): Explicitly instantiate default ResourceLoaderOptions and pass it
when requesting a cached image. Added FIXME comment to skip Content Security Policy check when the cross
fade is applied to an element in a user agent shadow tree.
* css/CSSCrossfadeValue.h:
* css/CSSCursorImageValue.cpp:
(WebCore::CSSCursorImageValue::cachedImage): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
* css/CSSCursorImageValue.h:
* css/CSSFilterImageValue.cpp:
(WebCore::CSSFilterImageValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
the cross fade is applied to an element in a user agent shadow tree.
(WebCore::CSSFilterImageValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
(WebCore::CSSFilterImageValue::loadSubimages): Explicitly instantiate default ResourceLoaderOptions and pass
pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
the cross fade is applied to an element in a user agent shadow tree.
(WebCore::CSSFilterImageValue::image):
* css/CSSFilterImageValue.h:
* css/CSSFontFaceSrcValue.cpp:
(WebCore::CSSFontFaceSrcValue::cachedFont): Take a boolean, isInitiatingElementInUserAgentShadowTree,
so as to determine the appropriate CSP imposition. In particular, we skip the CSP check when the initiating element
(e.g. SVG font-face element) is in a user agent shadow tree.
* css/CSSFontFaceSrcValue.h:
* css/CSSFontSelector.cpp:
(WebCore::CSSFontSelector::addFontFaceRule): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
it as appropriate.
* css/CSSFontSelector.h:
* css/CSSGradientValue.h:
(WebCore::CSSGradientValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
* css/CSSImageGeneratorValue.cpp:
(WebCore::CSSImageGeneratorValue::loadSubimages): Ditto.
(WebCore::CSSImageGeneratorValue::cachedImageForCSSValue): Ditto.
* css/CSSImageGeneratorValue.h:
* css/CSSImageSetValue.cpp:
(WebCore::CSSImageSetValue::cachedImageSet): Deleted.
* css/CSSImageSetValue.h:
* css/CSSImageValue.cpp:
(WebCore::CSSImageValue::cachedImage): Deleted.
* css/CSSImageValue.h:
* css/RuleSet.cpp:
(WebCore::RuleSet::addChildRules): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
it as appropriate.
(WebCore::RuleSet::addRulesFromSheet): Added FIXME comment to skip Content Security Policy check when
when stylesheet is in a user agent shadow tree.
* css/RuleSet.h:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::StyleResolver): Determine whether the SVG font-face element is in a user agent shadow tree
and pass the appropriate value when calling CSSFontSelector::addFontFaceRule(). Also, modernized code; used C++11 range
-based for-loop instead of const_iterator idiom.
(WebCore::StyleResolver::loadPendingSVGDocuments): Skip CSP check when requesting subresources as a byproduct of
resolving style for an element in a user agent shadow tree.
(WebCore::StyleResolver::loadPendingImage): Ditto.
(WebCore::StyleResolver::loadPendingShapeImage): Ditto.
* css/StyleRuleImport.cpp:
(WebCore::StyleRuleImport::requestStyleSheet): Added FIXME comment to skip Content Security Policy check when
when stylesheet is in a user agent shadow tree.
* dom/Element.h:
* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet): Skip CSP check for an inline <style> that is in a user agent shadow tree.
* dom/Node.cpp:
(WebCore::Node::isInUserAgentShadowTree): Added.
* dom/Node.h:
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::requestScript): Skip CSP check for an external JavaScript script in a user agent shadow tree.
(WebCore::ScriptElement::executeScript): Skip CSP check for an inline JavaScript script that is in a user agent shadow tree.
* dom/StyledElement.cpp:
(WebCore::StyledElement::styleAttributeChanged): Skip CSP check when modifying the inline style of an element in a user
agent shadow tree.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::isSafeToLoadURL): Skip CSP check for a <audio>, <video> in a user agent shadow tree.
(WebCore::HTMLMediaElement::outOfBandTrackSources): Ditto.
* html/HTMLTrackElement.cpp:
(WebCore::HTMLTrackElement::canLoadURL): Ditto.
* html/track/LoadableTextTrack.cpp:
(WebCore::LoadableTextTrack::loadTimerFired): Determine whether the <track> is in a user agent shadow tree
and pass the appropriate value when calling TextTrackLoader::load().
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::startLoadingMainResource): Do CSP check when loading a resource by default.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement): Skip CSP check for an image that is in a user agent shadow tree.
* loader/MediaResourceLoader.cpp:
(WebCore::MediaResourceLoader::start): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
* loader/NetscapePlugInStreamLoader.cpp:
(WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Added FIXME comment to skip Content Security Policy check
when when associated plugin element is in a user agent shadow tree.
* loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy): Skip CSP check for a <iframe> in a user agent shadow tree.
* loader/ResourceLoaderOptions.h: Defined enum class ContentSecurityPolicyImposition with explicit type uint8_t so
as to provide a hint to the compiler (for better packing) when it computes the memory layout for struct that
contains an instance of this class.
(WebCore::ResourceLoaderOptions::ResourceLoaderOptions): Added argument contentSecurityPolicyImposition.
(WebCore::ResourceLoaderOptions::contentSecurityPolicyImposition): Added.
(WebCore::ResourceLoaderOptions::setContentSecurityPolicyImposition): Added.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::pluginIsLoadable): Skip CSP check for a plugin element that is in a user agent shadow tree.
(WebCore::SubframeLoader::createJavaAppletWidget): Skip CSP check for an applet element that is in a user agent shadow tree.
* loader/TextTrackLoader.cpp:
(WebCore::TextTrackLoader::load): Take a boolean, isInitiatingElementInUserAgentShadowTree, and sets the appropriate
Content Security Policy imposition for the text track request.
* loader/TextTrackLoader.h:
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Skip CSP check for a user-specified stylesheet.
(WebCore::CachedResourceLoader::canRequest): Only check the CSP of the page if specified in the resource loader options for the request.
(WebCore::CachedResourceLoader::defaultCachedResourceOptions): Add ContentSecurityPolicyImposition::DoPolicyCheck to the default
resource loader options so that do check the CSP policy of the page before performing a resource request by default.
* loader/cache/CachedSVGDocumentReference.cpp:
(WebCore::CachedSVGDocumentReference::load): Take a ResourceLoaderOptions as an argument and passes it as appropriate.
* loader/cache/CachedSVGDocumentReference.h:
* loader/icon/IconLoader.cpp:
(WebCore::IconLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
* page/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Take an argument called overrideContentSecurityPolicy (defaults to false). When
overrideContentSecurityPolicy := true, this function unconditionally returns true.
(WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
(WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
(WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
(WebCore::ContentSecurityPolicy::allowEval): Ditto.
(WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
(WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
(WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
* page/ContentSecurityPolicy.h:
* page/DOMSecurityPolicy.cpp:
* page/EventSource.cpp:
(WebCore::EventSource::create): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
(WebCore::WebCoreAVFResourceLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
* svg/SVGFEImageElement.cpp:
(WebCore::SVGFEImageElement::requestImageResource): Skip CSP check for a SVG FEImage element in a user agent shadow tree.
* svg/SVGFontFaceUriElement.cpp:
(WebCore::SVGFontFaceUriElement::loadFont): Skip CSP check for a SVG font-face-uri element in a user agent shadow tree.
* svg/SVGUseElement.cpp:
(WebCore::SVGUseElement::updateExternalDocument): Skip CSP check for a SVG use element in a user agent shadow tree.
* testing/Internals.cpp:
(WebCore::Internals::ensureUserAgentShadowRoot): Added.
* testing/Internals.h:
* testing/Internals.idl: Added declaration for ensureUserAgentShadowRoot().
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().

LayoutTests:

Add tests to ensure that we exempt nodes in a user agent shadow tree from the Content Security Policy (CSP) of the page.

Updated test LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html to ensure that
we do not bypass the CSP of the page for a script that executes in an isolated world and renamed the
file image-load-should-not-bypass-main-world-csp.html.

* http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js: Added.
* http/tests/security/contentSecurityPolicy/resources/wait-until-done.js: Added.
(alertAndDone):
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js: Added.
(window.onload):
(testPassed):
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html: Added.
* http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt.
* http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@186388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

118 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt [moved from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt with 56% similarity]
LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html [moved from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html with 97% similarity]
Source/WebCore/ChangeLog
Source/WebCore/Modules/websockets/WebSocket.cpp
Source/WebCore/css/CSSCanvasValue.h
Source/WebCore/css/CSSCrossfadeValue.cpp
Source/WebCore/css/CSSCrossfadeValue.h
Source/WebCore/css/CSSCursorImageValue.cpp
Source/WebCore/css/CSSCursorImageValue.h
Source/WebCore/css/CSSFilterImageValue.cpp
Source/WebCore/css/CSSFilterImageValue.h
Source/WebCore/css/CSSFontFaceSrcValue.cpp
Source/WebCore/css/CSSFontFaceSrcValue.h
Source/WebCore/css/CSSFontSelector.cpp
Source/WebCore/css/CSSFontSelector.h
Source/WebCore/css/CSSGradientValue.h
Source/WebCore/css/CSSImageGeneratorValue.cpp
Source/WebCore/css/CSSImageGeneratorValue.h
Source/WebCore/css/CSSImageSetValue.cpp
Source/WebCore/css/CSSImageSetValue.h
Source/WebCore/css/CSSImageValue.cpp
Source/WebCore/css/CSSImageValue.h
Source/WebCore/css/RuleSet.cpp
Source/WebCore/css/RuleSet.h
Source/WebCore/css/StyleResolver.cpp
Source/WebCore/css/StyleRuleImport.cpp
Source/WebCore/dom/Element.h
Source/WebCore/dom/InlineStyleSheetOwner.cpp
Source/WebCore/dom/Node.cpp
Source/WebCore/dom/Node.h
Source/WebCore/dom/ScriptElement.cpp
Source/WebCore/dom/StyledElement.cpp
Source/WebCore/html/HTMLMediaElement.cpp
Source/WebCore/html/HTMLTrackElement.cpp
Source/WebCore/html/track/LoadableTextTrack.cpp
Source/WebCore/loader/DocumentLoader.cpp
Source/WebCore/loader/ImageLoader.cpp
Source/WebCore/loader/MediaResourceLoader.cpp
Source/WebCore/loader/NetscapePlugInStreamLoader.cpp
Source/WebCore/loader/PolicyChecker.cpp
Source/WebCore/loader/ResourceLoaderOptions.h
Source/WebCore/loader/SubframeLoader.cpp
Source/WebCore/loader/TextTrackLoader.cpp
Source/WebCore/loader/TextTrackLoader.h
Source/WebCore/loader/cache/CachedResourceLoader.cpp
Source/WebCore/loader/cache/CachedSVGDocumentReference.cpp
Source/WebCore/loader/cache/CachedSVGDocumentReference.h
Source/WebCore/loader/icon/IconLoader.cpp
Source/WebCore/page/ContentSecurityPolicy.cpp
Source/WebCore/page/ContentSecurityPolicy.h
Source/WebCore/page/DOMSecurityPolicy.cpp
Source/WebCore/page/EventSource.cpp
Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm
Source/WebCore/svg/SVGFEImageElement.cpp
Source/WebCore/svg/SVGFontFaceUriElement.cpp
Source/WebCore/svg/SVGUseElement.cpp
Source/WebCore/testing/Internals.cpp
Source/WebCore/testing/Internals.h
Source/WebCore/testing/Internals.idl
Source/WebCore/xml/XMLHttpRequest.cpp

index 60bd25e..744ba3f 100644 (file)
@@ -1,3 +1,81 @@
+2015-07-06  Daniel Bates  <dabates@apple.com>
+
+        Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
+        should be exempt from Content Security Policy
+        https://bugs.webkit.org/show_bug.cgi?id=144830
+        <rdar://problem/18860261>
+
+        Reviewed by Geoffrey Garen.
+
+        Add tests to ensure that we exempt nodes in a user agent shadow tree from the Content Security Policy (CSP) of the page.
+
+        Updated test LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html to ensure that
+        we do not bypass the CSP of the page for a script that executes in an isolated world and renamed the
+        file image-load-should-not-bypass-main-world-csp.html.
+
+        * http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js: Added.
+        * http/tests/security/contentSecurityPolicy/resources/wait-until-done.js: Added.
+        (alertAndDone):
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js: Added.
+        (window.onload):
+        (testPassed):
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html: Added.
+        * http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt.
+        * http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html.
+
 2015-07-06  Saam barati  <saambarati1@gmail.com>
 
         JSC's parser should follow the ES6 spec with respect to parsing Declarations
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js
new file mode 100644 (file)
index 0000000..b26c5c4
--- /dev/null
@@ -0,0 +1,3 @@
+alert("PASS");
+if (window.testRunner)
+    testRunner.notifyDone();
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js
new file mode 100644 (file)
index 0000000..a37f76f
--- /dev/null
@@ -0,0 +1,9 @@
+if (window.testRunner)
+    testRunner.waitUntilDone();
+
+function alertAndDone(message)
+{
+    alert(message);
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt
new file mode 100644 (file)
index 0000000..899137e
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML audio element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS did load audio metadata.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
new file mode 100644 (file)
index 0000000..6f0118d
--- /dev/null
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML audio element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var audio = document.createElement("audio");
+    userAgentShadowRoot.appendChild(audio);
+
+    audio.onloadedmetadata = function () {
+        log("PASS did load audio metadata.");
+        testRunner.notifyDone();
+    }
+    audio.onerror = function () {
+        log("FAIL did not load audio metadata.");
+        testRunner.notifyDone();
+    }
+    audio.src = "http://localhost:8000/resources/balls-of-the-orient.aif";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt
new file mode 100644 (file)
index 0000000..e0c9995
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a background image when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
new file mode 100644 (file)
index 0000000..9c2e1a9
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a background image when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { background-image: url(../../resources/abe.png); }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt
new file mode 100644 (file)
index 0000000..59d132b
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image for a cursor when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
new file mode 100644 (file)
index 0000000..e0351ab
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image for a cursor when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { cursor: url(../../resources/abe.png); }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt
new file mode 100644 (file)
index 0000000..8b41165
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a SVG filter image when the page has CSP policy: img-src 'none'.
+
+PASS SVG filter image did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
new file mode 100644 (file)
index 0000000..edf87fa
--- /dev/null
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a SVG filter image when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        log("PASS SVG filter image did load.");
+        testRunner.notifyDone();
+    }
+    image.onerror = function () {
+        log("FAIL SVG filter image did not load.");
+        testRunner.notifyDone();
+    }
+
+    image.style.webkitFilter = "url(resources/floodGreenFilter.svg#filter)";
+    image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt
new file mode 100644 (file)
index 0000000..9e58b86
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image set when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
new file mode 100644 (file)
index 0000000..fe38564
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image set when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { background-image: -webkit-image-set(url(../../resources/abe.png) 1x, url(../../resources/abe.png) 2x) }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt
new file mode 100644 (file)
index 0000000..214c388
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a HTML embed element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: object-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
new file mode 100644 (file)
index 0000000..cd557b7
--- /dev/null
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'">
+<script src="/js-test-resources/plugin.js"></script>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a HTML embed element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: <code>object-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var object = document.createElement("embed");
+    object.type = "application/x-webkit-test-netscape";
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    userAgentShadowRoot.appendChild(object);
+    runAfterPluginLoad(null, NotifyDone);
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt
new file mode 100644 (file)
index 0000000..e9e3183
--- /dev/null
@@ -0,0 +1,4 @@
+ALERT: PASS
+Tests that a external JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: script-src 'unsafe-inline'.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
new file mode 100644 (file)
index 0000000..c186eed
--- /dev/null
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a external JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>script-src 'unsafe-inline'</code>.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var script = document.createElement("script");
+    userAgentShadowRoot.appendChild(script);
+
+    script.onerror = function () {
+        alert("FAIL script did not load.");
+        testRunner.notifyDone();
+    }
+    script.src = "http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt
new file mode 100644 (file)
index 0000000..9967a75
--- /dev/null
@@ -0,0 +1,4 @@
+ALERT: PASS iframe did load.
+Tests that a HTML iframe element, in a user agent shadow tree, is allowed to load when the page has CSP policy: frame-src 'none'. This test FAILED if it timesout.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
new file mode 100644 (file)
index 0000000..bb0c648
--- /dev/null
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML iframe element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>frame-src 'none'</code>. This test FAILED if it timesout.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var iframe = document.createElement("iframe");
+    userAgentShadowRoot.appendChild(iframe);
+
+    iframe.onload = function () { 
+        alert("PASS iframe did load.");
+        // The content document of the HTML iframe will call testRunner.notifyDone().
+    }
+    iframe.src = "http://127.0.0.1:8000/resources/notify-done.html";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt
new file mode 100644 (file)
index 0000000..46cd6c2
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML image element, in a user agent shadow tree, is allowed to load an image resource that has been temporarily moved when the page has CSP policy: img-src 'none'.
+
+PASS image did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
new file mode 100644 (file)
index 0000000..c262c79
--- /dev/null
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML image element, in a user agent shadow tree, is allowed to load an image resource that has been temporarily moved when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        log("PASS image did load.");
+        testRunner.notifyDone();
+    }
+    image.onerror = function () {
+        log("FAIL image did not load.");
+        testRunner.notifyDone();
+    }
+    // HTTP 307 temporary redirect to <http://127.0.0.1:8000/security/resources/abe.png>.
+    image.src = "http://localhost:8000/resources/redirect.php?code=307&url=/security/resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt
new file mode 100644 (file)
index 0000000..9ea52ad
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML image element, in a user agent shadow tree, is allowed to load when the page has CSP policy: img-src 'none'.
+
+PASS image did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
new file mode 100644 (file)
index 0000000..badfbd9
--- /dev/null
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML image element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        log("PASS image did load.");
+        testRunner.notifyDone();
+    }
+    image.onerror = function () {
+        log("FAIL image did not load.");
+        testRunner.notifyDone();
+    }
+    image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt
new file mode 100644 (file)
index 0000000..6561d9a
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: script-src 'self'.
+
+PASS did execute inline script.
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
new file mode 100644 (file)
index 0000000..274b3b0
--- /dev/null
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
+<script src="resources/allow-inline-script.js"></script>
+</head>
+<body>
+<p>Tests that an inline JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>script-src 'self'</code>.</p>
+<div id="shadow-host"></div>
+<p id="result">FAIL did not execute inline script.</p>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt
new file mode 100644 (file)
index 0000000..01a28e1
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that the CSS style of an element, in a user agent shadow tree, can be modified via the HTML style attribute when the page has CSP policy: style-src 'none'.
+
+PASS modified CSS style of element.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
new file mode 100644 (file)
index 0000000..4623f53
--- /dev/null
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that the CSS style of an element, in a user agent shadow tree, can be modified via the HTML style attribute when the page has CSP policy: <code>style-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var div = document.createElement("div");
+    userAgentShadowRoot.appendChild(div);
+
+    var expectedColor = "green";
+    div.setAttribute("style", "background-color: " + expectedColor);
+
+    if (div.style.backgroundColor === expectedColor)
+        log("PASS modified CSS style of element.");
+    else
+        log("FAIL background-style of element should be " + expectedColor + ". Was " + div.style.backgroundColor + ".");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt
new file mode 100644 (file)
index 0000000..2cbb64d
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load when the page has CSP policy: style-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
new file mode 100644 (file)
index 0000000..09a13fd
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>style-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { display: none; }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt
new file mode 100644 (file)
index 0000000..6ab4c42
--- /dev/null
@@ -0,0 +1,4 @@
+ALERT: PASS user agent object loaded.
+Tests that a HTML object element, in a user agent shadow tree, is allowed to load markup when the page has CSP policy: frame-src 'none'. This test FAILED if it timesout.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt
new file mode 100644 (file)
index 0000000..667c708
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a HTML object element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: object-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
new file mode 100644 (file)
index 0000000..ab8e32c
--- /dev/null
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'">
+<script src="/js-test-resources/plugin.js"></script>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a HTML object element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: <code>object-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var object = document.createElement("object");
+    object.type = "application/x-webkit-test-netscape";
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    userAgentShadowRoot.appendChild(object);
+
+    runAfterPluginLoad(null, NotifyDone);
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
new file mode 100644 (file)
index 0000000..5b002cd
--- /dev/null
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML object element, in a user agent shadow tree, is allowed to load markup when the page has CSP policy: <code>frame-src 'none'</code>. This test FAILED if it timesout.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var object = document.createElement("object");
+    userAgentShadowRoot.appendChild(object);
+
+    object.type = "text/html";
+    object.onload = function () { 
+        alert("PASS user agent object loaded.");
+        // The content document of the HTML object will call testRunner.notifyDone().
+    }
+    object.data = "http://localhost:8000/resources/notify-done.html";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt
new file mode 100644 (file)
index 0000000..f07649f
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a SVG feImage element, in a user agent shadow tree, is allowed to load an external image when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
new file mode 100644 (file)
index 0000000..8c6dbb3
--- /dev/null
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG feImage element, in a user agent shadow tree, is allowed to load an external image when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var svgElement = document.createElementNS("http://www.w3.org/2000/svg", "svg");
+    userAgentShadowRoot.appendChild(svgElement);
+    var filterElement = document.createElementNS("http://www.w3.org/2000/svg", "filter");
+    svgElement.appendChild(filterElement);
+    var feImageElement = document.createElementNS("http://www.w3.org/2000/svg", "feImage");
+    filterElement.appendChild(feImageElement);
+
+    feImageElement.setAttributeNS("http://www.w3.org/1999/xlink", "href", "../../resources/abe.png");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt
new file mode 100644 (file)
index 0000000..03d2e54
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a SVG font-face element, in a user agent shadow tree, is allowed to load an external SVG font when the page has CSP policy: font-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
new file mode 100644 (file)
index 0000000..21e6bbd
--- /dev/null
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="font-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG font-face element, in a user agent shadow tree, is allowed to load an external SVG font when the page has CSP policy: <code>font-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<svg id="shadow-host" viewBox="0 0 100 100">
+</svg>
+<script>
+function runTest()
+{
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var fontFace = document.createElementNS("http://www.w3.org/2000/svg", "font-face");
+    userAgentShadowRoot.appendChild(fontFace);
+    var fontFaceSrc = document.createElementNS("http://www.w3.org/2000/svg", "font-face-src");
+    fontFace.appendChild(fontFaceSrc);
+    var fontFaceURI = document.createElementNS("http://www.w3.org/2000/svg", "font-face-uri");
+    fontFaceSrc.appendChild(fontFaceURI);
+
+    fontFace.setAttributeNS(null, "font-family", "ABCFont");
+    fontFaceURI.setAttributeNS("http://www.w3.org/1999/xlink", "href", "resources/ABCFont.svg#ABCFont");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt
new file mode 100644 (file)
index 0000000..582893c
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a SVG Use element, in a user agent shadow tree, is allowed to load an external SVG document when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
new file mode 100644 (file)
index 0000000..c5db7a7
--- /dev/null
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG Use element, in a user agent shadow tree, is allowed to load an external SVG document when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var svgElement = document.createElementNS("http://www.w3.org/2000/svg", "svg");
+    userAgentShadowRoot.appendChild(svgElement);
+    var useElement = document.createElementNS("http://www.w3.org/2000/svg", "use");
+    svgElement.appendChild(useElement);
+
+    useElement.setAttributeNS("http://www.w3.org/1999/xlink", "href", "resources/allow-svg-use-element.svg#blue-square");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt
new file mode 100644 (file)
index 0000000..9fc5be9
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML track element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS track did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
new file mode 100644 (file)
index 0000000..5e35e31
--- /dev/null
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML track element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var video = document.createElement("video");
+    userAgentShadowRoot.appendChild(video);
+    var track = document.createElement("track");
+    video.appendChild(track);
+
+    track.track.mode = "hidden";
+    track.kind = "captions";
+    track.onload = function () { 
+        log("PASS track did load.");
+        testRunner.notifyDone();
+    }
+    track.onerror = function () {
+        log("FAIL track did not load.");
+        testRunner.notifyDone();
+    }
+    track.src = "../resources/track.vtt";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt
new file mode 100644 (file)
index 0000000..fbd4906
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML video element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS did load video metadata.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
new file mode 100644 (file)
index 0000000..7537162
--- /dev/null
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML video element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var video = document.createElement("video");
+    userAgentShadowRoot.appendChild(video);
+
+    video.onloadedmetadata = function () { 
+        log("PASS did load video metadata.");
+        testRunner.notifyDone();
+    }
+    video.onerror = function () {
+        log("FAIL did not load video metadata.");
+        testRunner.notifyDone();
+    }
+    video.src = "http://127.0.0.1:8000/resources/test.mp4";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt
new file mode 100644 (file)
index 0000000..604c952
--- /dev/null
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+Tests that we prevent the document from loading an image that was loaded earlier from a user agent shadow tree. This test can only be run in the test tool. This test PASSED if you see the word PASS below and there is exactly one Content Security Policy console message about a blocked image load.
+
+PASS image was not loaded by document.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
new file mode 100644 (file)
index 0000000..653d9ab
--- /dev/null
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that we prevent the document from loading an image that was loaded earlier from a user agent shadow tree. This test can only be run in the test tool. This test PASSED if you see the word PASS below and there is exactly one Content Security Policy console message about a blocked image load.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        // Load image again in document; should be prevented by Content Security Policy.
+        var unprivilegedImage = new Image;
+        unprivilegedImage.src = "../../resources/abe.png";
+        unprivilegedImage.onload = function () {
+            log("FAIL image should not have been loaded by document. But it was loaded.");
+            testRunner.notifyDone();
+        }
+        unprivilegedImage.onerror = function () {
+            log("PASS image was not loaded by document.");
+            testRunner.notifyDone();
+        }
+    }
+    image.onerror = function () {
+        log("FAIL image did not load.");
+        testRunner.notifyDone();
+    }
+    image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt
new file mode 100644 (file)
index 0000000..e362d9d
--- /dev/null
@@ -0,0 +1,2 @@
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.  
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
new file mode 100644 (file)
index 0000000..ac532b6
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://127.0.0.1:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('PASS')" onerror="alertAndDone('FAIL')"></object>
+<video controls></video>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt
new file mode 100644 (file)
index 0000000..ac3e9d5
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS. 
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
new file mode 100644 (file)
index 0000000..497521a
--- /dev/null
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')">
+    <video controls></video>
+</object>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt
new file mode 100644 (file)
index 0000000..75d0e3d
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.  
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
new file mode 100644 (file)
index 0000000..8db07cc
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')"></object>
+<video controls></video>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt
new file mode 100644 (file)
index 0000000..75d0e3d
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.  
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
new file mode 100644 (file)
index 0000000..1699132
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')"></object>
+<video></video>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg
new file mode 100644 (file)
index 0000000..cdb72b9
--- /dev/null
@@ -0,0 +1,35 @@
+<?xml version="1.0"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <defs>
+        <!-- Based on DejaVu Serif (http://dejavu-fonts.org/wiki/index.php?title=License) -->
+        <font id="ABCFont" horiz-adv-x="1716">
+            <font-face
+                font-family="DejaVu Serif"
+                font-weight="400"
+                font-stretch="normal"
+                units-per-em="2048"
+                panose-1="2 6 6 3 5 6 5 2 2 4"
+                ascent="1556"
+                descent="-492"
+                x-height="1063"
+                cap-height="1493"
+                bbox="-1576 -710 3439 2544"
+                underline-thickness="90"
+                underline-position="-85"
+                unicode-range="U+0020-U+1D7E1"
+            />
+
+            <missing-glyph horiz-adv-x="1229" d="M102 -362v1806h1024v-1806h-1024zM217 -248h795v1577h-795v-1577z" />
+
+            <glyph glyph-name="space" unicode=" " horiz-adv-x="651" />
+
+            <glyph glyph-name="a" unicode="a" horiz-adv-x="1221"
+                d="M815 334v225h-237q-137 0 -204 -59t-67 -181q0 -111 68 -176t184 -65q115 0 185.5 71t70.5 185zM999 664v-558h164v-106h-348v115q-61 -74 -141 -109t-187 -35q-177 0 -281 94t-104 254q0 165 119 256t336 91h258v73q0 121 -73.5 187.5t-206.5 66.5q-110 0 -175 -50t-81 -148h-95v215q96 41 186.5 61.5t176.5 20.5q221 0 336.5 -109.5t115.5 -318.5z" />
+            <glyph glyph-name="b" unicode="b" horiz-adv-x="1311"
+                d="M236 106v1344h-177v106h361v-659q54 100 137.5 147.5t206.5 47.5q196 0 320 -155t124 -405t-124 -405.5t-320 -155.5q-123 0 -206.5 47.5t-137.5 147.5v-166h-361v106h177zM420 479q0 -192 73.5 -292.5t213.5 -100.5q141 0 213.5 113t72.5 333q0 221 -72.5 333t-213.5 112q-140 0 -213.5 -101t-73.5 -292v-105z" />
+            <glyph glyph-name="c" unicode="c" horiz-adv-x="1147"
+                d="M1053 319q-39 -170 -150 -259t-287 -89q-232 0 -373 153.5t-141 407.5q0 255 141 407.5t373 152.5q101 0 201 -23.5t201 -71.5v-272h-107q-21 140 -91.5 204t-201.5 64q-149 0 -225 -115.5t-76 -345.5t75.5 -346t225.5 -116q119 0 190 62t97 187h148z" />
+            <glyph glyph-name="ellipsis" unicode="&#x2026;" horiz-adv-x="1638" d="M133 0v268h279v-268h-279zM680 0v268h278v-268h-278zM1225 0v268h278v-268h-278z" />
+        </font>
+    </defs>
+</svg>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js
new file mode 100644 (file)
index 0000000..fd50858
--- /dev/null
@@ -0,0 +1,19 @@
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+window.onload = function ()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var script = document.createElement("script");
+    userAgentShadowRoot.appendChild(script);
+
+    script.textContent = "testPassed()";
+}
+
+function testPassed()
+{
+    document.getElementById("result").textContent = "PASS did execute inline script.";
+}
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg
new file mode 100644 (file)
index 0000000..2c9ea37
--- /dev/null
@@ -0,0 +1,7 @@
+<svg width="0" height="0" xmlns="http://www.w3.org/2000/svg" version="1.1">
+  <defs>
+    <filter id="filter">
+      <feFlood flood-color="green"/>
+    </filter>
+  </defs>
+</svg>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt
new file mode 100644 (file)
index 0000000..42ef321
--- /dev/null
@@ -0,0 +1,3 @@
+This test passed if there are no console error messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
new file mode 100644 (file)
index 0000000..1222d6f
--- /dev/null
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+</head>
+<body>
+<p>This test passed if there are no console error messages.</p>
+<video controls></video>
+</body>
+</html>
@@ -1,11 +1,13 @@
 CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
 
 ALERT: BLOCKED in main world
-ALERT: LOADED in isolated world
+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+ALERT: BLOCKED in isolated world
 CONSOLE MESSAGE: line 38: EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
 
 ALERT: BLOCKED eval() in main world
 ALERT: Called eval() in isolated world
-This test ensures that scripts run in isolated worlds aren't affected by the page's content security policy. Extensions, for example, should be able to load any resource they like.
+This test ensures that scripts run in isolated worlds are affected by the page's content security policy. Extensions, for example, should not be able to load any resource they like.
 
 
@@ -63,9 +63,9 @@
 </head>
 <body onload='test();'>
     <p>
-        This test ensures that scripts run in isolated worlds aren't affected
+        This test ensures that scripts run in isolated worlds are affected
         by the page's content security policy. Extensions, for example, should
-        be able to load any resource they like.
+        not be able to load any resource they like.
     </p>
 </body>
 </html>
index ecb5d79..a549bed 100644 (file)
@@ -1,3 +1,206 @@
+2015-07-06  Daniel Bates  <dabates@apple.com>
+
+        Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
+        should be exempt from Content Security Policy
+        https://bugs.webkit.org/show_bug.cgi?id=144830
+        <rdar://problem/18860261>
+
+        Reviewed by Geoffrey Garen.
+
+        Make scripts that run in an isolated world be subject to the Content Security Policy (CSP) of the page
+        and exempt features implemented using a user agent shadow DOM. As a side effect of this change,
+        Safari Content Extensions will respect the CSP policy of the page when loading subresources (e.g. an image).
+
+        Tests: http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
+               http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html
+
+        * Modules/websockets/WebSocket.cpp:
+        (WebCore::WebSocket::connect): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+        * css/CSSCanvasValue.h:
+        (WebCore::CSSCanvasValue::loadSubimages): Modified to take argument ResourceLoaderOptions (unused).
+        * css/CSSCrossfadeValue.cpp:
+        (WebCore::CSSCrossfadeValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
+        pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+        the cross fade is applied to an element in a user agent shadow tree.
+        (WebCore::CSSCrossfadeValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        (WebCore::CSSCrossfadeValue::image): Explicitly instantiate default ResourceLoaderOptions and pass it
+        when requesting a cached image. Added FIXME comment to skip Content Security Policy check when the cross
+        fade is applied to an element in a user agent shadow tree.
+        * css/CSSCrossfadeValue.h:
+        * css/CSSCursorImageValue.cpp:
+        (WebCore::CSSCursorImageValue::cachedImage): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        * css/CSSCursorImageValue.h:
+        * css/CSSFilterImageValue.cpp:
+        (WebCore::CSSFilterImageValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
+        pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+        the cross fade is applied to an element in a user agent shadow tree.
+        (WebCore::CSSFilterImageValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        (WebCore::CSSFilterImageValue::loadSubimages): Explicitly instantiate default ResourceLoaderOptions and pass
+        pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+        the cross fade is applied to an element in a user agent shadow tree.
+        (WebCore::CSSFilterImageValue::image):
+        * css/CSSFilterImageValue.h:
+        * css/CSSFontFaceSrcValue.cpp:
+        (WebCore::CSSFontFaceSrcValue::cachedFont): Take a boolean, isInitiatingElementInUserAgentShadowTree,
+        so as to determine the appropriate CSP imposition. In particular, we skip the CSP check when the initiating element
+        (e.g. SVG font-face element) is in a user agent shadow tree.
+        * css/CSSFontFaceSrcValue.h:
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::addFontFaceRule): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
+        it as appropriate.
+        * css/CSSFontSelector.h:
+        * css/CSSGradientValue.h:
+        (WebCore::CSSGradientValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        * css/CSSImageGeneratorValue.cpp:
+        (WebCore::CSSImageGeneratorValue::loadSubimages): Ditto.
+        (WebCore::CSSImageGeneratorValue::cachedImageForCSSValue): Ditto.
+        * css/CSSImageGeneratorValue.h:
+        * css/CSSImageSetValue.cpp:
+        (WebCore::CSSImageSetValue::cachedImageSet): Deleted.
+        * css/CSSImageSetValue.h:
+        * css/CSSImageValue.cpp:
+        (WebCore::CSSImageValue::cachedImage): Deleted.
+        * css/CSSImageValue.h:
+        * css/RuleSet.cpp:
+        (WebCore::RuleSet::addChildRules): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
+        it as appropriate.
+        (WebCore::RuleSet::addRulesFromSheet): Added FIXME comment to skip Content Security Policy check when
+        when stylesheet is in a user agent shadow tree.
+        * css/RuleSet.h:
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::StyleResolver): Determine whether the SVG font-face element is in a user agent shadow tree
+        and pass the appropriate value when calling CSSFontSelector::addFontFaceRule(). Also, modernized code; used C++11 range
+        -based for-loop instead of const_iterator idiom.
+        (WebCore::StyleResolver::loadPendingSVGDocuments): Skip CSP check when requesting subresources as a byproduct of
+        resolving style for an element in a user agent shadow tree.
+        (WebCore::StyleResolver::loadPendingImage): Ditto.
+        (WebCore::StyleResolver::loadPendingShapeImage): Ditto.
+        * css/StyleRuleImport.cpp:
+        (WebCore::StyleRuleImport::requestStyleSheet): Added FIXME comment to skip Content Security Policy check when
+        when stylesheet is in a user agent shadow tree.
+        * dom/Element.h:
+        * dom/InlineStyleSheetOwner.cpp:
+        (WebCore::InlineStyleSheetOwner::createSheet): Skip CSP check for an inline <style> that is in a user agent shadow tree.
+        * dom/Node.cpp:
+        (WebCore::Node::isInUserAgentShadowTree): Added.
+        * dom/Node.h:
+        * dom/ScriptElement.cpp:
+        (WebCore::ScriptElement::requestScript): Skip CSP check for an external JavaScript script in a user agent shadow tree.
+        (WebCore::ScriptElement::executeScript): Skip CSP check for an inline JavaScript script that is in a user agent shadow tree.
+        * dom/StyledElement.cpp:
+        (WebCore::StyledElement::styleAttributeChanged): Skip CSP check when modifying the inline style of an element in a user
+        agent shadow tree.
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::isSafeToLoadURL): Skip CSP check for a <audio>, <video> in a user agent shadow tree.
+        (WebCore::HTMLMediaElement::outOfBandTrackSources): Ditto.
+        * html/HTMLTrackElement.cpp:
+        (WebCore::HTMLTrackElement::canLoadURL): Ditto.
+        * html/track/LoadableTextTrack.cpp:
+        (WebCore::LoadableTextTrack::loadTimerFired): Determine whether the <track> is in a user agent shadow tree
+        and pass the appropriate value when calling TextTrackLoader::load().
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::startLoadingMainResource): Do CSP check when loading a resource by default.
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageLoader::updateFromElement): Skip CSP check for an image that is in a user agent shadow tree.
+        * loader/MediaResourceLoader.cpp:
+        (WebCore::MediaResourceLoader::start): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+        This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+        * loader/NetscapePlugInStreamLoader.cpp:
+        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Added FIXME comment to skip Content Security Policy check
+        when when associated plugin element is in a user agent shadow tree.
+        * loader/PolicyChecker.cpp:
+        (WebCore::PolicyChecker::checkNavigationPolicy): Skip CSP check for a <iframe> in a user agent shadow tree.
+        * loader/ResourceLoaderOptions.h: Defined enum class ContentSecurityPolicyImposition with explicit type uint8_t so
+        as to provide a hint to the compiler (for better packing) when it computes the memory layout for struct that
+        contains an instance of this class.
+        (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): Added argument contentSecurityPolicyImposition.
+        (WebCore::ResourceLoaderOptions::contentSecurityPolicyImposition): Added.
+        (WebCore::ResourceLoaderOptions::setContentSecurityPolicyImposition): Added.
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::pluginIsLoadable): Skip CSP check for a plugin element that is in a user agent shadow tree.
+        (WebCore::SubframeLoader::createJavaAppletWidget): Skip CSP check for an applet element that is in a user agent shadow tree.
+        * loader/TextTrackLoader.cpp:
+        (WebCore::TextTrackLoader::load): Take a boolean, isInitiatingElementInUserAgentShadowTree, and sets the appropriate
+        Content Security Policy imposition for the text track request.
+        * loader/TextTrackLoader.h:
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Skip CSP check for a user-specified stylesheet.
+        (WebCore::CachedResourceLoader::canRequest): Only check the CSP of the page if specified in the resource loader options for the request.
+        (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Add ContentSecurityPolicyImposition::DoPolicyCheck to the default
+        resource loader options so that do check the CSP policy of the page before performing a resource request by default.
+        * loader/cache/CachedSVGDocumentReference.cpp:
+        (WebCore::CachedSVGDocumentReference::load): Take a ResourceLoaderOptions as an argument and passes it as appropriate.
+        * loader/cache/CachedSVGDocumentReference.h:
+        * loader/icon/IconLoader.cpp:
+        (WebCore::IconLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+        This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Take an argument called overrideContentSecurityPolicy (defaults to false). When
+        overrideContentSecurityPolicy := true, this function unconditionally returns true.
+        (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
+        (WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
+        (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
+        (WebCore::ContentSecurityPolicy::allowEval): Ditto.
+        (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
+        (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
+        (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
+        * page/ContentSecurityPolicy.h:
+        * page/DOMSecurityPolicy.cpp:
+        * page/EventSource.cpp:
+        (WebCore::EventSource::create): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
+        (WebCore::WebCoreAVFResourceLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+        This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+        * svg/SVGFEImageElement.cpp:
+        (WebCore::SVGFEImageElement::requestImageResource): Skip CSP check for a SVG FEImage element in a user agent shadow tree.
+        * svg/SVGFontFaceUriElement.cpp:
+        (WebCore::SVGFontFaceUriElement::loadFont): Skip CSP check for a SVG font-face-uri element in a user agent shadow tree.
+        * svg/SVGUseElement.cpp:
+        (WebCore::SVGUseElement::updateExternalDocument): Skip CSP check for a SVG use element in a user agent shadow tree.
+        * testing/Internals.cpp:
+        (WebCore::Internals::ensureUserAgentShadowRoot): Added.
+        * testing/Internals.h:
+        * testing/Internals.idl: Added declaration for ensureUserAgentShadowRoot().
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::open): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+
 2015-07-06  Brent Fulgham  <bfulgham@apple.com>
 
         Ensure media playback is stopped during page close
index bfb4d11..b1760ee 100644 (file)
@@ -244,7 +244,7 @@ void WebSocket::connect(const String& url, const Vector<String>& protocols, Exce
         Document& document = downcast<Document>(*scriptExecutionContext());
         shouldBypassMainWorldContentSecurityPolicy = document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
     }
-    if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
+    if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url, shouldBypassMainWorldContentSecurityPolicy)) {
         m_state = CLOSED;
 
         // FIXME: Should this be throwing an exception?
index 16956e1..45b79a9 100644 (file)
@@ -45,7 +45,7 @@ public:
     FloatSize fixedSize(const RenderElement*);
 
     bool isPending() const { return false; }
-    void loadSubimages(CachedResourceLoader&) { }
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&) { }
 
     bool equals(const CSSCanvasValue&) const;
 
index 0d7a47d..d069d2e 100644 (file)
@@ -84,9 +84,13 @@ FloatSize CSSCrossfadeValue::fixedSize(const RenderElement* renderer)
     float percentage = m_percentageValue->getFloatValue();
     float inversePercentage = 1 - percentage;
 
+    // FIXME: Skip Content Security Policy check when cross fade is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
-    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
+    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
 
     if (!cachedFromImage || !cachedToImage)
         return FloatSize();
@@ -114,13 +118,13 @@ bool CSSCrossfadeValue::knownToBeOpaque(const RenderElement* renderer) const
     return subimageKnownToBeOpaque(*m_fromValue, renderer) && subimageKnownToBeOpaque(*m_toValue, renderer);
 }
 
-void CSSCrossfadeValue::loadSubimages(CachedResourceLoader& cachedResourceLoader)
+void CSSCrossfadeValue::loadSubimages(CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     CachedResourceHandle<CachedImage> oldCachedFromImage = m_cachedFromImage;
     CachedResourceHandle<CachedImage> oldCachedToImage = m_cachedToImage;
 
-    m_cachedFromImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
-    m_cachedToImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
+    m_cachedFromImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+    m_cachedToImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
 
     if (m_cachedFromImage != oldCachedFromImage) {
         if (oldCachedFromImage)
@@ -144,9 +148,13 @@ PassRefPtr<Image> CSSCrossfadeValue::image(RenderElement* renderer, const FloatS
     if (size.isEmpty())
         return nullptr;
 
+    // FIXME: Skip Content Security Policy check when cross fade is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
-    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
+    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
 
     if (!cachedFromImage || !cachedToImage)
         return Image::nullImage();
index e94eaea..1ed8b6f 100644 (file)
@@ -59,7 +59,7 @@ public:
     bool isPending() const;
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&);
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&);
 
     void setPercentage(PassRefPtr<CSSPrimitiveValue> percentageValue) { m_percentageValue = percentageValue; }
 
index 410ae4f..7667f94 100644 (file)
@@ -130,11 +130,11 @@ bool CSSCursorImageValue::updateIfSVGCursorIsUsed(Element* element)
     return false;
 }
 
-StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader)
+StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader, const ResourceLoaderOptions& options)
 {
 #if ENABLE(CSS_IMAGE_SET)
     if (is<CSSImageSetValue>(m_imageValue.get()))
-        return downcast<CSSImageSetValue>(m_imageValue.get()).cachedImageSet(loader);
+        return downcast<CSSImageSetValue>(m_imageValue.get()).cachedImageSet(loader, options);
 #endif
 
     if (!m_accessedImage) {
@@ -148,7 +148,7 @@ StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader)
             if (SVGCursorElement* cursorElement = resourceReferencedByCursorElement(downcast<CSSImageValue>(m_imageValue.get()).url(), *loader.document())) {
                 detachPendingImage();
                 Ref<CSSImageValue> svgImageValue(CSSImageValue::create(cursorElement->href()));
-                StyleCachedImage* cachedImage = svgImageValue->cachedImage(loader);
+                StyleCachedImage* cachedImage = svgImageValue->cachedImage(loader, options);
                 m_image = cachedImage;
                 return cachedImage;
             }
@@ -156,7 +156,7 @@ StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader)
 
         if (is<CSSImageValue>(m_imageValue.get())) {
             detachPendingImage();
-            m_image = downcast<CSSImageValue>(m_imageValue.get()).cachedImage(loader);
+            m_image = downcast<CSSImageValue>(m_imageValue.get()).cachedImage(loader, options);
         }
     }
 
index 20382cb..f93de15 100644 (file)
@@ -52,7 +52,7 @@ public:
     String customCSSText() const;
 
     bool updateIfSVGCursorIsUsed(Element*);
-    StyleImage* cachedImage(CachedResourceLoader&);
+    StyleImage* cachedImage(CachedResourceLoader&, const ResourceLoaderOptions&);
     StyleImage* cachedOrPendingImage(Document&);
 
     void removeReferencedElement(SVGElement*);
index b8f38a3..c6b3de2 100644 (file)
@@ -60,8 +60,12 @@ String CSSFilterImageValue::customCSSText() const
 
 FloatSize CSSFilterImageValue::fixedSize(const RenderElement* renderer)
 {
+    // FIXME: Skip Content Security Policy check when filter is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
+    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
 
     if (!cachedImage)
         return FloatSize();
@@ -79,11 +83,11 @@ bool CSSFilterImageValue::knownToBeOpaque(const RenderElement*) const
     return false;
 }
 
-void CSSFilterImageValue::loadSubimages(CachedResourceLoader& cachedResourceLoader)
+void CSSFilterImageValue::loadSubimages(CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     CachedResourceHandle<CachedImage> oldCachedImage = m_cachedImage;
 
-    m_cachedImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
+    m_cachedImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
 
     if (m_cachedImage != oldCachedImage) {
         if (oldCachedImage)
@@ -100,8 +104,12 @@ PassRefPtr<Image> CSSFilterImageValue::image(RenderElement* renderer, const Floa
     if (size.isEmpty())
         return nullptr;
 
+    // FIXME: Skip Content Security Policy check when filter is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
+    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
 
     if (!cachedImage)
         return Image::nullImage();
index 156096d..93959b6 100644 (file)
@@ -62,7 +62,7 @@ public:
     bool isPending() const;
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&);
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&);
 
     bool traverseSubresources(const std::function<bool (const CachedResource&)>& handler) const;
 
index 27c5836..a2d0afa 100644 (file)
@@ -98,10 +98,13 @@ bool CSSFontFaceSrcValue::traverseSubresources(const std::function<bool (const C
     return handler(*m_cachedFont);
 }
 
-CachedFont* CSSFontFaceSrcValue::cachedFont(Document* document, bool isSVG)
+CachedFont* CSSFontFaceSrcValue::cachedFont(Document* document, bool isSVG, bool isInitiatingElementInUserAgentShadowTree)
 {
     if (!m_cachedFont) {
-        CachedResourceRequest request(ResourceRequest(document->completeURL(m_resource)));
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request(ResourceRequest(document->completeURL(m_resource)), options);
         request.setInitiator(cachedResourceRequestInitiators().css);
         m_cachedFont = document->cachedResourceLoader().requestFont(request, isSVG);
     }
index 7e49c21..c386afe 100644 (file)
@@ -70,7 +70,7 @@ public:
 
     bool traverseSubresources(const std::function<bool (const CachedResource&)>& handler) const;
 
-    CachedFont* cachedFont(Document*, bool isSVG);
+    CachedFont* cachedFont(Document*, bool isSVG, bool isInitiatingElementInUserAgentShadowTree);
 
     bool equals(const CSSFontFaceSrcValue&) const;
 
index 104ae70..073c211 100644 (file)
@@ -84,7 +84,7 @@ bool CSSFontSelector::isEmpty() const
     return m_fonts.isEmpty();
 }
 
-void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule)
+void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule, bool isInitiatingElementInUserAgentShadowTree)
 {
     // Obtain the font-family property and the src property.  Both must be defined.
     const StyleProperties& style = fontFaceRule->properties();
@@ -212,7 +212,7 @@ void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule)
             Settings* settings = m_document ? m_document->frame() ? &m_document->frame()->settings() : 0 : 0;
             bool allowDownloading = foundSVGFont || (settings && settings->downloadableBinaryFontsEnabled());
             if (allowDownloading && item.isSupportedFormat() && m_document) {
-                CachedFont* cachedFont = item.cachedFont(m_document, foundSVGFont);
+                CachedFont* cachedFont = item.cachedFont(m_document, foundSVGFont, isInitiatingElementInUserAgentShadowTree);
                 if (cachedFont) {
                     source = std::make_unique<CSSFontFaceSource>(item.resource(), cachedFont);
 #if ENABLE(SVG_FONTS)
index 7563ab3..4be7408 100644 (file)
@@ -67,7 +67,7 @@ public:
 
     void clearDocument();
 
-    void addFontFaceRule(const StyleRuleFontFace*);
+    void addFontFaceRule(const StyleRuleFontFace*, bool isInitiatingElementInUserAgentShadowTree);
 
     void fontLoaded();
     virtual void fontCacheInvalidated() override;
index 11e372e..da911a2 100644 (file)
@@ -85,7 +85,7 @@ public:
     bool isPending() const { return false; }
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&) { }
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&) { }
     PassRefPtr<CSSGradientValue> gradientWithStylesResolved(StyleResolver*);
 
 protected:
index eb4889e..fe400c1 100644 (file)
@@ -209,23 +209,23 @@ bool CSSImageGeneratorValue::knownToBeOpaque(const RenderElement* renderer) cons
     return false;
 }
 
-void CSSImageGeneratorValue::loadSubimages(CachedResourceLoader& cachedResourceLoader)
+void CSSImageGeneratorValue::loadSubimages(CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     switch (classType()) {
     case CrossfadeClass:
-        downcast<CSSCrossfadeValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSCrossfadeValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case CanvasClass:
-        downcast<CSSCanvasValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSCanvasValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case FilterImageClass:
-        downcast<CSSFilterImageValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSFilterImageValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case LinearGradientClass:
-        downcast<CSSLinearGradientValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSLinearGradientValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case RadialGradientClass:
-        downcast<CSSRadialGradientValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSRadialGradientValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     default:
         ASSERT_NOT_REACHED();
@@ -248,13 +248,13 @@ bool CSSImageGeneratorValue::subimageIsPending(CSSValue* value)
     return false;
 }
 
-CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, CachedResourceLoader& cachedResourceLoader)
+CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     if (!value)
         return nullptr;
 
     if (is<CSSImageValue>(*value)) {
-        StyleCachedImage* styleCachedImage = downcast<CSSImageValue>(*value).cachedImage(cachedResourceLoader);
+        StyleCachedImage* styleCachedImage = downcast<CSSImageValue>(*value).cachedImage(cachedResourceLoader, options);
         if (!styleCachedImage)
             return nullptr;
 
@@ -262,7 +262,7 @@ CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, Cac
     }
     
     if (is<CSSImageGeneratorValue>(*value)) {
-        downcast<CSSImageGeneratorValue>(*value).loadSubimages(cachedResourceLoader);
+        downcast<CSSImageGeneratorValue>(*value).loadSubimages(cachedResourceLoader, options);
         // FIXME: Handle CSSImageGeneratorValue (and thus cross-fades with gradients and canvas).
         return nullptr;
     }
index 7ccaccb..c9b556c 100644 (file)
@@ -40,6 +40,7 @@ class GeneratedImage;
 class Image;
 class RenderElement;
 class StyleResolver;
+struct ResourceLoaderOptions;
 
 class CSSImageGeneratorValue : public CSSValue {
 public:
@@ -56,7 +57,7 @@ public:
     bool isPending() const;
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&);
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&);
 
 protected:
     CSSImageGeneratorValue(ClassType);
@@ -66,7 +67,7 @@ protected:
     const HashCountedSet<RenderElement*>& clients() const { return m_clients; }
 
     // Helper functions for Crossfade and Filter.
-    static CachedImage* cachedImageForCSSValue(CSSValue*, CachedResourceLoader&);
+    static CachedImage* cachedImageForCSSValue(CSSValue*, CachedResourceLoader&, const ResourceLoaderOptions&);
     static bool subimageIsPending(CSSValue*);
 
 private:
index 3e7806b..7631bee 100644 (file)
@@ -130,11 +130,6 @@ StyleCachedImageSet* CSSImageSetValue::cachedImageSet(CachedResourceLoader& load
     return is<StyleCachedImageSet>(m_imageSet.get()) ? downcast<StyleCachedImageSet>(m_imageSet.get()) : nullptr;
 }
 
-StyleCachedImageSet* CSSImageSetValue::cachedImageSet(CachedResourceLoader& loader)
-{
-    return cachedImageSet(loader, CachedResourceLoader::defaultCachedResourceOptions());
-}
-
 StyleImage* CSSImageSetValue::cachedOrPendingImageSet(Document& document)
 {
     if (!m_imageSet)
index 70a4b48..f088863 100644 (file)
@@ -48,7 +48,6 @@ public:
     ~CSSImageSetValue();
 
     StyleCachedImageSet* cachedImageSet(CachedResourceLoader&, const ResourceLoaderOptions&);
-    StyleCachedImageSet* cachedImageSet(CachedResourceLoader&);
 
     // Returns a StyleCachedImageSet if the best fit image has been cached already, otherwise a StylePendingImage.
     StyleImage* cachedOrPendingImageSet(Document&);
index cef4ea8..e1254f0 100644 (file)
@@ -94,11 +94,6 @@ StyleCachedImage* CSSImageValue::cachedImage(CachedResourceLoader& loader, const
     return is<StyleCachedImage>(m_image.get()) ? downcast<StyleCachedImage>(m_image.get()) : nullptr;
 }
 
-StyleCachedImage* CSSImageValue::cachedImage(CachedResourceLoader& loader)
-{
-    return cachedImage(loader, CachedResourceLoader::defaultCachedResourceOptions());
-}
-
 bool CSSImageValue::traverseSubresources(const std::function<bool (const CachedResource&)>& handler) const
 {
     if (!is<StyleCachedImage>(m_image.get()))
index 5291a63..7ea5090 100644 (file)
@@ -40,7 +40,6 @@ public:
     ~CSSImageValue();
 
     StyleCachedImage* cachedImage(CachedResourceLoader&, const ResourceLoaderOptions&);
-    StyleCachedImage* cachedImage(CachedResourceLoader&);
     // Returns a StyleCachedImage if the image is cached already, otherwise a StylePendingImage.
     StyleImage* cachedOrPendingImage();
 
index 5b5e500..b2f6ddf 100644 (file)
@@ -316,7 +316,7 @@ void RuleSet::addRegionRule(StyleRuleRegion* regionRule, bool hasDocumentSecurit
     m_regionSelectorsAndRuleSets.append(RuleSetSelectorPair(regionRule->selectorList().first(), WTF::move(regionRuleSet)));
 }
 
-void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool hasDocumentSecurityOrigin, AddRuleFlags addRuleFlags)
+void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags addRuleFlags)
 {
     for (auto& rule : rules) {
         if (is<StyleRule>(*rule))
@@ -326,15 +326,15 @@ void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const Me
         else if (is<StyleRuleMedia>(*rule)) {
             auto& mediaRule = downcast<StyleRuleMedia>(*rule);
             if ((!mediaRule.mediaQueries() || medium.eval(mediaRule.mediaQueries(), resolver)))
-                addChildRules(mediaRule.childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
+                addChildRules(mediaRule.childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
         } else if (is<StyleRuleFontFace>(*rule) && resolver) {
             // Add this font face to our set.
-            resolver->document().fontSelector().addFontFaceRule(downcast<StyleRuleFontFace>(rule.get()));
+            resolver->document().fontSelector().addFontFaceRule(downcast<StyleRuleFontFace>(rule.get()), isInitiatingElementInUserAgentShadowTree);
             resolver->invalidateMatchedPropertiesCache();
         } else if (is<StyleRuleKeyframes>(*rule) && resolver)
             resolver->addKeyframeStyle(downcast<StyleRuleKeyframes>(rule.get()));
         else if (is<StyleRuleSupports>(*rule) && downcast<StyleRuleSupports>(*rule).conditionIsSupported())
-            addChildRules(downcast<StyleRuleSupports>(*rule).childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
+            addChildRules(downcast<StyleRuleSupports>(*rule).childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
 #if ENABLE(CSS_REGIONS)
         else if (is<StyleRuleRegion>(*rule) && resolver) {
             addRegionRule(downcast<StyleRuleRegion>(rule.get()), hasDocumentSecurityOrigin);
@@ -362,7 +362,10 @@ void RuleSet::addRulesFromSheet(StyleSheetContents* sheet, const MediaQueryEvalu
     bool hasDocumentSecurityOrigin = resolver && resolver->document().securityOrigin()->canRequest(sheet->baseURL());
     AddRuleFlags addRuleFlags = static_cast<AddRuleFlags>((hasDocumentSecurityOrigin ? RuleHasDocumentSecurityOrigin : 0));
 
-    addChildRules(sheet->childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
+    // FIXME: Skip Content Security Policy check when stylesheet is in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    bool isInitiatingElementInUserAgentShadowTree = false;
+    addChildRules(sheet->childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
 
     if (m_autoShrinkToFitEnabled)
         shrinkToFit();
index 7ad719d..1ce7065 100644 (file)
@@ -190,7 +190,7 @@ public:
     bool hasShadowPseudoElementRules() const { return !m_shadowPseudoElementRules.isEmpty(); }
 
 private:
-    void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool hasDocumentSecurityOrigin, AddRuleFlags);
+    void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags);
 
     AtomRuleMap m_idRules;
     AtomRuleMap m_classRules;
index 62bdaea..f223067 100644 (file)
@@ -322,9 +322,8 @@ StyleResolver::StyleResolver(Document& document, bool matchAuthorAndUserStyles)
 #if ENABLE(SVG_FONTS)
     if (m_document.svgExtensions()) {
         const HashSet<SVGFontFaceElement*>& svgFontFaceElements = m_document.svgExtensions()->svgFontFaceElements();
-        HashSet<SVGFontFaceElement*>::const_iterator end = svgFontFaceElements.end();
-        for (HashSet<SVGFontFaceElement*>::const_iterator it = svgFontFaceElements.begin(); it != end; ++it)
-            m_document.fontSelector().addFontFaceRule((*it)->fontFaceRule());
+        for (auto* svgFontFaceElement : svgFontFaceElements)
+            m_document.fontSelector().addFontFaceRule(svgFontFaceElement->fontFaceRule(), svgFontFaceElement->isInUserAgentShadowTree());
     }
 #endif
 
@@ -2249,18 +2248,21 @@ void StyleResolver::loadPendingSVGDocuments()
     if (!hasFilters && !hasMasks)
         return;
 
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
     CachedResourceLoader& cachedResourceLoader = state.document().cachedResourceLoader();
     
     if (hasFilters) {
         for (auto& filterOperation : state.filtersWithPendingSVGDocuments())
-            filterOperation->getOrCreateCachedSVGDocumentReference()->load(cachedResourceLoader);
+            filterOperation->getOrCreateCachedSVGDocumentReference()->load(cachedResourceLoader, options);
 
         state.filtersWithPendingSVGDocuments().clear();
     }
     
     if (hasMasks) {
         for (auto& maskImageOperation : state.maskImagesWithPendingSVGDocuments())
-            maskImageOperation->ensureCachedSVGDocumentReference()->load(cachedResourceLoader);
+            maskImageOperation->ensureCachedSVGDocumentReference()->load(cachedResourceLoader, options);
 
         state.maskImagesWithPendingSVGDocuments().clear();
     }
@@ -2408,12 +2410,12 @@ PassRefPtr<StyleImage> StyleResolver::loadPendingImage(const StylePendingImage&
         return imageValue->cachedImage(m_state.document().cachedResourceLoader(), options);
 
     if (auto imageGeneratorValue = pendingImage.cssImageGeneratorValue()) {
-        imageGeneratorValue->loadSubimages(m_state.document().cachedResourceLoader());
+        imageGeneratorValue->loadSubimages(m_state.document().cachedResourceLoader(), options);
         return StyleGeneratedImage::create(*imageGeneratorValue);
     }
 
     if (auto cursorImageValue = pendingImage.cssCursorImageValue())
-        return cursorImageValue->cachedImage(m_state.document().cachedResourceLoader());
+        return cursorImageValue->cachedImage(m_state.document().cachedResourceLoader(), options);
 
 #if ENABLE(CSS_IMAGE_SET)
     if (auto imageSetValue = pendingImage.cssImageSetValue())
@@ -2425,7 +2427,9 @@ PassRefPtr<StyleImage> StyleResolver::loadPendingImage(const StylePendingImage&
 
 PassRefPtr<StyleImage> StyleResolver::loadPendingImage(const StylePendingImage& pendingImage)
 {
-    return loadPendingImage(pendingImage, CachedResourceLoader::defaultCachedResourceOptions());
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+    return loadPendingImage(pendingImage, options);
 }
 
 #if ENABLE(CSS_SHAPES)
@@ -2443,6 +2447,7 @@ void StyleResolver::loadPendingShapeImage(ShapeValue* shapeValue)
     ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
     options.setRequestOriginPolicy(PotentiallyCrossOriginEnabled);
     options.setAllowCredentials(DoNotAllowStoredCredentials);
+    options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
 
     shapeValue->setImage(loadPendingImage(pendingImage, options));
 }
index a4a0694..0642a1d 100644 (file)
@@ -111,6 +111,8 @@ void StyleRuleImport::requestStyleSheet()
         rootSheet = sheet;
     }
 
+    // FIXME: Skip Content Security Policy check when stylesheet is in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
     CachedResourceRequest request(ResourceRequest(absURL), m_parentStyleSheet->charset());
     request.setInitiator(cachedResourceRequestInitiators().css);
     if (m_cachedSheet)
index 65a572b..b7fbe14 100644 (file)
@@ -250,7 +250,7 @@ public:
     WEBCORE_EXPORT RefPtr<ShadowRoot> createShadowRoot(ExceptionCode&);
 
     ShadowRoot* userAgentShadowRoot() const;
-    ShadowRoot& ensureUserAgentShadowRoot();
+    WEBCORE_EXPORT ShadowRoot& ensureUserAgentShadowRoot();
 
     // FIXME: this should not be virtual, do not override this.
     virtual const AtomicString& shadowPseudoId() const;
index 14b6cae..638cfc6 100644 (file)
@@ -123,7 +123,7 @@ void InlineStyleSheetOwner::createSheet(Element& element, const String& text)
 
     if (!isValidCSSContentType(element, m_contentType))
         return;
-    if (!document.contentSecurityPolicy()->allowInlineStyle(document.url(), m_startTextPosition.m_line))
+    if (!document.contentSecurityPolicy()->allowInlineStyle(document.url(), m_startTextPosition.m_line, element.isInUserAgentShadowTree()))
         return;
 
     RefPtr<MediaQuerySet> mediaQueries;
index 3f07b56..9634243 100644 (file)
@@ -973,6 +973,12 @@ ShadowRoot* Node::containingShadowRoot() const
     return is<ShadowRoot>(root) ? downcast<ShadowRoot>(&root) : nullptr;
 }
 
+bool Node::isInUserAgentShadowTree() const
+{
+    auto* shadowRoot = containingShadowRoot();
+    return shadowRoot && shadowRoot->type() == ShadowRoot::UserAgentShadowRoot;
+}
+
 Node* Node::nonBoundaryShadowTreeRootNode()
 {
     ASSERT(!isShadowRoot());
index f7688ea..82a647b 100644 (file)
@@ -402,6 +402,7 @@ public:
     { 
         return getFlag(InDocumentFlag);
     }
+    bool isInUserAgentShadowTree() const;
     bool isInShadowTree() const { return getFlag(IsInShadowTreeFlag); }
     bool isInTreeScope() const { return getFlag(static_cast<NodeFlags>(InDocumentFlag | IsInShadowTreeFlag)); }
 
index cb2690c..66bbece 100644 (file)
@@ -255,7 +255,10 @@ bool ScriptElement::requestScript(const String& sourceUrl)
 
     ASSERT(!m_cachedScript);
     if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
-        CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)));
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(m_element.isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)), options);
 
         String crossOriginMode = m_element.fastGetAttribute(HTMLNames::crossoriginAttr);
         if (!crossOriginMode.isNull()) {
@@ -285,7 +288,7 @@ void ScriptElement::executeScript(const ScriptSourceCode& sourceCode)
     if (sourceCode.isEmpty())
         return;
 
-    if (!m_isExternalScript && !m_element.document().contentSecurityPolicy()->allowInlineScript(m_element.document().url(), m_startLineNumber))
+    if (!m_isExternalScript && !m_element.document().contentSecurityPolicy()->allowInlineScript(m_element.document().url(), m_startLineNumber, m_element.isInUserAgentShadowTree()))
         return;
 
 #if ENABLE(NOSNIFF)
index 0ec0d7f..7d6e877 100644 (file)
@@ -203,7 +203,7 @@ void StyledElement::styleAttributeChanged(const AtomicString& newStyleString, At
         if (PropertySetCSSStyleDeclaration* cssomWrapper = inlineStyleCSSOMWrapper())
             cssomWrapper->clearParentElement();
         ensureUniqueElementData().m_inlineStyle = nullptr;
-    } else if (reason == ModifiedByCloning || document().contentSecurityPolicy()->allowInlineStyle(document().url(), startLineNumber))
+    } else if (reason == ModifiedByCloning || document().contentSecurityPolicy()->allowInlineStyle(document().url(), startLineNumber, isInUserAgentShadowTree()))
         setInlineStyleFromString(newStyleString);
 
     elementData()->setStyleAttributeIsDirty(false);
index 6af0654..680ff7f 100644 (file)
@@ -1757,7 +1757,7 @@ bool HTMLMediaElement::isSafeToLoadURL(const URL& url, InvalidURLAction actionIf
         return false;
     }
 
-    if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) {
+    if (!document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) {
         LOG(Media, "HTMLMediaElement::isSafeToLoadURL(%p) - %s -> rejected by Content Security Policy", this, urlForLoggingMedia(url).utf8().data());
         return false;
     }
@@ -5825,7 +5825,7 @@ Vector<RefPtr<PlatformTextTrack>> HTMLMediaElement::outOfBandTrackSources()
         if (url.isEmpty())
             continue;
         
-        if (!document().contentSecurityPolicy()->allowMediaFromSource(url))
+        if (!document().contentSecurityPolicy()->allowMediaFromSource(url, trackElement.isInUserAgentShadowTree()))
             continue;
 
         PlatformTextTrack::TrackKind platformKind = PlatformTextTrack::Caption;
index 0e5e0f0..d6b1f9a 100644 (file)
@@ -238,7 +238,7 @@ bool HTMLTrackElement::canLoadURL(const URL& url)
     if (url.isEmpty())
         return false;
 
-    if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) {
+    if (!document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) {
         LOG(Media, "HTMLTrackElement::canLoadURL(%s) -> rejected by Content Security Policy", urlForLoggingTrack(url).utf8().data());
         return false;
     }
index 5ff12b7..d0af468 100644 (file)
@@ -99,7 +99,7 @@ void LoadableTextTrack::loadTimerFired()
     // mode being the state of the media element's crossorigin content attribute, the origin being the
     // origin of the media element's Document, and the default origin behaviour set to fail.
     m_loader = std::make_unique<TextTrackLoader>(static_cast<TextTrackLoaderClient&>(*this), static_cast<ScriptExecutionContext*>(&m_trackElement->document()));
-    if (!m_loader->load(m_url, m_trackElement->mediaElementCrossOriginAttribute()))
+    if (!m_loader->load(m_url, m_trackElement->mediaElementCrossOriginAttribute(), m_trackElement->isInUserAgentShadowTree()))
         m_trackElement->didCompleteLoad(HTMLTrackElement::Failure);
 }
 
index 7ca1f23..52ae900 100644 (file)
@@ -1406,7 +1406,7 @@ void DocumentLoader::startLoadingMainResource()
     // If this is a reload the cache layer might have made the previous request conditional. DocumentLoader can't handle 304 responses itself.
     request.makeUnconditional();
 
-    static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, IncludeCertificateInfo);
+    static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck);
     CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions);
     cachedResourceRequest.setInitiator(*this);
     m_mainResource = m_cachedResourceLoader->requestMainResource(cachedResourceRequest);
index 67ad1f2..7cb27a7 100644 (file)
@@ -172,7 +172,10 @@ void ImageLoader::updateFromElement()
     // an empty string.
     CachedResourceHandle<CachedImage> newImage = 0;
     if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) {
-        CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))));
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(element().isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options);
         request.setInitiator(&element());
 
         String crossOriginMode = element().fastGetAttribute(HTMLNames::crossoriginAttr);
index 57e00af..1d9267e 100644 (file)
@@ -59,7 +59,9 @@ bool MediaResourceLoader::start(const ResourceRequest& request, LoadOptions opti
     DataBufferingPolicy bufferingPolicy = options & LoadOption::BufferData ? WebCore::BufferData : WebCore::DoNotBufferData;
     RequestOriginPolicy corsPolicy = !m_crossOriginMode.isNull() ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType;
     StoredCredentials allowCredentials = m_crossOriginMode.isNull() || equalIgnoringCase(m_crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
-    CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo));
+
+    // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+    CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck));
 
     if (!m_crossOriginMode.isNull())
         updateRequestForAccessControl(cacheRequest.mutableResourceRequest(), m_document.securityOrigin(), allowCredentials);
index ee1a62f..a854800 100644 (file)
 
 namespace WebCore {
 
+// FIXME: Skip Content Security Policy check when associated plugin element is in a user agent shadow tree.
+// See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
 NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame* frame, NetscapePlugInStreamLoaderClient* client)
-    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo))
+    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck))
     , m_client(client)
 {
 #if ENABLE(CONTENT_EXTENSIONS)
index a216e50..18a5a52 100644 (file)
@@ -86,9 +86,7 @@ void PolicyChecker::checkNavigationPolicy(const ResourceRequest& request, Docume
         return;
     }
 
-    // If we're loading content into a subframe, check against the parent's Content Security Policy
-    // and kill the load if that check fails.
-    if (m_frame.ownerElement() && !m_frame.ownerElement()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url())) {
+    if (m_frame.ownerElement() && !m_frame.ownerElement()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), m_frame.ownerElement()->isInUserAgentShadowTree())) {
         function(request, 0, false);
         return;
     }
index 0c4256e..48f8561 100644 (file)
@@ -66,6 +66,11 @@ enum CertificateInfoPolicy {
     DoNotIncludeCertificateInfo
 };
 
+enum class ContentSecurityPolicyImposition : uint8_t {
+    SkipPolicyCheck,
+    DoPolicyCheck
+};
+
 struct ResourceLoaderOptions {
     ResourceLoaderOptions()
         : m_sendLoadCallbacks(DoNotSendCallbacks)
@@ -79,7 +84,7 @@ struct ResourceLoaderOptions {
     {
     }
 
-    ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, SecurityCheckPolicy securityCheck, RequestOriginPolicy requestOriginPolicy, CertificateInfoPolicy certificateInfoPolicy)
+    ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, SecurityCheckPolicy securityCheck, RequestOriginPolicy requestOriginPolicy, CertificateInfoPolicy certificateInfoPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition)
         : m_sendLoadCallbacks(sendLoadCallbacks)
         , m_sniffContent(sniffContent)
         , m_dataBufferingPolicy(dataBufferingPolicy)
@@ -88,6 +93,7 @@ struct ResourceLoaderOptions {
         , m_securityCheck(securityCheck)
         , m_requestOriginPolicy(requestOriginPolicy)
         , m_certificateInfoPolicy(certificateInfoPolicy)
+        , m_contentSecurityPolicyImposition(contentSecurityPolicyImposition)
     {
     }
 
@@ -107,6 +113,8 @@ struct ResourceLoaderOptions {
     void setRequestOriginPolicy(RequestOriginPolicy policy) { m_requestOriginPolicy = policy; }
     CertificateInfoPolicy certificateInfoPolicy() const { return static_cast<CertificateInfoPolicy>(m_certificateInfoPolicy); }
     void setCertificateInfoPolicy(CertificateInfoPolicy policy) { m_certificateInfoPolicy = policy; }
+    ContentSecurityPolicyImposition contentSecurityPolicyImposition() const { return m_contentSecurityPolicyImposition; }
+    void setContentSecurityPolicyImposition(ContentSecurityPolicyImposition imposition) { m_contentSecurityPolicyImposition = imposition; }
 
     unsigned m_sendLoadCallbacks : 1;
     unsigned m_sniffContent : 1;
@@ -116,6 +124,7 @@ struct ResourceLoaderOptions {
     unsigned m_securityCheck : 1;
     unsigned m_requestOriginPolicy : 2;
     unsigned m_certificateInfoPolicy : 1; // Whether the response should include certificate info.
+    ContentSecurityPolicyImposition m_contentSecurityPolicyImposition { ContentSecurityPolicyImposition::DoPolicyCheck };
 };
 
 } // namespace WebCore    
index 7f0cf07..a6e155b 100644 (file)
@@ -125,8 +125,9 @@ bool SubframeLoader::pluginIsLoadable(HTMLPlugInImageElement& pluginElement, con
         String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ?
             document()->ownerElement()->fastGetAttribute(HTMLNames::typeAttr) :
             pluginElement.fastGetAttribute(HTMLNames::typeAttr);
-        if (!document()->contentSecurityPolicy()->allowObjectFromSource(url)
-            || !document()->contentSecurityPolicy()->allowPluginType(mimeType, declaredMimeType, url)) {
+        bool isInUserAgentShadowTree = pluginElement.isInUserAgentShadowTree();
+        if (!document()->contentSecurityPolicy()->allowObjectFromSource(url, isInUserAgentShadowTree)
+            || !document()->contentSecurityPolicy()->allowPluginType(mimeType, declaredMimeType, url, isInUserAgentShadowTree)) {
             RenderEmbeddedObject* renderer = pluginElement.renderEmbeddedObject();
             renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
             return false;
@@ -253,8 +254,9 @@ PassRefPtr<Widget> SubframeLoader::createJavaAppletWidget(const IntSize& size, H
         }
 
         const char javaAppletMimeType[] = "application/x-java-applet";
-        if (!element.document().contentSecurityPolicy()->allowObjectFromSource(codeBaseURL)
-            || !element.document().contentSecurityPolicy()->allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL))
+        bool isInUserAgentShadowTree = element.isInUserAgentShadowTree();
+        if (!element.document().contentSecurityPolicy()->allowObjectFromSource(codeBaseURL, isInUserAgentShadowTree)
+            || !element.document().contentSecurityPolicy()->allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL, isInUserAgentShadowTree))
             return nullptr;
     }
 
index 0e3e786..3866e81 100644 (file)
@@ -145,13 +145,17 @@ void TextTrackLoader::notifyFinished(CachedResource* resource)
     cancelLoad();
 }
 
-bool TextTrackLoader::load(const URL& url, const String& crossOriginMode)
+bool TextTrackLoader::load(const URL& url, const String& crossOriginMode, bool isInitiatingElementInUserAgentShadowTree)
 {
     cancelLoad();
 
     ASSERT(is<Document>(m_scriptExecutionContext));
     Document* document = downcast<Document>(m_scriptExecutionContext);
-    CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)));
+
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+    CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)), options);
 
     if (!crossOriginMode.isNull()) {
         m_crossOriginMode = crossOriginMode;
index 768cbe9..7f7aaea 100644 (file)
@@ -59,7 +59,7 @@ public:
     TextTrackLoader(TextTrackLoaderClient&, ScriptExecutionContext*);
     virtual ~TextTrackLoader();
     
-    bool load(const URL&, const String& crossOriginMode);
+    bool load(const URL&, const String& crossOriginMode, bool isInitiatingElementInUserAgentShadowTree);
     void cancelLoad();
     void getNewCues(Vector<RefPtr<TextTrackCue>>& outputCues);
 #if ENABLE(WEBVTT_REGIONS)
index ad17373..09e9784 100644 (file)
@@ -233,7 +233,7 @@ CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt
     memoryCache.add(*userSheet);
     // FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too?
 
-    userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo));
+    userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck));
     
     return userSheet;
 }
@@ -366,8 +366,7 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url,
         return 0;
     }
 
-    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
-    bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script().shouldBypassMainWorldContentSecurityPolicy());
+    bool skipContentSecurityPolicyCheck = options.contentSecurityPolicyImposition() == ContentSecurityPolicyImposition::SkipPolicyCheck;
 
     // Some types of resources can be loaded only from the same origin.  Other
     // types of resources, like Images, Scripts, and CSS, can be loaded from
@@ -408,30 +407,30 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url,
     switch (type) {
 #if ENABLE(XSLT)
     case CachedResource::XSLStyleSheet:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
 #endif
     case CachedResource::Script:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         if (frame() && !frame()->settings().isScriptEnabled())
             return false;
         break;
     case CachedResource::CSSStyleSheet:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowStyleFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowStyleFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
     case CachedResource::SVGDocumentResource:
     case CachedResource::ImageResource:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowImageFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowImageFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
 #if ENABLE(SVG_FONTS)
     case CachedResource::SVGFontResource:
 #endif
     case CachedResource::FontResource: {
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowFontFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowFontFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
     }
@@ -444,7 +443,7 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url,
         break;
 #if ENABLE(VIDEO_TRACK)
     case CachedResource::TextTrackResource:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowMediaFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowMediaFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
 #endif
@@ -1138,7 +1137,7 @@ void CachedResourceLoader::printPreloadStats()
 
 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions()
 {
-    static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo);
+    static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck);
     return options;
 }
 
index 681b9fa..86360e2 100644 (file)
@@ -53,12 +53,12 @@ CachedSVGDocumentReference::~CachedSVGDocumentReference()
     }
 }
 
-void CachedSVGDocumentReference::load(CachedResourceLoader& loader)
+void CachedSVGDocumentReference::load(CachedResourceLoader& loader, const ResourceLoaderOptions& options)
 {
     if (m_loadRequested)
         return;
 
-    CachedResourceRequest request(ResourceRequest(loader.document()->completeURL(m_url)));
+    CachedResourceRequest request(ResourceRequest(loader.document()->completeURL(m_url)), options);
     request.setInitiator(cachedResourceRequestInitiators().css);
     if (m_acceptsAnyImageType)
         request.setAcceptOverride("image/*");
index f1c54f4..a975ada 100644 (file)
@@ -34,6 +34,7 @@ namespace WebCore {
 
 class CachedSVGDocument;
 class CachedResourceLoader;
+struct ResourceLoaderOptions;
 
 class CachedSVGDocumentReference : public CachedSVGDocumentClient {
 public:
@@ -41,7 +42,7 @@ public:
 
     virtual ~CachedSVGDocumentReference();
 
-    void load(CachedResourceLoader&);
+    void load(CachedResourceLoader&, const ResourceLoaderOptions&);
     bool loadRequested() const { return m_loadRequested; }
     void setAcceptsAnyImageType() { m_acceptsAnyImageType = true; }
 
index fda3a59..f7ca802 100644 (file)
@@ -58,7 +58,8 @@ void IconLoader::startLoading()
     if (m_resource || !m_frame.document())
         return;
 
-    CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo));
+    // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+    CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck));
 
     request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
     request.setInitiator(cachedResourceRequestInitiators().icon);
index 24e2e55..d1a3640 100644 (file)
@@ -1441,31 +1441,29 @@ bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const URL& ur
     return true;
 }
 
-bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineEventHandlers>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineEventHandlers>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineScript>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineScript>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    if (m_overrideInlineStyleAllowed)
-        return true;
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || m_overrideInlineStyleAllowed || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowEval(JSC::ExecState* state, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowEval(JSC::ExecState* state, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, state, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, state, reportingStatus);
 }
 
 String ContentSecurityPolicy::evalDisabledErrorMessage() const
@@ -1477,8 +1475,10 @@ String ContentSecurityPolicy::evalDisabledErrorMessage() const
     return String();
 }
 
-bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
+    if (overrideContentSecurityPolicy)
+        return true;
     for (auto& policy : m_policies) {
         if (!policy->allowPluginType(type, typeAttribute, url, reportingStatus))
             return false;
@@ -1486,54 +1486,54 @@ bool ContentSecurityPolicy::allowPluginType(const String& type, const String& ty
     return true;
 }
 
-bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowImageFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowImageFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowFontFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowFontFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowMediaFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowMediaFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowConnectToSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowConnectToSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowConnectToSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowConnectToSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowFormAction(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowFormAction(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowFormAction>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowFormAction>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowBaseURI(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowBaseURI(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowBaseURI>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowBaseURI>(m_policies, url, reportingStatus);
 }
 
 bool ContentSecurityPolicy::isActive() const
index 0fb0d16..a71b5fc 100644 (file)
@@ -84,23 +84,23 @@ public:
     const String& deprecatedHeader() const;
     HeaderType deprecatedHeaderType() const;
 
-    bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowEval(JSC::ExecState* = nullptr, ReportingStatus = SendReport) const;
-    bool allowPluginType(const String& type, const String& typeAttribute, const URL&, ReportingStatus = SendReport) const;
-
-    bool allowScriptFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowObjectFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowChildFrameFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowImageFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowStyleFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowFontFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowMediaFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowConnectToSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowFormAction(const URL&, ReportingStatus = SendReport) const;
-    bool allowBaseURI(const URL&, ReportingStatus = SendReport) const;
+    bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowEval(JSC::ExecState* = nullptr, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowPluginType(const String& type, const String& typeAttribute, const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+
+    bool allowScriptFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowObjectFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowChildFrameFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowImageFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowStyleFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowFontFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowMediaFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowConnectToSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowFormAction(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowBaseURI(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
 
     ReflectedXSSDisposition reflectedXSSDisposition() const;
 
index 6a2e8bc..e4e42ad 100644 (file)
@@ -47,16 +47,17 @@ bool isPolicyActiveInContext(ScriptExecutionContext* context)
     return context->contentSecurityPolicy()->isActive();
 }
 
-template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const URL&, ContentSecurityPolicy::ReportingStatus) const>
+template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowedWithType(ScriptExecutionContext* context, const String& type)
 {
     if (!isPolicyActiveInContext(context))
         return true;
 
-    return (context->contentSecurityPolicy()->*allowWithType)(type, type, URL(), ContentSecurityPolicy::SuppressReport);
+    bool overrideContentSecurityPolicy = false;
+    return (context->contentSecurityPolicy()->*allowWithType)(type, type, URL(), overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
 }
 
-template<bool (ContentSecurityPolicy::*allowWithURL)(const URL&, ContentSecurityPolicy::ReportingStatus) const>
+template<bool (ContentSecurityPolicy::*allowWithURL)(const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowedWithURL(ScriptExecutionContext* context, const String& url)
 {
     if (!isPolicyActiveInContext(context))
@@ -66,16 +67,18 @@ bool isAllowedWithURL(ScriptExecutionContext* context, const String& url)
     if (!parsedURL.isValid())
         return false; // FIXME: Figure out how to throw a JavaScript error.
 
-    return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, ContentSecurityPolicy::SuppressReport);
+    bool overrideContentSecurityPolicy = false;
+    return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
 }
 
-template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const>
+template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowed(ScriptExecutionContext* context)
 {
     if (!isPolicyActiveInContext(context))
         return true;
 
-    return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport);
+    bool overrideContentSecurityPolicy = false;
+    return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
 }
 
 } // namespace
index 3d70de9..17323b9 100644 (file)
@@ -91,7 +91,7 @@ RefPtr<EventSource> EventSource::create(ScriptExecutionContext& context, const S
         Document& document = downcast<Document>(context);
         shouldBypassMainWorldContentSecurityPolicy = document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
     }
-    if (!shouldBypassMainWorldContentSecurityPolicy && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) {
+    if (!context.contentSecurityPolicy()->allowConnectToSource(fullURL, shouldBypassMainWorldContentSecurityPolicy)) {
         // FIXME: Should this be throwing an exception?
         ec = SECURITY_ERR;
         return nullptr;
index eeb3ba1..2782551 100644 (file)
@@ -67,7 +67,8 @@ void WebCoreAVFResourceLoader::startLoading()
 
     URL requestURL = [[m_avRequest.get() request] URL];
 
-    CachedResourceRequest request(ResourceRequest(requestURL), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo));
+    // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+    CachedResourceRequest request(ResourceRequest(requestURL), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck));
 
     request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
     CachedResourceLoader* loader = m_parent->player()->cachedResourceLoader();
index 86d6fba..fffc3d8 100644 (file)
@@ -77,7 +77,10 @@ void SVGFEImageElement::clearResourceReferences()
 
 void SVGFEImageElement::requestImageResource()
 {
-    CachedResourceRequest request(ResourceRequest(document().completeURL(href())));
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+    CachedResourceRequest request(ResourceRequest(document().completeURL(href())), options);
     request.setInitiator(this);
     m_cachedImage = document().cachedResourceLoader().requestImage(request);
 
index bb4fe1b..cb0bd15 100644 (file)
@@ -100,8 +100,11 @@ void SVGFontFaceUriElement::loadFont()
 
     const AtomicString& href = getAttribute(XLinkNames::hrefAttr);
     if (!href.isNull()) {
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
         CachedResourceLoader& cachedResourceLoader = document().cachedResourceLoader();
-        CachedResourceRequest request(ResourceRequest(document().completeURL(href)));
+        CachedResourceRequest request(ResourceRequest(document().completeURL(href)), options);
         request.setInitiator(this);
         m_cachedFont = cachedResourceLoader.requestFont(request, isSVGFontTarget(*this));
         if (m_cachedFont) {
index 6ca43e6..3d1ff8a 100644 (file)
@@ -543,7 +543,10 @@ void SVGUseElement::updateExternalDocument()
     if (externalDocumentURL.isNull())
         m_externalDocument = nullptr;
     else {
-        CachedResourceRequest request { ResourceRequest { externalDocumentURL } };
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request { ResourceRequest { externalDocumentURL }, options };
         request.setInitiator(this);
         m_externalDocument = document().cachedResourceLoader().requestSVGDocument(request);
         if (m_externalDocument) {
index 476d1e2..8bca77a 100644 (file)
@@ -717,6 +717,15 @@ Node* Internals::ensureShadowRoot(Element* host, ExceptionCode& ec)
     return host->createShadowRoot(ec).get();
 }
 
+Node* Internals::ensureUserAgentShadowRoot(Element* host, ExceptionCode& ec)
+{
+    if (!host) {
+        ec = INVALID_ACCESS_ERR;
+        return nullptr;
+    }
+    return &host->ensureUserAgentShadowRoot();
+}
+
 Node* Internals::createShadowRoot(Element* host, ExceptionCode& ec)
 {
     if (!host) {
index 14e9612..360f5d3 100644 (file)
@@ -106,6 +106,7 @@ public:
     PassRefPtr<CSSComputedStyleDeclaration> computedStyleIncludingVisitedInfo(Node*, ExceptionCode&) const;
 
     Node* ensureShadowRoot(Element* host, ExceptionCode&);
+    Node* ensureUserAgentShadowRoot(Element* host, ExceptionCode&);
     Node* createShadowRoot(Element* host, ExceptionCode&);
     Node* shadowRoot(Element* host, ExceptionCode&);
     String shadowRootType(const Node*, ExceptionCode&) const;
index 5a124a0..c3d8822 100644 (file)
@@ -73,6 +73,7 @@ enum ResourceLoadPriority {
     [RaisesException] CSSStyleDeclaration computedStyleIncludingVisitedInfo(Node node);
 
     [RaisesException] Node ensureShadowRoot(Element host);
+    [RaisesException] Node ensureUserAgentShadowRoot(Element host);
     [RaisesException] Node createShadowRoot(Element host);
     [RaisesException] Node shadowRoot(Element host);
 
index 475d6fb..db6d8a3 100644 (file)
@@ -504,7 +504,7 @@ void XMLHttpRequest::open(const String& method, const URL& url, bool async, Exce
         if (document.frame())
             shouldBypassMainWorldContentSecurityPolicy = document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
     }
-    if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
+    if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url, shouldBypassMainWorldContentSecurityPolicy)) {
         // FIXME: Should this be throwing an exception?
         ec = SECURITY_ERR;
         return;