Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Jul 2015 00:42:50 +0000 (00:42 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Jul 2015 00:42:50 +0000 (00:42 +0000)
should be exempt from Content Security Policy
https://bugs.webkit.org/show_bug.cgi?id=144830
<rdar://problem/18860261>

Reviewed by Geoffrey Garen.

Source/WebCore:

Make scripts that run in an isolated world be subject to the Content Security Policy (CSP) of the page
and exempt features implemented using a user agent shadow DOM. As a side effect of this change,
Safari Content Extensions will respect the CSP policy of the page when loading subresources (e.g. an image).

Tests: http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
       http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
       http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html

* Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
* css/CSSCanvasValue.h:
(WebCore::CSSCanvasValue::loadSubimages): Modified to take argument ResourceLoaderOptions (unused).
* css/CSSCrossfadeValue.cpp:
(WebCore::CSSCrossfadeValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
the cross fade is applied to an element in a user agent shadow tree.
(WebCore::CSSCrossfadeValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
(WebCore::CSSCrossfadeValue::image): Explicitly instantiate default ResourceLoaderOptions and pass it
when requesting a cached image. Added FIXME comment to skip Content Security Policy check when the cross
fade is applied to an element in a user agent shadow tree.
* css/CSSCrossfadeValue.h:
* css/CSSCursorImageValue.cpp:
(WebCore::CSSCursorImageValue::cachedImage): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
* css/CSSCursorImageValue.h:
* css/CSSFilterImageValue.cpp:
(WebCore::CSSFilterImageValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
the cross fade is applied to an element in a user agent shadow tree.
(WebCore::CSSFilterImageValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
(WebCore::CSSFilterImageValue::loadSubimages): Explicitly instantiate default ResourceLoaderOptions and pass
pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
the cross fade is applied to an element in a user agent shadow tree.
(WebCore::CSSFilterImageValue::image):
* css/CSSFilterImageValue.h:
* css/CSSFontFaceSrcValue.cpp:
(WebCore::CSSFontFaceSrcValue::cachedFont): Take a boolean, isInitiatingElementInUserAgentShadowTree,
so as to determine the appropriate CSP imposition. In particular, we skip the CSP check when the initiating element
(e.g. SVG font-face element) is in a user agent shadow tree.
* css/CSSFontFaceSrcValue.h:
* css/CSSFontSelector.cpp:
(WebCore::CSSFontSelector::addFontFaceRule): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
it as appropriate.
* css/CSSFontSelector.h:
* css/CSSGradientValue.h:
(WebCore::CSSGradientValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
as appropriate.
* css/CSSImageGeneratorValue.cpp:
(WebCore::CSSImageGeneratorValue::loadSubimages): Ditto.
(WebCore::CSSImageGeneratorValue::cachedImageForCSSValue): Ditto.
* css/CSSImageGeneratorValue.h:
* css/CSSImageSetValue.cpp:
(WebCore::CSSImageSetValue::cachedImageSet): Deleted.
* css/CSSImageSetValue.h:
* css/CSSImageValue.cpp:
(WebCore::CSSImageValue::cachedImage): Deleted.
* css/CSSImageValue.h:
* css/RuleSet.cpp:
(WebCore::RuleSet::addChildRules): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
it as appropriate.
(WebCore::RuleSet::addRulesFromSheet): Added FIXME comment to skip Content Security Policy check when
when stylesheet is in a user agent shadow tree.
* css/RuleSet.h:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::StyleResolver): Determine whether the SVG font-face element is in a user agent shadow tree
and pass the appropriate value when calling CSSFontSelector::addFontFaceRule(). Also, modernized code; used C++11 range
-based for-loop instead of const_iterator idiom.
(WebCore::StyleResolver::loadPendingSVGDocuments): Skip CSP check when requesting subresources as a byproduct of
resolving style for an element in a user agent shadow tree.
(WebCore::StyleResolver::loadPendingImage): Ditto.
(WebCore::StyleResolver::loadPendingShapeImage): Ditto.
* css/StyleRuleImport.cpp:
(WebCore::StyleRuleImport::requestStyleSheet): Added FIXME comment to skip Content Security Policy check when
when stylesheet is in a user agent shadow tree.
* dom/Element.h:
* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet): Skip CSP check for an inline <style> that is in a user agent shadow tree.
* dom/Node.cpp:
(WebCore::Node::isInUserAgentShadowTree): Added.
* dom/Node.h:
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::requestScript): Skip CSP check for an external JavaScript script in a user agent shadow tree.
(WebCore::ScriptElement::executeScript): Skip CSP check for an inline JavaScript script that is in a user agent shadow tree.
* dom/StyledElement.cpp:
(WebCore::StyledElement::styleAttributeChanged): Skip CSP check when modifying the inline style of an element in a user
agent shadow tree.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::isSafeToLoadURL): Skip CSP check for a <audio>, <video> in a user agent shadow tree.
(WebCore::HTMLMediaElement::outOfBandTrackSources): Ditto.
* html/HTMLTrackElement.cpp:
(WebCore::HTMLTrackElement::canLoadURL): Ditto.
* html/track/LoadableTextTrack.cpp:
(WebCore::LoadableTextTrack::loadTimerFired): Determine whether the <track> is in a user agent shadow tree
and pass the appropriate value when calling TextTrackLoader::load().
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::startLoadingMainResource): Do CSP check when loading a resource by default.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement): Skip CSP check for an image that is in a user agent shadow tree.
* loader/MediaResourceLoader.cpp:
(WebCore::MediaResourceLoader::start): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
* loader/NetscapePlugInStreamLoader.cpp:
(WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Added FIXME comment to skip Content Security Policy check
when when associated plugin element is in a user agent shadow tree.
* loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy): Skip CSP check for a <iframe> in a user agent shadow tree.
* loader/ResourceLoaderOptions.h: Defined enum class ContentSecurityPolicyImposition with explicit type uint8_t so
as to provide a hint to the compiler (for better packing) when it computes the memory layout for struct that
contains an instance of this class.
(WebCore::ResourceLoaderOptions::ResourceLoaderOptions): Added argument contentSecurityPolicyImposition.
(WebCore::ResourceLoaderOptions::contentSecurityPolicyImposition): Added.
(WebCore::ResourceLoaderOptions::setContentSecurityPolicyImposition): Added.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::pluginIsLoadable): Skip CSP check for a plugin element that is in a user agent shadow tree.
(WebCore::SubframeLoader::createJavaAppletWidget): Skip CSP check for an applet element that is in a user agent shadow tree.
* loader/TextTrackLoader.cpp:
(WebCore::TextTrackLoader::load): Take a boolean, isInitiatingElementInUserAgentShadowTree, and sets the appropriate
Content Security Policy imposition for the text track request.
* loader/TextTrackLoader.h:
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Skip CSP check for a user-specified stylesheet.
(WebCore::CachedResourceLoader::canRequest): Only check the CSP of the page if specified in the resource loader options for the request.
(WebCore::CachedResourceLoader::defaultCachedResourceOptions): Add ContentSecurityPolicyImposition::DoPolicyCheck to the default
resource loader options so that do check the CSP policy of the page before performing a resource request by default.
* loader/cache/CachedSVGDocumentReference.cpp:
(WebCore::CachedSVGDocumentReference::load): Take a ResourceLoaderOptions as an argument and passes it as appropriate.
* loader/cache/CachedSVGDocumentReference.h:
* loader/icon/IconLoader.cpp:
(WebCore::IconLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
* page/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Take an argument called overrideContentSecurityPolicy (defaults to false). When
overrideContentSecurityPolicy := true, this function unconditionally returns true.
(WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
(WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
(WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
(WebCore::ContentSecurityPolicy::allowEval): Ditto.
(WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
(WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
(WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
* page/ContentSecurityPolicy.h:
* page/DOMSecurityPolicy.cpp:
* page/EventSource.cpp:
(WebCore::EventSource::create): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
(WebCore::WebCoreAVFResourceLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
* svg/SVGFEImageElement.cpp:
(WebCore::SVGFEImageElement::requestImageResource): Skip CSP check for a SVG FEImage element in a user agent shadow tree.
* svg/SVGFontFaceUriElement.cpp:
(WebCore::SVGFontFaceUriElement::loadFont): Skip CSP check for a SVG font-face-uri element in a user agent shadow tree.
* svg/SVGUseElement.cpp:
(WebCore::SVGUseElement::updateExternalDocument): Skip CSP check for a SVG use element in a user agent shadow tree.
* testing/Internals.cpp:
(WebCore::Internals::ensureUserAgentShadowRoot): Added.
* testing/Internals.h:
* testing/Internals.idl: Added declaration for ensureUserAgentShadowRoot().
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().

LayoutTests:

Add tests to ensure that we exempt nodes in a user agent shadow tree from the Content Security Policy (CSP) of the page.

Updated test LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html to ensure that
we do not bypass the CSP of the page for a script that executes in an isolated world and renamed the
file image-load-should-not-bypass-main-world-csp.html.

* http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js: Added.
* http/tests/security/contentSecurityPolicy/resources/wait-until-done.js: Added.
(alertAndDone):
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js: Added.
(window.onload):
(testPassed):
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html: Added.
* http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt.
* http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@186388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

118 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt [moved from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt with 56% similarity]
LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html [moved from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html with 97% similarity]
Source/WebCore/ChangeLog
Source/WebCore/Modules/websockets/WebSocket.cpp
Source/WebCore/css/CSSCanvasValue.h
Source/WebCore/css/CSSCrossfadeValue.cpp
Source/WebCore/css/CSSCrossfadeValue.h
Source/WebCore/css/CSSCursorImageValue.cpp
Source/WebCore/css/CSSCursorImageValue.h
Source/WebCore/css/CSSFilterImageValue.cpp
Source/WebCore/css/CSSFilterImageValue.h
Source/WebCore/css/CSSFontFaceSrcValue.cpp
Source/WebCore/css/CSSFontFaceSrcValue.h
Source/WebCore/css/CSSFontSelector.cpp
Source/WebCore/css/CSSFontSelector.h
Source/WebCore/css/CSSGradientValue.h
Source/WebCore/css/CSSImageGeneratorValue.cpp
Source/WebCore/css/CSSImageGeneratorValue.h
Source/WebCore/css/CSSImageSetValue.cpp
Source/WebCore/css/CSSImageSetValue.h
Source/WebCore/css/CSSImageValue.cpp
Source/WebCore/css/CSSImageValue.h
Source/WebCore/css/RuleSet.cpp
Source/WebCore/css/RuleSet.h
Source/WebCore/css/StyleResolver.cpp
Source/WebCore/css/StyleRuleImport.cpp
Source/WebCore/dom/Element.h
Source/WebCore/dom/InlineStyleSheetOwner.cpp
Source/WebCore/dom/Node.cpp
Source/WebCore/dom/Node.h
Source/WebCore/dom/ScriptElement.cpp
Source/WebCore/dom/StyledElement.cpp
Source/WebCore/html/HTMLMediaElement.cpp
Source/WebCore/html/HTMLTrackElement.cpp
Source/WebCore/html/track/LoadableTextTrack.cpp
Source/WebCore/loader/DocumentLoader.cpp
Source/WebCore/loader/ImageLoader.cpp
Source/WebCore/loader/MediaResourceLoader.cpp
Source/WebCore/loader/NetscapePlugInStreamLoader.cpp
Source/WebCore/loader/PolicyChecker.cpp
Source/WebCore/loader/ResourceLoaderOptions.h
Source/WebCore/loader/SubframeLoader.cpp
Source/WebCore/loader/TextTrackLoader.cpp
Source/WebCore/loader/TextTrackLoader.h
Source/WebCore/loader/cache/CachedResourceLoader.cpp
Source/WebCore/loader/cache/CachedSVGDocumentReference.cpp
Source/WebCore/loader/cache/CachedSVGDocumentReference.h
Source/WebCore/loader/icon/IconLoader.cpp
Source/WebCore/page/ContentSecurityPolicy.cpp
Source/WebCore/page/ContentSecurityPolicy.h
Source/WebCore/page/DOMSecurityPolicy.cpp
Source/WebCore/page/EventSource.cpp
Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm
Source/WebCore/svg/SVGFEImageElement.cpp
Source/WebCore/svg/SVGFontFaceUriElement.cpp
Source/WebCore/svg/SVGUseElement.cpp
Source/WebCore/testing/Internals.cpp
Source/WebCore/testing/Internals.h
Source/WebCore/testing/Internals.idl
Source/WebCore/xml/XMLHttpRequest.cpp

index 60bd25eb844b0ea0acbcd8052e2c1659501c4cbf..744ba3f42dec67bd63aff27720540058a92aad17 100644 (file)
@@ -1,3 +1,81 @@
+2015-07-06  Daniel Bates  <dabates@apple.com>
+
+        Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
+        should be exempt from Content Security Policy
+        https://bugs.webkit.org/show_bug.cgi?id=144830
+        <rdar://problem/18860261>
+
+        Reviewed by Geoffrey Garen.
+
+        Add tests to ensure that we exempt nodes in a user agent shadow tree from the Content Security Policy (CSP) of the page.
+
+        Updated test LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html to ensure that
+        we do not bypass the CSP of the page for a script that executes in an isolated world and renamed the
+        file image-load-should-not-bypass-main-world-csp.html.
+
+        * http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js: Added.
+        * http/tests/security/contentSecurityPolicy/resources/wait-until-done.js: Added.
+        (alertAndDone):
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js: Added.
+        (window.onload):
+        (testPassed):
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html: Added.
+        * http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt.
+        * http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html.
+
 2015-07-06  Saam barati  <saambarati1@gmail.com>
 
         JSC's parser should follow the ES6 spec with respect to parsing Declarations
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js
new file mode 100644 (file)
index 0000000..b26c5c4
--- /dev/null
@@ -0,0 +1,3 @@
+alert("PASS");
+if (window.testRunner)
+    testRunner.notifyDone();
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js
new file mode 100644 (file)
index 0000000..a37f76f
--- /dev/null
@@ -0,0 +1,9 @@
+if (window.testRunner)
+    testRunner.waitUntilDone();
+
+function alertAndDone(message)
+{
+    alert(message);
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt
new file mode 100644 (file)
index 0000000..899137e
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML audio element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS did load audio metadata.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
new file mode 100644 (file)
index 0000000..6f0118d
--- /dev/null
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML audio element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var audio = document.createElement("audio");
+    userAgentShadowRoot.appendChild(audio);
+
+    audio.onloadedmetadata = function () {
+        log("PASS did load audio metadata.");
+        testRunner.notifyDone();
+    }
+    audio.onerror = function () {
+        log("FAIL did not load audio metadata.");
+        testRunner.notifyDone();
+    }
+    audio.src = "http://localhost:8000/resources/balls-of-the-orient.aif";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt
new file mode 100644 (file)
index 0000000..e0c9995
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a background image when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
new file mode 100644 (file)
index 0000000..9c2e1a9
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a background image when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { background-image: url(../../resources/abe.png); }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt
new file mode 100644 (file)
index 0000000..59d132b
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image for a cursor when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
new file mode 100644 (file)
index 0000000..e0351ab
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image for a cursor when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { cursor: url(../../resources/abe.png); }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt
new file mode 100644 (file)
index 0000000..8b41165
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a SVG filter image when the page has CSP policy: img-src 'none'.
+
+PASS SVG filter image did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
new file mode 100644 (file)
index 0000000..edf87fa
--- /dev/null
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a SVG filter image when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        log("PASS SVG filter image did load.");
+        testRunner.notifyDone();
+    }
+    image.onerror = function () {
+        log("FAIL SVG filter image did not load.");
+        testRunner.notifyDone();
+    }
+
+    image.style.webkitFilter = "url(resources/floodGreenFilter.svg#filter)";
+    image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt
new file mode 100644 (file)
index 0000000..9e58b86
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image set when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
new file mode 100644 (file)
index 0000000..fe38564
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image set when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { background-image: -webkit-image-set(url(../../resources/abe.png) 1x, url(../../resources/abe.png) 2x) }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt
new file mode 100644 (file)
index 0000000..214c388
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a HTML embed element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: object-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
new file mode 100644 (file)
index 0000000..cd557b7
--- /dev/null
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'">
+<script src="/js-test-resources/plugin.js"></script>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a HTML embed element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: <code>object-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var object = document.createElement("embed");
+    object.type = "application/x-webkit-test-netscape";
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    userAgentShadowRoot.appendChild(object);
+    runAfterPluginLoad(null, NotifyDone);
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt
new file mode 100644 (file)
index 0000000..e9e3183
--- /dev/null
@@ -0,0 +1,4 @@
+ALERT: PASS
+Tests that a external JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: script-src 'unsafe-inline'.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
new file mode 100644 (file)
index 0000000..c186eed
--- /dev/null
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a external JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>script-src 'unsafe-inline'</code>.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var script = document.createElement("script");
+    userAgentShadowRoot.appendChild(script);
+
+    script.onerror = function () {
+        alert("FAIL script did not load.");
+        testRunner.notifyDone();
+    }
+    script.src = "http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt
new file mode 100644 (file)
index 0000000..9967a75
--- /dev/null
@@ -0,0 +1,4 @@
+ALERT: PASS iframe did load.
+Tests that a HTML iframe element, in a user agent shadow tree, is allowed to load when the page has CSP policy: frame-src 'none'. This test FAILED if it timesout.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
new file mode 100644 (file)
index 0000000..bb0c648
--- /dev/null
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML iframe element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>frame-src 'none'</code>. This test FAILED if it timesout.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var iframe = document.createElement("iframe");
+    userAgentShadowRoot.appendChild(iframe);
+
+    iframe.onload = function () { 
+        alert("PASS iframe did load.");
+        // The content document of the HTML iframe will call testRunner.notifyDone().
+    }
+    iframe.src = "http://127.0.0.1:8000/resources/notify-done.html";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt
new file mode 100644 (file)
index 0000000..46cd6c2
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML image element, in a user agent shadow tree, is allowed to load an image resource that has been temporarily moved when the page has CSP policy: img-src 'none'.
+
+PASS image did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
new file mode 100644 (file)
index 0000000..c262c79
--- /dev/null
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML image element, in a user agent shadow tree, is allowed to load an image resource that has been temporarily moved when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        log("PASS image did load.");
+        testRunner.notifyDone();
+    }
+    image.onerror = function () {
+        log("FAIL image did not load.");
+        testRunner.notifyDone();
+    }
+    // HTTP 307 temporary redirect to <http://127.0.0.1:8000/security/resources/abe.png>.
+    image.src = "http://localhost:8000/resources/redirect.php?code=307&url=/security/resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt
new file mode 100644 (file)
index 0000000..9ea52ad
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML image element, in a user agent shadow tree, is allowed to load when the page has CSP policy: img-src 'none'.
+
+PASS image did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
new file mode 100644 (file)
index 0000000..badfbd9
--- /dev/null
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML image element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        log("PASS image did load.");
+        testRunner.notifyDone();
+    }
+    image.onerror = function () {
+        log("FAIL image did not load.");
+        testRunner.notifyDone();
+    }
+    image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt
new file mode 100644 (file)
index 0000000..6561d9a
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: script-src 'self'.
+
+PASS did execute inline script.
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
new file mode 100644 (file)
index 0000000..274b3b0
--- /dev/null
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
+<script src="resources/allow-inline-script.js"></script>
+</head>
+<body>
+<p>Tests that an inline JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>script-src 'self'</code>.</p>
+<div id="shadow-host"></div>
+<p id="result">FAIL did not execute inline script.</p>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt
new file mode 100644 (file)
index 0000000..01a28e1
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that the CSS style of an element, in a user agent shadow tree, can be modified via the HTML style attribute when the page has CSP policy: style-src 'none'.
+
+PASS modified CSS style of element.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
new file mode 100644 (file)
index 0000000..4623f53
--- /dev/null
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that the CSS style of an element, in a user agent shadow tree, can be modified via the HTML style attribute when the page has CSP policy: <code>style-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var div = document.createElement("div");
+    userAgentShadowRoot.appendChild(div);
+
+    var expectedColor = "green";
+    div.setAttribute("style", "background-color: " + expectedColor);
+
+    if (div.style.backgroundColor === expectedColor)
+        log("PASS modified CSS style of element.");
+    else
+        log("FAIL background-style of element should be " + expectedColor + ". Was " + div.style.backgroundColor + ".");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt
new file mode 100644 (file)
index 0000000..2cbb64d
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load when the page has CSP policy: style-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
new file mode 100644 (file)
index 0000000..09a13fd
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>style-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var style = document.createElement("style");
+    userAgentShadowRoot.appendChild(style);
+
+    style.textContent = "#test1 { display: none; }";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt
new file mode 100644 (file)
index 0000000..6ab4c42
--- /dev/null
@@ -0,0 +1,4 @@
+ALERT: PASS user agent object loaded.
+Tests that a HTML object element, in a user agent shadow tree, is allowed to load markup when the page has CSP policy: frame-src 'none'. This test FAILED if it timesout.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt
new file mode 100644 (file)
index 0000000..667c708
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a HTML object element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: object-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
new file mode 100644 (file)
index 0000000..ab8e32c
--- /dev/null
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'">
+<script src="/js-test-resources/plugin.js"></script>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a HTML object element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: <code>object-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var object = document.createElement("object");
+    object.type = "application/x-webkit-test-netscape";
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    userAgentShadowRoot.appendChild(object);
+
+    runAfterPluginLoad(null, NotifyDone);
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
new file mode 100644 (file)
index 0000000..5b002cd
--- /dev/null
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML object element, in a user agent shadow tree, is allowed to load markup when the page has CSP policy: <code>frame-src 'none'</code>. This test FAILED if it timesout.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var object = document.createElement("object");
+    userAgentShadowRoot.appendChild(object);
+
+    object.type = "text/html";
+    object.onload = function () { 
+        alert("PASS user agent object loaded.");
+        // The content document of the HTML object will call testRunner.notifyDone().
+    }
+    object.data = "http://localhost:8000/resources/notify-done.html";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt
new file mode 100644 (file)
index 0000000..f07649f
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a SVG feImage element, in a user agent shadow tree, is allowed to load an external image when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
new file mode 100644 (file)
index 0000000..8c6dbb3
--- /dev/null
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG feImage element, in a user agent shadow tree, is allowed to load an external image when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var svgElement = document.createElementNS("http://www.w3.org/2000/svg", "svg");
+    userAgentShadowRoot.appendChild(svgElement);
+    var filterElement = document.createElementNS("http://www.w3.org/2000/svg", "filter");
+    svgElement.appendChild(filterElement);
+    var feImageElement = document.createElementNS("http://www.w3.org/2000/svg", "feImage");
+    filterElement.appendChild(feImageElement);
+
+    feImageElement.setAttributeNS("http://www.w3.org/1999/xlink", "href", "../../resources/abe.png");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt
new file mode 100644 (file)
index 0000000..03d2e54
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a SVG font-face element, in a user agent shadow tree, is allowed to load an external SVG font when the page has CSP policy: font-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
new file mode 100644 (file)
index 0000000..21e6bbd
--- /dev/null
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="font-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG font-face element, in a user agent shadow tree, is allowed to load an external SVG font when the page has CSP policy: <code>font-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<svg id="shadow-host" viewBox="0 0 100 100">
+</svg>
+<script>
+function runTest()
+{
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var fontFace = document.createElementNS("http://www.w3.org/2000/svg", "font-face");
+    userAgentShadowRoot.appendChild(fontFace);
+    var fontFaceSrc = document.createElementNS("http://www.w3.org/2000/svg", "font-face-src");
+    fontFace.appendChild(fontFaceSrc);
+    var fontFaceURI = document.createElementNS("http://www.w3.org/2000/svg", "font-face-uri");
+    fontFaceSrc.appendChild(fontFaceURI);
+
+    fontFace.setAttributeNS(null, "font-family", "ABCFont");
+    fontFaceURI.setAttributeNS("http://www.w3.org/1999/xlink", "href", "resources/ABCFont.svg#ABCFont");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt
new file mode 100644 (file)
index 0000000..582893c
--- /dev/null
@@ -0,0 +1,3 @@
+Tests that a SVG Use element, in a user agent shadow tree, is allowed to load an external SVG document when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
new file mode 100644 (file)
index 0000000..c5db7a7
--- /dev/null
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG Use element, in a user agent shadow tree, is allowed to load an external SVG document when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var svgElement = document.createElementNS("http://www.w3.org/2000/svg", "svg");
+    userAgentShadowRoot.appendChild(svgElement);
+    var useElement = document.createElementNS("http://www.w3.org/2000/svg", "use");
+    svgElement.appendChild(useElement);
+
+    useElement.setAttributeNS("http://www.w3.org/1999/xlink", "href", "resources/allow-svg-use-element.svg#blue-square");
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt
new file mode 100644 (file)
index 0000000..9fc5be9
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML track element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS track did load.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
new file mode 100644 (file)
index 0000000..5e35e31
--- /dev/null
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML track element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var video = document.createElement("video");
+    userAgentShadowRoot.appendChild(video);
+    var track = document.createElement("track");
+    video.appendChild(track);
+
+    track.track.mode = "hidden";
+    track.kind = "captions";
+    track.onload = function () { 
+        log("PASS track did load.");
+        testRunner.notifyDone();
+    }
+    track.onerror = function () {
+        log("FAIL track did not load.");
+        testRunner.notifyDone();
+    }
+    track.src = "../resources/track.vtt";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt
new file mode 100644 (file)
index 0000000..fbd4906
--- /dev/null
@@ -0,0 +1,4 @@
+Tests that a HTML video element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS did load video metadata.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
new file mode 100644 (file)
index 0000000..7537162
--- /dev/null
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML video element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var video = document.createElement("video");
+    userAgentShadowRoot.appendChild(video);
+
+    video.onloadedmetadata = function () { 
+        log("PASS did load video metadata.");
+        testRunner.notifyDone();
+    }
+    video.onerror = function () {
+        log("FAIL did not load video metadata.");
+        testRunner.notifyDone();
+    }
+    video.src = "http://127.0.0.1:8000/resources/test.mp4";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt
new file mode 100644 (file)
index 0000000..604c952
--- /dev/null
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+Tests that we prevent the document from loading an image that was loaded earlier from a user agent shadow tree. This test can only be run in the test tool. This test PASSED if you see the word PASS below and there is exactly one Content Security Policy console message about a blocked image load.
+
+PASS image was not loaded by document.
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
new file mode 100644 (file)
index 0000000..653d9ab
--- /dev/null
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that we prevent the document from loading an image that was loaded earlier from a user agent shadow tree. This test can only be run in the test tool. This test PASSED if you see the word PASS below and there is exactly one Content Security Policy console message about a blocked image load.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var image = new Image;
+    userAgentShadowRoot.appendChild(image);
+
+    image.onload = function () {
+        // Load image again in document; should be prevented by Content Security Policy.
+        var unprivilegedImage = new Image;
+        unprivilegedImage.src = "../../resources/abe.png";
+        unprivilegedImage.onload = function () {
+            log("FAIL image should not have been loaded by document. But it was loaded.");
+            testRunner.notifyDone();
+        }
+        unprivilegedImage.onerror = function () {
+            log("PASS image was not loaded by document.");
+            testRunner.notifyDone();
+        }
+    }
+    image.onerror = function () {
+        log("FAIL image did not load.");
+        testRunner.notifyDone();
+    }
+    image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt
new file mode 100644 (file)
index 0000000..e362d9d
--- /dev/null
@@ -0,0 +1,2 @@
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.  
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
new file mode 100644 (file)
index 0000000..ac532b6
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://127.0.0.1:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('PASS')" onerror="alertAndDone('FAIL')"></object>
+<video controls></video>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt
new file mode 100644 (file)
index 0000000..ac3e9d5
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS. 
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
new file mode 100644 (file)
index 0000000..497521a
--- /dev/null
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')">
+    <video controls></video>
+</object>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt
new file mode 100644 (file)
index 0000000..75d0e3d
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.  
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
new file mode 100644 (file)
index 0000000..8db07cc
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')"></object>
+<video controls></video>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt
new file mode 100644 (file)
index 0000000..75d0e3d
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.  
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
new file mode 100644 (file)
index 0000000..1699132
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')"></object>
+<video></video>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg
new file mode 100644 (file)
index 0000000..cdb72b9
--- /dev/null
@@ -0,0 +1,35 @@
+<?xml version="1.0"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <defs>
+        <!-- Based on DejaVu Serif (http://dejavu-fonts.org/wiki/index.php?title=License) -->
+        <font id="ABCFont" horiz-adv-x="1716">
+            <font-face
+                font-family="DejaVu Serif"
+                font-weight="400"
+                font-stretch="normal"
+                units-per-em="2048"
+                panose-1="2 6 6 3 5 6 5 2 2 4"
+                ascent="1556"
+                descent="-492"
+                x-height="1063"
+                cap-height="1493"
+                bbox="-1576 -710 3439 2544"
+                underline-thickness="90"
+                underline-position="-85"
+                unicode-range="U+0020-U+1D7E1"
+            />
+
+            <missing-glyph horiz-adv-x="1229" d="M102 -362v1806h1024v-1806h-1024zM217 -248h795v1577h-795v-1577z" />
+
+            <glyph glyph-name="space" unicode=" " horiz-adv-x="651" />
+
+            <glyph glyph-name="a" unicode="a" horiz-adv-x="1221"
+                d="M815 334v225h-237q-137 0 -204 -59t-67 -181q0 -111 68 -176t184 -65q115 0 185.5 71t70.5 185zM999 664v-558h164v-106h-348v115q-61 -74 -141 -109t-187 -35q-177 0 -281 94t-104 254q0 165 119 256t336 91h258v73q0 121 -73.5 187.5t-206.5 66.5q-110 0 -175 -50t-81 -148h-95v215q96 41 186.5 61.5t176.5 20.5q221 0 336.5 -109.5t115.5 -318.5z" />
+            <glyph glyph-name="b" unicode="b" horiz-adv-x="1311"
+                d="M236 106v1344h-177v106h361v-659q54 100 137.5 147.5t206.5 47.5q196 0 320 -155t124 -405t-124 -405.5t-320 -155.5q-123 0 -206.5 47.5t-137.5 147.5v-166h-361v106h177zM420 479q0 -192 73.5 -292.5t213.5 -100.5q141 0 213.5 113t72.5 333q0 221 -72.5 333t-213.5 112q-140 0 -213.5 -101t-73.5 -292v-105z" />
+            <glyph glyph-name="c" unicode="c" horiz-adv-x="1147"
+                d="M1053 319q-39 -170 -150 -259t-287 -89q-232 0 -373 153.5t-141 407.5q0 255 141 407.5t373 152.5q101 0 201 -23.5t201 -71.5v-272h-107q-21 140 -91.5 204t-201.5 64q-149 0 -225 -115.5t-76 -345.5t75.5 -346t225.5 -116q119 0 190 62t97 187h148z" />
+            <glyph glyph-name="ellipsis" unicode="&#x2026;" horiz-adv-x="1638" d="M133 0v268h279v-268h-279zM680 0v268h278v-268h-278zM1225 0v268h278v-268h-278z" />
+        </font>
+    </defs>
+</svg>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js
new file mode 100644 (file)
index 0000000..fd50858
--- /dev/null
@@ -0,0 +1,19 @@
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+window.onload = function ()
+{
+    if (!window.testRunner || !window.internals)
+        return;
+
+    var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+    var script = document.createElement("script");
+    userAgentShadowRoot.appendChild(script);
+
+    script.textContent = "testPassed()";
+}
+
+function testPassed()
+{
+    document.getElementById("result").textContent = "PASS did execute inline script.";
+}
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg
new file mode 100644 (file)
index 0000000..2c9ea37
--- /dev/null
@@ -0,0 +1,7 @@
+<svg width="0" height="0" xmlns="http://www.w3.org/2000/svg" version="1.1">
+  <defs>
+    <filter id="filter">
+      <feFlood flood-color="green"/>
+    </filter>
+  </defs>
+</svg>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt
new file mode 100644 (file)
index 0000000..42ef321
--- /dev/null
@@ -0,0 +1,3 @@
+This test passed if there are no console error messages.
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
new file mode 100644 (file)
index 0000000..1222d6f
--- /dev/null
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+</head>
+<body>
+<p>This test passed if there are no console error messages.</p>
+<video controls></video>
+</body>
+</html>
similarity index 56%
rename from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt
rename to LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt
index fb35de59a556e4487c1fcdaa852929a97f29812c..c7b0bf67b1a9f215dfa083b9a7324532920db76f 100644 (file)
@@ -1,11 +1,13 @@
 CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
 
 ALERT: BLOCKED in main world
-ALERT: LOADED in isolated world
+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+ALERT: BLOCKED in isolated world
 CONSOLE MESSAGE: line 38: EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
 
 ALERT: BLOCKED eval() in main world
 ALERT: Called eval() in isolated world
-This test ensures that scripts run in isolated worlds aren't affected by the page's content security policy. Extensions, for example, should be able to load any resource they like.
+This test ensures that scripts run in isolated worlds are affected by the page's content security policy. Extensions, for example, should not be able to load any resource they like.
 
 
similarity index 97%
rename from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
rename to LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html
index 9702825d2d361fc6af6aa5f5f713d16b9dabb564..1e28707a9c84ad901017263c67960ced07b69851 100644 (file)
@@ -63,9 +63,9 @@
 </head>
 <body onload='test();'>
     <p>
-        This test ensures that scripts run in isolated worlds aren't affected
+        This test ensures that scripts run in isolated worlds are affected
         by the page's content security policy. Extensions, for example, should
-        be able to load any resource they like.
+        not be able to load any resource they like.
     </p>
 </body>
 </html>
index ecb5d7932f95f8a40981c1e29a36e6e3fadc4392..a549bede228e8b271bdd8f4897bb387ed48223f2 100644 (file)
@@ -1,3 +1,206 @@
+2015-07-06  Daniel Bates  <dabates@apple.com>
+
+        Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
+        should be exempt from Content Security Policy
+        https://bugs.webkit.org/show_bug.cgi?id=144830
+        <rdar://problem/18860261>
+
+        Reviewed by Geoffrey Garen.
+
+        Make scripts that run in an isolated world be subject to the Content Security Policy (CSP) of the page
+        and exempt features implemented using a user agent shadow DOM. As a side effect of this change,
+        Safari Content Extensions will respect the CSP policy of the page when loading subresources (e.g. an image).
+
+        Tests: http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
+               http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
+               http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html
+
+        * Modules/websockets/WebSocket.cpp:
+        (WebCore::WebSocket::connect): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+        * css/CSSCanvasValue.h:
+        (WebCore::CSSCanvasValue::loadSubimages): Modified to take argument ResourceLoaderOptions (unused).
+        * css/CSSCrossfadeValue.cpp:
+        (WebCore::CSSCrossfadeValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
+        pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+        the cross fade is applied to an element in a user agent shadow tree.
+        (WebCore::CSSCrossfadeValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        (WebCore::CSSCrossfadeValue::image): Explicitly instantiate default ResourceLoaderOptions and pass it
+        when requesting a cached image. Added FIXME comment to skip Content Security Policy check when the cross
+        fade is applied to an element in a user agent shadow tree.
+        * css/CSSCrossfadeValue.h:
+        * css/CSSCursorImageValue.cpp:
+        (WebCore::CSSCursorImageValue::cachedImage): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        * css/CSSCursorImageValue.h:
+        * css/CSSFilterImageValue.cpp:
+        (WebCore::CSSFilterImageValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
+        pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+        the cross fade is applied to an element in a user agent shadow tree.
+        (WebCore::CSSFilterImageValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        (WebCore::CSSFilterImageValue::loadSubimages): Explicitly instantiate default ResourceLoaderOptions and pass
+        pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+        the cross fade is applied to an element in a user agent shadow tree.
+        (WebCore::CSSFilterImageValue::image):
+        * css/CSSFilterImageValue.h:
+        * css/CSSFontFaceSrcValue.cpp:
+        (WebCore::CSSFontFaceSrcValue::cachedFont): Take a boolean, isInitiatingElementInUserAgentShadowTree,
+        so as to determine the appropriate CSP imposition. In particular, we skip the CSP check when the initiating element
+        (e.g. SVG font-face element) is in a user agent shadow tree.
+        * css/CSSFontFaceSrcValue.h:
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::addFontFaceRule): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
+        it as appropriate.
+        * css/CSSFontSelector.h:
+        * css/CSSGradientValue.h:
+        (WebCore::CSSGradientValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+        as appropriate.
+        * css/CSSImageGeneratorValue.cpp:
+        (WebCore::CSSImageGeneratorValue::loadSubimages): Ditto.
+        (WebCore::CSSImageGeneratorValue::cachedImageForCSSValue): Ditto.
+        * css/CSSImageGeneratorValue.h:
+        * css/CSSImageSetValue.cpp:
+        (WebCore::CSSImageSetValue::cachedImageSet): Deleted.
+        * css/CSSImageSetValue.h:
+        * css/CSSImageValue.cpp:
+        (WebCore::CSSImageValue::cachedImage): Deleted.
+        * css/CSSImageValue.h:
+        * css/RuleSet.cpp:
+        (WebCore::RuleSet::addChildRules): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
+        it as appropriate.
+        (WebCore::RuleSet::addRulesFromSheet): Added FIXME comment to skip Content Security Policy check when
+        when stylesheet is in a user agent shadow tree.
+        * css/RuleSet.h:
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::StyleResolver): Determine whether the SVG font-face element is in a user agent shadow tree
+        and pass the appropriate value when calling CSSFontSelector::addFontFaceRule(). Also, modernized code; used C++11 range
+        -based for-loop instead of const_iterator idiom.
+        (WebCore::StyleResolver::loadPendingSVGDocuments): Skip CSP check when requesting subresources as a byproduct of
+        resolving style for an element in a user agent shadow tree.
+        (WebCore::StyleResolver::loadPendingImage): Ditto.
+        (WebCore::StyleResolver::loadPendingShapeImage): Ditto.
+        * css/StyleRuleImport.cpp:
+        (WebCore::StyleRuleImport::requestStyleSheet): Added FIXME comment to skip Content Security Policy check when
+        when stylesheet is in a user agent shadow tree.
+        * dom/Element.h:
+        * dom/InlineStyleSheetOwner.cpp:
+        (WebCore::InlineStyleSheetOwner::createSheet): Skip CSP check for an inline <style> that is in a user agent shadow tree.
+        * dom/Node.cpp:
+        (WebCore::Node::isInUserAgentShadowTree): Added.
+        * dom/Node.h:
+        * dom/ScriptElement.cpp:
+        (WebCore::ScriptElement::requestScript): Skip CSP check for an external JavaScript script in a user agent shadow tree.
+        (WebCore::ScriptElement::executeScript): Skip CSP check for an inline JavaScript script that is in a user agent shadow tree.
+        * dom/StyledElement.cpp:
+        (WebCore::StyledElement::styleAttributeChanged): Skip CSP check when modifying the inline style of an element in a user
+        agent shadow tree.
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::isSafeToLoadURL): Skip CSP check for a <audio>, <video> in a user agent shadow tree.
+        (WebCore::HTMLMediaElement::outOfBandTrackSources): Ditto.
+        * html/HTMLTrackElement.cpp:
+        (WebCore::HTMLTrackElement::canLoadURL): Ditto.
+        * html/track/LoadableTextTrack.cpp:
+        (WebCore::LoadableTextTrack::loadTimerFired): Determine whether the <track> is in a user agent shadow tree
+        and pass the appropriate value when calling TextTrackLoader::load().
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::startLoadingMainResource): Do CSP check when loading a resource by default.
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageLoader::updateFromElement): Skip CSP check for an image that is in a user agent shadow tree.
+        * loader/MediaResourceLoader.cpp:
+        (WebCore::MediaResourceLoader::start): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+        This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+        * loader/NetscapePlugInStreamLoader.cpp:
+        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Added FIXME comment to skip Content Security Policy check
+        when when associated plugin element is in a user agent shadow tree.
+        * loader/PolicyChecker.cpp:
+        (WebCore::PolicyChecker::checkNavigationPolicy): Skip CSP check for a <iframe> in a user agent shadow tree.
+        * loader/ResourceLoaderOptions.h: Defined enum class ContentSecurityPolicyImposition with explicit type uint8_t so
+        as to provide a hint to the compiler (for better packing) when it computes the memory layout for struct that
+        contains an instance of this class.
+        (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): Added argument contentSecurityPolicyImposition.
+        (WebCore::ResourceLoaderOptions::contentSecurityPolicyImposition): Added.
+        (WebCore::ResourceLoaderOptions::setContentSecurityPolicyImposition): Added.
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::pluginIsLoadable): Skip CSP check for a plugin element that is in a user agent shadow tree.
+        (WebCore::SubframeLoader::createJavaAppletWidget): Skip CSP check for an applet element that is in a user agent shadow tree.
+        * loader/TextTrackLoader.cpp:
+        (WebCore::TextTrackLoader::load): Take a boolean, isInitiatingElementInUserAgentShadowTree, and sets the appropriate
+        Content Security Policy imposition for the text track request.
+        * loader/TextTrackLoader.h:
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Skip CSP check for a user-specified stylesheet.
+        (WebCore::CachedResourceLoader::canRequest): Only check the CSP of the page if specified in the resource loader options for the request.
+        (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Add ContentSecurityPolicyImposition::DoPolicyCheck to the default
+        resource loader options so that do check the CSP policy of the page before performing a resource request by default.
+        * loader/cache/CachedSVGDocumentReference.cpp:
+        (WebCore::CachedSVGDocumentReference::load): Take a ResourceLoaderOptions as an argument and passes it as appropriate.
+        * loader/cache/CachedSVGDocumentReference.h:
+        * loader/icon/IconLoader.cpp:
+        (WebCore::IconLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+        This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Take an argument called overrideContentSecurityPolicy (defaults to false). When
+        overrideContentSecurityPolicy := true, this function unconditionally returns true.
+        (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
+        (WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
+        (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
+        (WebCore::ContentSecurityPolicy::allowEval): Ditto.
+        (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
+        (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
+        (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
+        (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
+        * page/ContentSecurityPolicy.h:
+        * page/DOMSecurityPolicy.cpp:
+        * page/EventSource.cpp:
+        (WebCore::EventSource::create): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
+        (WebCore::WebCoreAVFResourceLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+        This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+        * svg/SVGFEImageElement.cpp:
+        (WebCore::SVGFEImageElement::requestImageResource): Skip CSP check for a SVG FEImage element in a user agent shadow tree.
+        * svg/SVGFontFaceUriElement.cpp:
+        (WebCore::SVGFontFaceUriElement::loadFont): Skip CSP check for a SVG font-face-uri element in a user agent shadow tree.
+        * svg/SVGUseElement.cpp:
+        (WebCore::SVGUseElement::updateExternalDocument): Skip CSP check for a SVG use element in a user agent shadow tree.
+        * testing/Internals.cpp:
+        (WebCore::Internals::ensureUserAgentShadowRoot): Added.
+        * testing/Internals.h:
+        * testing/Internals.idl: Added declaration for ensureUserAgentShadowRoot().
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::open): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+
 2015-07-06  Brent Fulgham  <bfulgham@apple.com>
 
         Ensure media playback is stopped during page close
index bfb4d11173c1bc5bbd3fd809fd87b893289c5b42..b1760eea5b811f2c609e4dd5b753bfef2c958d5b 100644 (file)
@@ -244,7 +244,7 @@ void WebSocket::connect(const String& url, const Vector<String>& protocols, Exce
         Document& document = downcast<Document>(*scriptExecutionContext());
         shouldBypassMainWorldContentSecurityPolicy = document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
     }
-    if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
+    if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url, shouldBypassMainWorldContentSecurityPolicy)) {
         m_state = CLOSED;
 
         // FIXME: Should this be throwing an exception?
index 16956e1d62b263c394131e0d650207baba4be2a8..45b79a9fdf0b20453c4897c418c249e42b598ff0 100644 (file)
@@ -45,7 +45,7 @@ public:
     FloatSize fixedSize(const RenderElement*);
 
     bool isPending() const { return false; }
-    void loadSubimages(CachedResourceLoader&) { }
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&) { }
 
     bool equals(const CSSCanvasValue&) const;
 
index 0d7a47d5f88bae9a5c7195ee74fb2f3f53db4885..d069d2e12b8e0c7cd179bfa2c87a79418a233db2 100644 (file)
@@ -84,9 +84,13 @@ FloatSize CSSCrossfadeValue::fixedSize(const RenderElement* renderer)
     float percentage = m_percentageValue->getFloatValue();
     float inversePercentage = 1 - percentage;
 
+    // FIXME: Skip Content Security Policy check when cross fade is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
-    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
+    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
 
     if (!cachedFromImage || !cachedToImage)
         return FloatSize();
@@ -114,13 +118,13 @@ bool CSSCrossfadeValue::knownToBeOpaque(const RenderElement* renderer) const
     return subimageKnownToBeOpaque(*m_fromValue, renderer) && subimageKnownToBeOpaque(*m_toValue, renderer);
 }
 
-void CSSCrossfadeValue::loadSubimages(CachedResourceLoader& cachedResourceLoader)
+void CSSCrossfadeValue::loadSubimages(CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     CachedResourceHandle<CachedImage> oldCachedFromImage = m_cachedFromImage;
     CachedResourceHandle<CachedImage> oldCachedToImage = m_cachedToImage;
 
-    m_cachedFromImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
-    m_cachedToImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
+    m_cachedFromImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+    m_cachedToImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
 
     if (m_cachedFromImage != oldCachedFromImage) {
         if (oldCachedFromImage)
@@ -144,9 +148,13 @@ PassRefPtr<Image> CSSCrossfadeValue::image(RenderElement* renderer, const FloatS
     if (size.isEmpty())
         return nullptr;
 
+    // FIXME: Skip Content Security Policy check when cross fade is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
-    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
+    CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+    CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
 
     if (!cachedFromImage || !cachedToImage)
         return Image::nullImage();
index e94eaead68afaf62136673de170f822d140ec538..1ed8b6f3e0ed6e319f24b83c5578aee4af7f2a2a 100644 (file)
@@ -59,7 +59,7 @@ public:
     bool isPending() const;
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&);
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&);
 
     void setPercentage(PassRefPtr<CSSPrimitiveValue> percentageValue) { m_percentageValue = percentageValue; }
 
index 410ae4fd6b4ca9912ddef6ae4e81384c0dd96cac..7667f946953a047d62cad25719c042cc1f4c66ed 100644 (file)
@@ -130,11 +130,11 @@ bool CSSCursorImageValue::updateIfSVGCursorIsUsed(Element* element)
     return false;
 }
 
-StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader)
+StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader, const ResourceLoaderOptions& options)
 {
 #if ENABLE(CSS_IMAGE_SET)
     if (is<CSSImageSetValue>(m_imageValue.get()))
-        return downcast<CSSImageSetValue>(m_imageValue.get()).cachedImageSet(loader);
+        return downcast<CSSImageSetValue>(m_imageValue.get()).cachedImageSet(loader, options);
 #endif
 
     if (!m_accessedImage) {
@@ -148,7 +148,7 @@ StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader)
             if (SVGCursorElement* cursorElement = resourceReferencedByCursorElement(downcast<CSSImageValue>(m_imageValue.get()).url(), *loader.document())) {
                 detachPendingImage();
                 Ref<CSSImageValue> svgImageValue(CSSImageValue::create(cursorElement->href()));
-                StyleCachedImage* cachedImage = svgImageValue->cachedImage(loader);
+                StyleCachedImage* cachedImage = svgImageValue->cachedImage(loader, options);
                 m_image = cachedImage;
                 return cachedImage;
             }
@@ -156,7 +156,7 @@ StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader& loader)
 
         if (is<CSSImageValue>(m_imageValue.get())) {
             detachPendingImage();
-            m_image = downcast<CSSImageValue>(m_imageValue.get()).cachedImage(loader);
+            m_image = downcast<CSSImageValue>(m_imageValue.get()).cachedImage(loader, options);
         }
     }
 
index 20382cbaacbc063151ee90e62abffb823c09118b..f93de158b29bebeefc8b932c62e4cee09a7e86aa 100644 (file)
@@ -52,7 +52,7 @@ public:
     String customCSSText() const;
 
     bool updateIfSVGCursorIsUsed(Element*);
-    StyleImage* cachedImage(CachedResourceLoader&);
+    StyleImage* cachedImage(CachedResourceLoader&, const ResourceLoaderOptions&);
     StyleImage* cachedOrPendingImage(Document&);
 
     void removeReferencedElement(SVGElement*);
index b8f38a324a2974a86eaf4de3a616f4bec5e7d5c1..c6b3de239c024a8159d790e5b387c9e6ca7db05d 100644 (file)
@@ -60,8 +60,12 @@ String CSSFilterImageValue::customCSSText() const
 
 FloatSize CSSFilterImageValue::fixedSize(const RenderElement* renderer)
 {
+    // FIXME: Skip Content Security Policy check when filter is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
+    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
 
     if (!cachedImage)
         return FloatSize();
@@ -79,11 +83,11 @@ bool CSSFilterImageValue::knownToBeOpaque(const RenderElement*) const
     return false;
 }
 
-void CSSFilterImageValue::loadSubimages(CachedResourceLoader& cachedResourceLoader)
+void CSSFilterImageValue::loadSubimages(CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     CachedResourceHandle<CachedImage> oldCachedImage = m_cachedImage;
 
-    m_cachedImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
+    m_cachedImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
 
     if (m_cachedImage != oldCachedImage) {
         if (oldCachedImage)
@@ -100,8 +104,12 @@ PassRefPtr<Image> CSSFilterImageValue::image(RenderElement* renderer, const Floa
     if (size.isEmpty())
         return nullptr;
 
+    // FIXME: Skip Content Security Policy check when filter is applied to an element in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
     CachedResourceLoader& cachedResourceLoader = renderer->document().cachedResourceLoader();
-    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
+    CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
 
     if (!cachedImage)
         return Image::nullImage();
index 156096db551d97f0fd361598c1e8abb68b459bf6..93959b6a7f36e56112197048fe4ecd59cea16a53 100644 (file)
@@ -62,7 +62,7 @@ public:
     bool isPending() const;
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&);
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&);
 
     bool traverseSubresources(const std::function<bool (const CachedResource&)>& handler) const;
 
index 27c583601619cc7ca7e6adb3a537d5114bc3effb..a2d0afa45ec30ac59e785d9ea99190de25f8aa8f 100644 (file)
@@ -98,10 +98,13 @@ bool CSSFontFaceSrcValue::traverseSubresources(const std::function<bool (const C
     return handler(*m_cachedFont);
 }
 
-CachedFont* CSSFontFaceSrcValue::cachedFont(Document* document, bool isSVG)
+CachedFont* CSSFontFaceSrcValue::cachedFont(Document* document, bool isSVG, bool isInitiatingElementInUserAgentShadowTree)
 {
     if (!m_cachedFont) {
-        CachedResourceRequest request(ResourceRequest(document->completeURL(m_resource)));
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request(ResourceRequest(document->completeURL(m_resource)), options);
         request.setInitiator(cachedResourceRequestInitiators().css);
         m_cachedFont = document->cachedResourceLoader().requestFont(request, isSVG);
     }
index 7e49c212f4a84f7914f5362dac1a98183ff1a33a..c386afeb8ff65121a00eef64cb76d9d2f672a9a0 100644 (file)
@@ -70,7 +70,7 @@ public:
 
     bool traverseSubresources(const std::function<bool (const CachedResource&)>& handler) const;
 
-    CachedFont* cachedFont(Document*, bool isSVG);
+    CachedFont* cachedFont(Document*, bool isSVG, bool isInitiatingElementInUserAgentShadowTree);
 
     bool equals(const CSSFontFaceSrcValue&) const;
 
index 104ae7067b2fcdd9a9fd86d5ffb1659cf40a8f85..073c2113874bfe20745db106aba3c6655d650236 100644 (file)
@@ -84,7 +84,7 @@ bool CSSFontSelector::isEmpty() const
     return m_fonts.isEmpty();
 }
 
-void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule)
+void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule, bool isInitiatingElementInUserAgentShadowTree)
 {
     // Obtain the font-family property and the src property.  Both must be defined.
     const StyleProperties& style = fontFaceRule->properties();
@@ -212,7 +212,7 @@ void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule)
             Settings* settings = m_document ? m_document->frame() ? &m_document->frame()->settings() : 0 : 0;
             bool allowDownloading = foundSVGFont || (settings && settings->downloadableBinaryFontsEnabled());
             if (allowDownloading && item.isSupportedFormat() && m_document) {
-                CachedFont* cachedFont = item.cachedFont(m_document, foundSVGFont);
+                CachedFont* cachedFont = item.cachedFont(m_document, foundSVGFont, isInitiatingElementInUserAgentShadowTree);
                 if (cachedFont) {
                     source = std::make_unique<CSSFontFaceSource>(item.resource(), cachedFont);
 #if ENABLE(SVG_FONTS)
index 7563ab3be29943e524ae29b0fc2a503a709fb92f..4be740812996454e9feb30e97e045e026e5c732c 100644 (file)
@@ -67,7 +67,7 @@ public:
 
     void clearDocument();
 
-    void addFontFaceRule(const StyleRuleFontFace*);
+    void addFontFaceRule(const StyleRuleFontFace*, bool isInitiatingElementInUserAgentShadowTree);
 
     void fontLoaded();
     virtual void fontCacheInvalidated() override;
index 11e372e3d2a7e9ed6a54dfa719ac73c8efaafbc7..da911a22038d645c39d7266c3e3476ebec54f649 100644 (file)
@@ -85,7 +85,7 @@ public:
     bool isPending() const { return false; }
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&) { }
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&) { }
     PassRefPtr<CSSGradientValue> gradientWithStylesResolved(StyleResolver*);
 
 protected:
index eb4889ef6e3246574fa7a120be3b087b5d6bf72c..fe400c16b4967773fbfb7e6bb33f7aaf2b99b0f8 100644 (file)
@@ -209,23 +209,23 @@ bool CSSImageGeneratorValue::knownToBeOpaque(const RenderElement* renderer) cons
     return false;
 }
 
-void CSSImageGeneratorValue::loadSubimages(CachedResourceLoader& cachedResourceLoader)
+void CSSImageGeneratorValue::loadSubimages(CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     switch (classType()) {
     case CrossfadeClass:
-        downcast<CSSCrossfadeValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSCrossfadeValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case CanvasClass:
-        downcast<CSSCanvasValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSCanvasValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case FilterImageClass:
-        downcast<CSSFilterImageValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSFilterImageValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case LinearGradientClass:
-        downcast<CSSLinearGradientValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSLinearGradientValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     case RadialGradientClass:
-        downcast<CSSRadialGradientValue>(*this).loadSubimages(cachedResourceLoader);
+        downcast<CSSRadialGradientValue>(*this).loadSubimages(cachedResourceLoader, options);
         break;
     default:
         ASSERT_NOT_REACHED();
@@ -248,13 +248,13 @@ bool CSSImageGeneratorValue::subimageIsPending(CSSValue* value)
     return false;
 }
 
-CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, CachedResourceLoader& cachedResourceLoader)
+CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
 {
     if (!value)
         return nullptr;
 
     if (is<CSSImageValue>(*value)) {
-        StyleCachedImage* styleCachedImage = downcast<CSSImageValue>(*value).cachedImage(cachedResourceLoader);
+        StyleCachedImage* styleCachedImage = downcast<CSSImageValue>(*value).cachedImage(cachedResourceLoader, options);
         if (!styleCachedImage)
             return nullptr;
 
@@ -262,7 +262,7 @@ CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, Cac
     }
     
     if (is<CSSImageGeneratorValue>(*value)) {
-        downcast<CSSImageGeneratorValue>(*value).loadSubimages(cachedResourceLoader);
+        downcast<CSSImageGeneratorValue>(*value).loadSubimages(cachedResourceLoader, options);
         // FIXME: Handle CSSImageGeneratorValue (and thus cross-fades with gradients and canvas).
         return nullptr;
     }
index 7ccaccb407d34d9fd9acc37adbecedc6f3f5f83b..c9b556cda07c571ead17d9105c18748788968da1 100644 (file)
@@ -40,6 +40,7 @@ class GeneratedImage;
 class Image;
 class RenderElement;
 class StyleResolver;
+struct ResourceLoaderOptions;
 
 class CSSImageGeneratorValue : public CSSValue {
 public:
@@ -56,7 +57,7 @@ public:
     bool isPending() const;
     bool knownToBeOpaque(const RenderElement*) const;
 
-    void loadSubimages(CachedResourceLoader&);
+    void loadSubimages(CachedResourceLoader&, const ResourceLoaderOptions&);
 
 protected:
     CSSImageGeneratorValue(ClassType);
@@ -66,7 +67,7 @@ protected:
     const HashCountedSet<RenderElement*>& clients() const { return m_clients; }
 
     // Helper functions for Crossfade and Filter.
-    static CachedImage* cachedImageForCSSValue(CSSValue*, CachedResourceLoader&);
+    static CachedImage* cachedImageForCSSValue(CSSValue*, CachedResourceLoader&, const ResourceLoaderOptions&);
     static bool subimageIsPending(CSSValue*);
 
 private:
index 3e7806b340d6c7ad23a9fee5f3e387451129abff..7631beeab3a9f2e90f4d7d0aec5f7b88ba631d7b 100644 (file)
@@ -130,11 +130,6 @@ StyleCachedImageSet* CSSImageSetValue::cachedImageSet(CachedResourceLoader& load
     return is<StyleCachedImageSet>(m_imageSet.get()) ? downcast<StyleCachedImageSet>(m_imageSet.get()) : nullptr;
 }
 
-StyleCachedImageSet* CSSImageSetValue::cachedImageSet(CachedResourceLoader& loader)
-{
-    return cachedImageSet(loader, CachedResourceLoader::defaultCachedResourceOptions());
-}
-
 StyleImage* CSSImageSetValue::cachedOrPendingImageSet(Document& document)
 {
     if (!m_imageSet)
index 70a4b488becda31c2163219a9ae90a977361e2fe..f088863bd7f54f4dad881c56aeddbd6f10a80a46 100644 (file)
@@ -48,7 +48,6 @@ public:
     ~CSSImageSetValue();
 
     StyleCachedImageSet* cachedImageSet(CachedResourceLoader&, const ResourceLoaderOptions&);
-    StyleCachedImageSet* cachedImageSet(CachedResourceLoader&);
 
     // Returns a StyleCachedImageSet if the best fit image has been cached already, otherwise a StylePendingImage.
     StyleImage* cachedOrPendingImageSet(Document&);
index cef4ea87b01b4cd7edd13bbc363eb71eab6ad10e..e1254f0a81a38ec9a860ae816a74544ee9652162 100644 (file)
@@ -94,11 +94,6 @@ StyleCachedImage* CSSImageValue::cachedImage(CachedResourceLoader& loader, const
     return is<StyleCachedImage>(m_image.get()) ? downcast<StyleCachedImage>(m_image.get()) : nullptr;
 }
 
-StyleCachedImage* CSSImageValue::cachedImage(CachedResourceLoader& loader)
-{
-    return cachedImage(loader, CachedResourceLoader::defaultCachedResourceOptions());
-}
-
 bool CSSImageValue::traverseSubresources(const std::function<bool (const CachedResource&)>& handler) const
 {
     if (!is<StyleCachedImage>(m_image.get()))
index 5291a639918d9f97f84f43a2a916f1dcfdf79888..7ea5090c1fd032a0d4e1122a481829a87723b3ae 100644 (file)
@@ -40,7 +40,6 @@ public:
     ~CSSImageValue();
 
     StyleCachedImage* cachedImage(CachedResourceLoader&, const ResourceLoaderOptions&);
-    StyleCachedImage* cachedImage(CachedResourceLoader&);
     // Returns a StyleCachedImage if the image is cached already, otherwise a StylePendingImage.
     StyleImage* cachedOrPendingImage();
 
index 5b5e500db761613b584ec5fe573e84a6cb855747..b2f6ddf4bc3d25d6487da399ca53cfe9cf0d7958 100644 (file)
@@ -316,7 +316,7 @@ void RuleSet::addRegionRule(StyleRuleRegion* regionRule, bool hasDocumentSecurit
     m_regionSelectorsAndRuleSets.append(RuleSetSelectorPair(regionRule->selectorList().first(), WTF::move(regionRuleSet)));
 }
 
-void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool hasDocumentSecurityOrigin, AddRuleFlags addRuleFlags)
+void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags addRuleFlags)
 {
     for (auto& rule : rules) {
         if (is<StyleRule>(*rule))
@@ -326,15 +326,15 @@ void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const Me
         else if (is<StyleRuleMedia>(*rule)) {
             auto& mediaRule = downcast<StyleRuleMedia>(*rule);
             if ((!mediaRule.mediaQueries() || medium.eval(mediaRule.mediaQueries(), resolver)))
-                addChildRules(mediaRule.childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
+                addChildRules(mediaRule.childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
         } else if (is<StyleRuleFontFace>(*rule) && resolver) {
             // Add this font face to our set.
-            resolver->document().fontSelector().addFontFaceRule(downcast<StyleRuleFontFace>(rule.get()));
+            resolver->document().fontSelector().addFontFaceRule(downcast<StyleRuleFontFace>(rule.get()), isInitiatingElementInUserAgentShadowTree);
             resolver->invalidateMatchedPropertiesCache();
         } else if (is<StyleRuleKeyframes>(*rule) && resolver)
             resolver->addKeyframeStyle(downcast<StyleRuleKeyframes>(rule.get()));
         else if (is<StyleRuleSupports>(*rule) && downcast<StyleRuleSupports>(*rule).conditionIsSupported())
-            addChildRules(downcast<StyleRuleSupports>(*rule).childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
+            addChildRules(downcast<StyleRuleSupports>(*rule).childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
 #if ENABLE(CSS_REGIONS)
         else if (is<StyleRuleRegion>(*rule) && resolver) {
             addRegionRule(downcast<StyleRuleRegion>(rule.get()), hasDocumentSecurityOrigin);
@@ -362,7 +362,10 @@ void RuleSet::addRulesFromSheet(StyleSheetContents* sheet, const MediaQueryEvalu
     bool hasDocumentSecurityOrigin = resolver && resolver->document().securityOrigin()->canRequest(sheet->baseURL());
     AddRuleFlags addRuleFlags = static_cast<AddRuleFlags>((hasDocumentSecurityOrigin ? RuleHasDocumentSecurityOrigin : 0));
 
-    addChildRules(sheet->childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
+    // FIXME: Skip Content Security Policy check when stylesheet is in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+    bool isInitiatingElementInUserAgentShadowTree = false;
+    addChildRules(sheet->childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
 
     if (m_autoShrinkToFitEnabled)
         shrinkToFit();
index 7ad719de9ea1f4414eed32042db53ddbb4bb44a1..1ce7065329bc565072012e141da5b97088fbc239 100644 (file)
@@ -190,7 +190,7 @@ public:
     bool hasShadowPseudoElementRules() const { return !m_shadowPseudoElementRules.isEmpty(); }
 
 private:
-    void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool hasDocumentSecurityOrigin, AddRuleFlags);
+    void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags);
 
     AtomRuleMap m_idRules;
     AtomRuleMap m_classRules;
index 62bdaea0cf74ad41b7f85e289e7fe75879dd6bcd..f2230678bd75b63ab6db898545675ae7578958e1 100644 (file)
@@ -322,9 +322,8 @@ StyleResolver::StyleResolver(Document& document, bool matchAuthorAndUserStyles)
 #if ENABLE(SVG_FONTS)
     if (m_document.svgExtensions()) {
         const HashSet<SVGFontFaceElement*>& svgFontFaceElements = m_document.svgExtensions()->svgFontFaceElements();
-        HashSet<SVGFontFaceElement*>::const_iterator end = svgFontFaceElements.end();
-        for (HashSet<SVGFontFaceElement*>::const_iterator it = svgFontFaceElements.begin(); it != end; ++it)
-            m_document.fontSelector().addFontFaceRule((*it)->fontFaceRule());
+        for (auto* svgFontFaceElement : svgFontFaceElements)
+            m_document.fontSelector().addFontFaceRule(svgFontFaceElement->fontFaceRule(), svgFontFaceElement->isInUserAgentShadowTree());
     }
 #endif
 
@@ -2249,18 +2248,21 @@ void StyleResolver::loadPendingSVGDocuments()
     if (!hasFilters && !hasMasks)
         return;
 
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
     CachedResourceLoader& cachedResourceLoader = state.document().cachedResourceLoader();
     
     if (hasFilters) {
         for (auto& filterOperation : state.filtersWithPendingSVGDocuments())
-            filterOperation->getOrCreateCachedSVGDocumentReference()->load(cachedResourceLoader);
+            filterOperation->getOrCreateCachedSVGDocumentReference()->load(cachedResourceLoader, options);
 
         state.filtersWithPendingSVGDocuments().clear();
     }
     
     if (hasMasks) {
         for (auto& maskImageOperation : state.maskImagesWithPendingSVGDocuments())
-            maskImageOperation->ensureCachedSVGDocumentReference()->load(cachedResourceLoader);
+            maskImageOperation->ensureCachedSVGDocumentReference()->load(cachedResourceLoader, options);
 
         state.maskImagesWithPendingSVGDocuments().clear();
     }
@@ -2408,12 +2410,12 @@ PassRefPtr<StyleImage> StyleResolver::loadPendingImage(const StylePendingImage&
         return imageValue->cachedImage(m_state.document().cachedResourceLoader(), options);
 
     if (auto imageGeneratorValue = pendingImage.cssImageGeneratorValue()) {
-        imageGeneratorValue->loadSubimages(m_state.document().cachedResourceLoader());
+        imageGeneratorValue->loadSubimages(m_state.document().cachedResourceLoader(), options);
         return StyleGeneratedImage::create(*imageGeneratorValue);
     }
 
     if (auto cursorImageValue = pendingImage.cssCursorImageValue())
-        return cursorImageValue->cachedImage(m_state.document().cachedResourceLoader());
+        return cursorImageValue->cachedImage(m_state.document().cachedResourceLoader(), options);
 
 #if ENABLE(CSS_IMAGE_SET)
     if (auto imageSetValue = pendingImage.cssImageSetValue())
@@ -2425,7 +2427,9 @@ PassRefPtr<StyleImage> StyleResolver::loadPendingImage(const StylePendingImage&
 
 PassRefPtr<StyleImage> StyleResolver::loadPendingImage(const StylePendingImage& pendingImage)
 {
-    return loadPendingImage(pendingImage, CachedResourceLoader::defaultCachedResourceOptions());
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+    return loadPendingImage(pendingImage, options);
 }
 
 #if ENABLE(CSS_SHAPES)
@@ -2443,6 +2447,7 @@ void StyleResolver::loadPendingShapeImage(ShapeValue* shapeValue)
     ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
     options.setRequestOriginPolicy(PotentiallyCrossOriginEnabled);
     options.setAllowCredentials(DoNotAllowStoredCredentials);
+    options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
 
     shapeValue->setImage(loadPendingImage(pendingImage, options));
 }
index a4a06946bf2a45380a7863b1f8b54306d9e5c89a..0642a1d046e6e9a4b4e6943a80d1c2aef71f9ef4 100644 (file)
@@ -111,6 +111,8 @@ void StyleRuleImport::requestStyleSheet()
         rootSheet = sheet;
     }
 
+    // FIXME: Skip Content Security Policy check when stylesheet is in a user agent shadow tree.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
     CachedResourceRequest request(ResourceRequest(absURL), m_parentStyleSheet->charset());
     request.setInitiator(cachedResourceRequestInitiators().css);
     if (m_cachedSheet)
index 65a572b1776f8e8d7b77b114b8c4d0cb50c58a8d..b7fbe149923034c80728e50ee101885a03237f26 100644 (file)
@@ -250,7 +250,7 @@ public:
     WEBCORE_EXPORT RefPtr<ShadowRoot> createShadowRoot(ExceptionCode&);
 
     ShadowRoot* userAgentShadowRoot() const;
-    ShadowRoot& ensureUserAgentShadowRoot();
+    WEBCORE_EXPORT ShadowRoot& ensureUserAgentShadowRoot();
 
     // FIXME: this should not be virtual, do not override this.
     virtual const AtomicString& shadowPseudoId() const;
index 14b6cae8a60c7ddb72fcec4c75835eaefe76f2b5..638cfc66389a861103357e19a102266d638eb9b2 100644 (file)
@@ -123,7 +123,7 @@ void InlineStyleSheetOwner::createSheet(Element& element, const String& text)
 
     if (!isValidCSSContentType(element, m_contentType))
         return;
-    if (!document.contentSecurityPolicy()->allowInlineStyle(document.url(), m_startTextPosition.m_line))
+    if (!document.contentSecurityPolicy()->allowInlineStyle(document.url(), m_startTextPosition.m_line, element.isInUserAgentShadowTree()))
         return;
 
     RefPtr<MediaQuerySet> mediaQueries;
index 3f07b5605dc546c16f9ef3e889ceccd7d2a54700..9634243fcf3c18a2e5ae0d18328f14991d3a8b92 100644 (file)
@@ -973,6 +973,12 @@ ShadowRoot* Node::containingShadowRoot() const
     return is<ShadowRoot>(root) ? downcast<ShadowRoot>(&root) : nullptr;
 }
 
+bool Node::isInUserAgentShadowTree() const
+{
+    auto* shadowRoot = containingShadowRoot();
+    return shadowRoot && shadowRoot->type() == ShadowRoot::UserAgentShadowRoot;
+}
+
 Node* Node::nonBoundaryShadowTreeRootNode()
 {
     ASSERT(!isShadowRoot());
index f7688ea6938c26cd94a35066f930c0feef846de7..82a647bd1bfe100f7a89cc2bca355f4e9a108a38 100644 (file)
@@ -402,6 +402,7 @@ public:
     { 
         return getFlag(InDocumentFlag);
     }
+    bool isInUserAgentShadowTree() const;
     bool isInShadowTree() const { return getFlag(IsInShadowTreeFlag); }
     bool isInTreeScope() const { return getFlag(static_cast<NodeFlags>(InDocumentFlag | IsInShadowTreeFlag)); }
 
index cb2690cad8e87b4b4915cb9f1fa576738cd50d88..66bbece1d35e1a4763bf9ebebf0f0c12cdbef1d7 100644 (file)
@@ -255,7 +255,10 @@ bool ScriptElement::requestScript(const String& sourceUrl)
 
     ASSERT(!m_cachedScript);
     if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
-        CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)));
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(m_element.isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)), options);
 
         String crossOriginMode = m_element.fastGetAttribute(HTMLNames::crossoriginAttr);
         if (!crossOriginMode.isNull()) {
@@ -285,7 +288,7 @@ void ScriptElement::executeScript(const ScriptSourceCode& sourceCode)
     if (sourceCode.isEmpty())
         return;
 
-    if (!m_isExternalScript && !m_element.document().contentSecurityPolicy()->allowInlineScript(m_element.document().url(), m_startLineNumber))
+    if (!m_isExternalScript && !m_element.document().contentSecurityPolicy()->allowInlineScript(m_element.document().url(), m_startLineNumber, m_element.isInUserAgentShadowTree()))
         return;
 
 #if ENABLE(NOSNIFF)
index 0ec0d7f5a0eea9dcb1e8e65e569d620dc2d2cc04..7d6e877d5265f1c96ab4275f6cba5646a1ab9ba7 100644 (file)
@@ -203,7 +203,7 @@ void StyledElement::styleAttributeChanged(const AtomicString& newStyleString, At
         if (PropertySetCSSStyleDeclaration* cssomWrapper = inlineStyleCSSOMWrapper())
             cssomWrapper->clearParentElement();
         ensureUniqueElementData().m_inlineStyle = nullptr;
-    } else if (reason == ModifiedByCloning || document().contentSecurityPolicy()->allowInlineStyle(document().url(), startLineNumber))
+    } else if (reason == ModifiedByCloning || document().contentSecurityPolicy()->allowInlineStyle(document().url(), startLineNumber, isInUserAgentShadowTree()))
         setInlineStyleFromString(newStyleString);
 
     elementData()->setStyleAttributeIsDirty(false);
index 6af065449ebde6d5ba9cebda69508da9a58ff977..680ff7f560cdeb149c7195817ba6e59a289da3a9 100644 (file)
@@ -1757,7 +1757,7 @@ bool HTMLMediaElement::isSafeToLoadURL(const URL& url, InvalidURLAction actionIf
         return false;
     }
 
-    if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) {
+    if (!document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) {
         LOG(Media, "HTMLMediaElement::isSafeToLoadURL(%p) - %s -> rejected by Content Security Policy", this, urlForLoggingMedia(url).utf8().data());
         return false;
     }
@@ -5825,7 +5825,7 @@ Vector<RefPtr<PlatformTextTrack>> HTMLMediaElement::outOfBandTrackSources()
         if (url.isEmpty())
             continue;
         
-        if (!document().contentSecurityPolicy()->allowMediaFromSource(url))
+        if (!document().contentSecurityPolicy()->allowMediaFromSource(url, trackElement.isInUserAgentShadowTree()))
             continue;
 
         PlatformTextTrack::TrackKind platformKind = PlatformTextTrack::Caption;
index 0e5e0f0784dbbd073b61f89131c31bbc44784ba5..d6b1f9a6eb4d72d99e0ad91b8524b9d4f8c45145 100644 (file)
@@ -238,7 +238,7 @@ bool HTMLTrackElement::canLoadURL(const URL& url)
     if (url.isEmpty())
         return false;
 
-    if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) {
+    if (!document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) {
         LOG(Media, "HTMLTrackElement::canLoadURL(%s) -> rejected by Content Security Policy", urlForLoggingTrack(url).utf8().data());
         return false;
     }
index 5ff12b76fee4e956b462a08179695d88226c2ea9..d0af46803e879235a68adcf22903ccf6bdac1853 100644 (file)
@@ -99,7 +99,7 @@ void LoadableTextTrack::loadTimerFired()
     // mode being the state of the media element's crossorigin content attribute, the origin being the
     // origin of the media element's Document, and the default origin behaviour set to fail.
     m_loader = std::make_unique<TextTrackLoader>(static_cast<TextTrackLoaderClient&>(*this), static_cast<ScriptExecutionContext*>(&m_trackElement->document()));
-    if (!m_loader->load(m_url, m_trackElement->mediaElementCrossOriginAttribute()))
+    if (!m_loader->load(m_url, m_trackElement->mediaElementCrossOriginAttribute(), m_trackElement->isInUserAgentShadowTree()))
         m_trackElement->didCompleteLoad(HTMLTrackElement::Failure);
 }
 
index 7ca1f23866e6d1775c06a52ace3222c21154b495..52ae900d00b0e5cb97fc20861708f6a8b5642197 100644 (file)
@@ -1406,7 +1406,7 @@ void DocumentLoader::startLoadingMainResource()
     // If this is a reload the cache layer might have made the previous request conditional. DocumentLoader can't handle 304 responses itself.
     request.makeUnconditional();
 
-    static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, IncludeCertificateInfo);
+    static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck);
     CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions);
     cachedResourceRequest.setInitiator(*this);
     m_mainResource = m_cachedResourceLoader->requestMainResource(cachedResourceRequest);
index 67ad1f2d1a42d86d3509298907162922fd56922d..7cb27a7c6540aa2dfe1d73757017a333643ccbfa 100644 (file)
@@ -172,7 +172,10 @@ void ImageLoader::updateFromElement()
     // an empty string.
     CachedResourceHandle<CachedImage> newImage = 0;
     if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) {
-        CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))));
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(element().isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options);
         request.setInitiator(&element());
 
         String crossOriginMode = element().fastGetAttribute(HTMLNames::crossoriginAttr);
index 57e00afbab2d0a7a2c65d71d8eee2f4522691837..1d9267ea8f38b459d80d5704b89b2de453bd24a0 100644 (file)
@@ -59,7 +59,9 @@ bool MediaResourceLoader::start(const ResourceRequest& request, LoadOptions opti
     DataBufferingPolicy bufferingPolicy = options & LoadOption::BufferData ? WebCore::BufferData : WebCore::DoNotBufferData;
     RequestOriginPolicy corsPolicy = !m_crossOriginMode.isNull() ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType;
     StoredCredentials allowCredentials = m_crossOriginMode.isNull() || equalIgnoringCase(m_crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
-    CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo));
+
+    // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+    CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck));
 
     if (!m_crossOriginMode.isNull())
         updateRequestForAccessControl(cacheRequest.mutableResourceRequest(), m_document.securityOrigin(), allowCredentials);
index ee1a62f4c8c8444b981b97f505c5a61b79425f61..a854800f64cb43e0ae7473b81c84bbc06730a261 100644 (file)
 
 namespace WebCore {
 
+// FIXME: Skip Content Security Policy check when associated plugin element is in a user agent shadow tree.
+// See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
 NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame* frame, NetscapePlugInStreamLoaderClient* client)
-    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo))
+    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck))
     , m_client(client)
 {
 #if ENABLE(CONTENT_EXTENSIONS)
index a216e50770e6f54e83465e22f6db2abfb8cdda44..18a5a525b431eabeb75ea558209e9b13a92d7d30 100644 (file)
@@ -86,9 +86,7 @@ void PolicyChecker::checkNavigationPolicy(const ResourceRequest& request, Docume
         return;
     }
 
-    // If we're loading content into a subframe, check against the parent's Content Security Policy
-    // and kill the load if that check fails.
-    if (m_frame.ownerElement() && !m_frame.ownerElement()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url())) {
+    if (m_frame.ownerElement() && !m_frame.ownerElement()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), m_frame.ownerElement()->isInUserAgentShadowTree())) {
         function(request, 0, false);
         return;
     }
index 0c4256ec3fc57bca915bc7f6fd4b440e417ecda5..48f8561a8db0995fa7d08577535d226c3aeea957 100644 (file)
@@ -66,6 +66,11 @@ enum CertificateInfoPolicy {
     DoNotIncludeCertificateInfo
 };
 
+enum class ContentSecurityPolicyImposition : uint8_t {
+    SkipPolicyCheck,
+    DoPolicyCheck
+};
+
 struct ResourceLoaderOptions {
     ResourceLoaderOptions()
         : m_sendLoadCallbacks(DoNotSendCallbacks)
@@ -79,7 +84,7 @@ struct ResourceLoaderOptions {
     {
     }
 
-    ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, SecurityCheckPolicy securityCheck, RequestOriginPolicy requestOriginPolicy, CertificateInfoPolicy certificateInfoPolicy)
+    ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, SecurityCheckPolicy securityCheck, RequestOriginPolicy requestOriginPolicy, CertificateInfoPolicy certificateInfoPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition)
         : m_sendLoadCallbacks(sendLoadCallbacks)
         , m_sniffContent(sniffContent)
         , m_dataBufferingPolicy(dataBufferingPolicy)
@@ -88,6 +93,7 @@ struct ResourceLoaderOptions {
         , m_securityCheck(securityCheck)
         , m_requestOriginPolicy(requestOriginPolicy)
         , m_certificateInfoPolicy(certificateInfoPolicy)
+        , m_contentSecurityPolicyImposition(contentSecurityPolicyImposition)
     {
     }
 
@@ -107,6 +113,8 @@ struct ResourceLoaderOptions {
     void setRequestOriginPolicy(RequestOriginPolicy policy) { m_requestOriginPolicy = policy; }
     CertificateInfoPolicy certificateInfoPolicy() const { return static_cast<CertificateInfoPolicy>(m_certificateInfoPolicy); }
     void setCertificateInfoPolicy(CertificateInfoPolicy policy) { m_certificateInfoPolicy = policy; }
+    ContentSecurityPolicyImposition contentSecurityPolicyImposition() const { return m_contentSecurityPolicyImposition; }
+    void setContentSecurityPolicyImposition(ContentSecurityPolicyImposition imposition) { m_contentSecurityPolicyImposition = imposition; }
 
     unsigned m_sendLoadCallbacks : 1;
     unsigned m_sniffContent : 1;
@@ -116,6 +124,7 @@ struct ResourceLoaderOptions {
     unsigned m_securityCheck : 1;
     unsigned m_requestOriginPolicy : 2;
     unsigned m_certificateInfoPolicy : 1; // Whether the response should include certificate info.
+    ContentSecurityPolicyImposition m_contentSecurityPolicyImposition { ContentSecurityPolicyImposition::DoPolicyCheck };
 };
 
 } // namespace WebCore    
index 7f0cf07b3078fc043d63017ac6ceaf73c67399a8..a6e155bce6ba6153b4264fa26d07e6a2f29d8c94 100644 (file)
@@ -125,8 +125,9 @@ bool SubframeLoader::pluginIsLoadable(HTMLPlugInImageElement& pluginElement, con
         String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ?
             document()->ownerElement()->fastGetAttribute(HTMLNames::typeAttr) :
             pluginElement.fastGetAttribute(HTMLNames::typeAttr);
-        if (!document()->contentSecurityPolicy()->allowObjectFromSource(url)
-            || !document()->contentSecurityPolicy()->allowPluginType(mimeType, declaredMimeType, url)) {
+        bool isInUserAgentShadowTree = pluginElement.isInUserAgentShadowTree();
+        if (!document()->contentSecurityPolicy()->allowObjectFromSource(url, isInUserAgentShadowTree)
+            || !document()->contentSecurityPolicy()->allowPluginType(mimeType, declaredMimeType, url, isInUserAgentShadowTree)) {
             RenderEmbeddedObject* renderer = pluginElement.renderEmbeddedObject();
             renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
             return false;
@@ -253,8 +254,9 @@ PassRefPtr<Widget> SubframeLoader::createJavaAppletWidget(const IntSize& size, H
         }
 
         const char javaAppletMimeType[] = "application/x-java-applet";
-        if (!element.document().contentSecurityPolicy()->allowObjectFromSource(codeBaseURL)
-            || !element.document().contentSecurityPolicy()->allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL))
+        bool isInUserAgentShadowTree = element.isInUserAgentShadowTree();
+        if (!element.document().contentSecurityPolicy()->allowObjectFromSource(codeBaseURL, isInUserAgentShadowTree)
+            || !element.document().contentSecurityPolicy()->allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL, isInUserAgentShadowTree))
             return nullptr;
     }
 
index 0e3e78663ee88abcff0c9a4586f2c1936b15c636..3866e81021a2fa5bc947f8c068bee19c8c903c00 100644 (file)
@@ -145,13 +145,17 @@ void TextTrackLoader::notifyFinished(CachedResource* resource)
     cancelLoad();
 }
 
-bool TextTrackLoader::load(const URL& url, const String& crossOriginMode)
+bool TextTrackLoader::load(const URL& url, const String& crossOriginMode, bool isInitiatingElementInUserAgentShadowTree)
 {
     cancelLoad();
 
     ASSERT(is<Document>(m_scriptExecutionContext));
     Document* document = downcast<Document>(m_scriptExecutionContext);
-    CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)));
+
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+    CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)), options);
 
     if (!crossOriginMode.isNull()) {
         m_crossOriginMode = crossOriginMode;
index 768cbe94ddf3c23f436bc073c70bf26aa14bdec6..7f7aaea40f9133ed33050f4c1a19c07b39ebbf37 100644 (file)
@@ -59,7 +59,7 @@ public:
     TextTrackLoader(TextTrackLoaderClient&, ScriptExecutionContext*);
     virtual ~TextTrackLoader();
     
-    bool load(const URL&, const String& crossOriginMode);
+    bool load(const URL&, const String& crossOriginMode, bool isInitiatingElementInUserAgentShadowTree);
     void cancelLoad();
     void getNewCues(Vector<RefPtr<TextTrackCue>>& outputCues);
 #if ENABLE(WEBVTT_REGIONS)
index ad17373ba01a4e3f01a10b84213f29d783db8305..09e978457a7a418e868efb1286a4d099dcfa7b28 100644 (file)
@@ -233,7 +233,7 @@ CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt
     memoryCache.add(*userSheet);
     // FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too?
 
-    userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo));
+    userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck));
     
     return userSheet;
 }
@@ -366,8 +366,7 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url,
         return 0;
     }
 
-    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
-    bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script().shouldBypassMainWorldContentSecurityPolicy());
+    bool skipContentSecurityPolicyCheck = options.contentSecurityPolicyImposition() == ContentSecurityPolicyImposition::SkipPolicyCheck;
 
     // Some types of resources can be loaded only from the same origin.  Other
     // types of resources, like Images, Scripts, and CSS, can be loaded from
@@ -408,30 +407,30 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url,
     switch (type) {
 #if ENABLE(XSLT)
     case CachedResource::XSLStyleSheet:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
 #endif
     case CachedResource::Script:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         if (frame() && !frame()->settings().isScriptEnabled())
             return false;
         break;
     case CachedResource::CSSStyleSheet:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowStyleFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowStyleFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
     case CachedResource::SVGDocumentResource:
     case CachedResource::ImageResource:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowImageFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowImageFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
 #if ENABLE(SVG_FONTS)
     case CachedResource::SVGFontResource:
 #endif
     case CachedResource::FontResource: {
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowFontFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowFontFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
     }
@@ -444,7 +443,7 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url,
         break;
 #if ENABLE(VIDEO_TRACK)
     case CachedResource::TextTrackResource:
-        if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowMediaFromSource(url))
+        if (!m_document->contentSecurityPolicy()->allowMediaFromSource(url, skipContentSecurityPolicyCheck))
             return false;
         break;
 #endif
@@ -1138,7 +1137,7 @@ void CachedResourceLoader::printPreloadStats()
 
 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions()
 {
-    static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo);
+    static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck);
     return options;
 }
 
index 681b9faf078e22cb054ffcd6598c7d73a0b4d2be..86360e200878b32063f95ab5405607beb3977896 100644 (file)
@@ -53,12 +53,12 @@ CachedSVGDocumentReference::~CachedSVGDocumentReference()
     }
 }
 
-void CachedSVGDocumentReference::load(CachedResourceLoader& loader)
+void CachedSVGDocumentReference::load(CachedResourceLoader& loader, const ResourceLoaderOptions& options)
 {
     if (m_loadRequested)
         return;
 
-    CachedResourceRequest request(ResourceRequest(loader.document()->completeURL(m_url)));
+    CachedResourceRequest request(ResourceRequest(loader.document()->completeURL(m_url)), options);
     request.setInitiator(cachedResourceRequestInitiators().css);
     if (m_acceptsAnyImageType)
         request.setAcceptOverride("image/*");
index f1c54f426133d518b88b57a694bf04f5cf67ed7e..a975ada36c8cd7f8215ccb28fc6f5deae41abd96 100644 (file)
@@ -34,6 +34,7 @@ namespace WebCore {
 
 class CachedSVGDocument;
 class CachedResourceLoader;
+struct ResourceLoaderOptions;
 
 class CachedSVGDocumentReference : public CachedSVGDocumentClient {
 public:
@@ -41,7 +42,7 @@ public:
 
     virtual ~CachedSVGDocumentReference();
 
-    void load(CachedResourceLoader&);
+    void load(CachedResourceLoader&, const ResourceLoaderOptions&);
     bool loadRequested() const { return m_loadRequested; }
     void setAcceptsAnyImageType() { m_acceptsAnyImageType = true; }
 
index fda3a59ef2164efbb75b915752fc0e2f97027cb7..f7ca802fc5ba07e844f707db42034294d93e0c2a 100644 (file)
@@ -58,7 +58,8 @@ void IconLoader::startLoading()
     if (m_resource || !m_frame.document())
         return;
 
-    CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo));
+    // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+    CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck));
 
     request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
     request.setInitiator(cachedResourceRequestInitiators().icon);
index 24e2e55f8d6d449f37b02b8b4baeb078f4dbeed2..d1a3640dc7fce8e2e255008da23c7ec7a61dd179 100644 (file)
@@ -1441,31 +1441,29 @@ bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const URL& ur
     return true;
 }
 
-bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineEventHandlers>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineEventHandlers>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineScript>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineScript>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    if (m_overrideInlineStyleAllowed)
-        return true;
-    return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus);
+    return overrideContentSecurityPolicy || m_overrideInlineStyleAllowed || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowEval(JSC::ExecState* state, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowEval(JSC::ExecState* state, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, state, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, state, reportingStatus);
 }
 
 String ContentSecurityPolicy::evalDisabledErrorMessage() const
@@ -1477,8 +1475,10 @@ String ContentSecurityPolicy::evalDisabledErrorMessage() const
     return String();
 }
 
-bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
+    if (overrideContentSecurityPolicy)
+        return true;
     for (auto& policy : m_policies) {
         if (!policy->allowPluginType(type, typeAttribute, url, reportingStatus))
             return false;
@@ -1486,54 +1486,54 @@ bool ContentSecurityPolicy::allowPluginType(const String& type, const String& ty
     return true;
 }
 
-bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowImageFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowImageFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowFontFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowFontFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowMediaFromSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowMediaFromSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowConnectToSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowConnectToSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowConnectToSource>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowConnectToSource>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowFormAction(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowFormAction(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowFormAction>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowFormAction>(m_policies, url, reportingStatus);
 }
 
-bool ContentSecurityPolicy::allowBaseURI(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool ContentSecurityPolicy::allowBaseURI(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
-    return isAllowedByAllWithURL<&CSPDirectiveList::allowBaseURI>(m_policies, url, reportingStatus);
+    return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowBaseURI>(m_policies, url, reportingStatus);
 }
 
 bool ContentSecurityPolicy::isActive() const
index 0fb0d1660a241c5bb877f5056302fb939b284de7..a71b5fc0dc4da82320a7560dec9b6cfa81113321 100644 (file)
@@ -84,23 +84,23 @@ public:
     const String& deprecatedHeader() const;
     HeaderType deprecatedHeaderType() const;
 
-    bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
-    bool allowEval(JSC::ExecState* = nullptr, ReportingStatus = SendReport) const;
-    bool allowPluginType(const String& type, const String& typeAttribute, const URL&, ReportingStatus = SendReport) const;
-
-    bool allowScriptFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowObjectFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowChildFrameFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowImageFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowStyleFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowFontFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowMediaFromSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowConnectToSource(const URL&, ReportingStatus = SendReport) const;
-    bool allowFormAction(const URL&, ReportingStatus = SendReport) const;
-    bool allowBaseURI(const URL&, ReportingStatus = SendReport) const;
+    bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowEval(JSC::ExecState* = nullptr, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowPluginType(const String& type, const String& typeAttribute, const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+
+    bool allowScriptFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowObjectFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowChildFrameFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowImageFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowStyleFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowFontFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowMediaFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowConnectToSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowFormAction(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+    bool allowBaseURI(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
 
     ReflectedXSSDisposition reflectedXSSDisposition() const;
 
index 6a2e8bc0a2d57b1278ca179c6c6571260cb9971b..e4e42add03c6a1993c72f3a1d866d342d032d1ba 100644 (file)
@@ -47,16 +47,17 @@ bool isPolicyActiveInContext(ScriptExecutionContext* context)
     return context->contentSecurityPolicy()->isActive();
 }
 
-template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const URL&, ContentSecurityPolicy::ReportingStatus) const>
+template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowedWithType(ScriptExecutionContext* context, const String& type)
 {
     if (!isPolicyActiveInContext(context))
         return true;
 
-    return (context->contentSecurityPolicy()->*allowWithType)(type, type, URL(), ContentSecurityPolicy::SuppressReport);
+    bool overrideContentSecurityPolicy = false;
+    return (context->contentSecurityPolicy()->*allowWithType)(type, type, URL(), overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
 }
 
-template<bool (ContentSecurityPolicy::*allowWithURL)(const URL&, ContentSecurityPolicy::ReportingStatus) const>
+template<bool (ContentSecurityPolicy::*allowWithURL)(const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowedWithURL(ScriptExecutionContext* context, const String& url)
 {
     if (!isPolicyActiveInContext(context))
@@ -66,16 +67,18 @@ bool isAllowedWithURL(ScriptExecutionContext* context, const String& url)
     if (!parsedURL.isValid())
         return false; // FIXME: Figure out how to throw a JavaScript error.
 
-    return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, ContentSecurityPolicy::SuppressReport);
+    bool overrideContentSecurityPolicy = false;
+    return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
 }
 
-template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const>
+template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowed(ScriptExecutionContext* context)
 {
     if (!isPolicyActiveInContext(context))
         return true;
 
-    return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport);
+    bool overrideContentSecurityPolicy = false;
+    return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
 }
 
 } // namespace
index 3d70de931d7c3dfd199ef12ecad669f26bea846e..17323b972222d0d397efa1d2ae1f59c0892d3411 100644 (file)
@@ -91,7 +91,7 @@ RefPtr<EventSource> EventSource::create(ScriptExecutionContext& context, const S
         Document& document = downcast<Document>(context);
         shouldBypassMainWorldContentSecurityPolicy = document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
     }
-    if (!shouldBypassMainWorldContentSecurityPolicy && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) {
+    if (!context.contentSecurityPolicy()->allowConnectToSource(fullURL, shouldBypassMainWorldContentSecurityPolicy)) {
         // FIXME: Should this be throwing an exception?
         ec = SECURITY_ERR;
         return nullptr;
index eeb3ba16484626915fa22d50b13bb4ad4e1932f1..27825518ca89e6f4655b0edf6fc57c106493a432 100644 (file)
@@ -67,7 +67,8 @@ void WebCoreAVFResourceLoader::startLoading()
 
     URL requestURL = [[m_avRequest.get() request] URL];
 
-    CachedResourceRequest request(ResourceRequest(requestURL), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo));
+    // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+    CachedResourceRequest request(ResourceRequest(requestURL), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck));
 
     request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
     CachedResourceLoader* loader = m_parent->player()->cachedResourceLoader();
index 86d6fba2e41ca6120aa3459a2bd06620fa3b0598..fffc3d8afdb9883c547c132f506f8f4fe81c4a80 100644 (file)
@@ -77,7 +77,10 @@ void SVGFEImageElement::clearResourceReferences()
 
 void SVGFEImageElement::requestImageResource()
 {
-    CachedResourceRequest request(ResourceRequest(document().completeURL(href())));
+    ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+    options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+    CachedResourceRequest request(ResourceRequest(document().completeURL(href())), options);
     request.setInitiator(this);
     m_cachedImage = document().cachedResourceLoader().requestImage(request);
 
index bb4fe1bcc8ff6badcc6f68c9240174b8979f1334..cb0bd15bab614b68dd8ecf54200f18676239fee1 100644 (file)
@@ -100,8 +100,11 @@ void SVGFontFaceUriElement::loadFont()
 
     const AtomicString& href = getAttribute(XLinkNames::hrefAttr);
     if (!href.isNull()) {
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
         CachedResourceLoader& cachedResourceLoader = document().cachedResourceLoader();
-        CachedResourceRequest request(ResourceRequest(document().completeURL(href)));
+        CachedResourceRequest request(ResourceRequest(document().completeURL(href)), options);
         request.setInitiator(this);
         m_cachedFont = cachedResourceLoader.requestFont(request, isSVGFontTarget(*this));
         if (m_cachedFont) {
index 6ca43e6548dc30286909ae696db58a560ec1bcb9..3d1ff8a754f99b36191ccb1534c78f486ca83c91 100644 (file)
@@ -543,7 +543,10 @@ void SVGUseElement::updateExternalDocument()
     if (externalDocumentURL.isNull())
         m_externalDocument = nullptr;
     else {
-        CachedResourceRequest request { ResourceRequest { externalDocumentURL } };
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+        CachedResourceRequest request { ResourceRequest { externalDocumentURL }, options };
         request.setInitiator(this);
         m_externalDocument = document().cachedResourceLoader().requestSVGDocument(request);
         if (m_externalDocument) {
index 476d1e2759e606f2076458210db4933c82306e82..8bca77a00fb78a340b1f16f09698e38079fe5c5a 100644 (file)
@@ -717,6 +717,15 @@ Node* Internals::ensureShadowRoot(Element* host, ExceptionCode& ec)
     return host->createShadowRoot(ec).get();
 }
 
+Node* Internals::ensureUserAgentShadowRoot(Element* host, ExceptionCode& ec)
+{
+    if (!host) {
+        ec = INVALID_ACCESS_ERR;
+        return nullptr;
+    }
+    return &host->ensureUserAgentShadowRoot();
+}
+
 Node* Internals::createShadowRoot(Element* host, ExceptionCode& ec)
 {
     if (!host) {
index 14e9612910e5ceeee016d6427483b6f5841ed2c1..360f5d3e4c656de295c6c78894fd6750f810b883 100644 (file)
@@ -106,6 +106,7 @@ public:
     PassRefPtr<CSSComputedStyleDeclaration> computedStyleIncludingVisitedInfo(Node*, ExceptionCode&) const;
 
     Node* ensureShadowRoot(Element* host, ExceptionCode&);
+    Node* ensureUserAgentShadowRoot(Element* host, ExceptionCode&);
     Node* createShadowRoot(Element* host, ExceptionCode&);
     Node* shadowRoot(Element* host, ExceptionCode&);
     String shadowRootType(const Node*, ExceptionCode&) const;
index 5a124a08ccf5e5001311078052242753665b56b3..c3d882281359d55c588809aad64bac87f6224ee9 100644 (file)
@@ -73,6 +73,7 @@ enum ResourceLoadPriority {
     [RaisesException] CSSStyleDeclaration computedStyleIncludingVisitedInfo(Node node);
 
     [RaisesException] Node ensureShadowRoot(Element host);
+    [RaisesException] Node ensureUserAgentShadowRoot(Element host);
     [RaisesException] Node createShadowRoot(Element host);
     [RaisesException] Node shadowRoot(Element host);
 
index 475d6fb4d56bf6575ef50c1c544d5883505b9475..db6d8a3e941493b86e69c1cbe71d7fb6fb146f09 100644 (file)
@@ -504,7 +504,7 @@ void XMLHttpRequest::open(const String& method, const URL& url, bool async, Exce
         if (document.frame())
             shouldBypassMainWorldContentSecurityPolicy = document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
     }
-    if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
+    if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url, shouldBypassMainWorldContentSecurityPolicy)) {
         // FIXME: Should this be throwing an exception?
         ec = SECURITY_ERR;
         return;