Bug 1185351 - Don't force inline style CSP checks on native anonymous content. r=ckerschb, a=ritu
authorEhsan Akhgari <ehsan@mozilla.com>
Fri, 21 Aug 2015 12:09:06 -0400
changeset 288896 266317ce8b1f73ba75deb07763a4961470f6f381
parent 288895 b69b5faa8c1e3dc1b824f0ae8a39c948b438e4bf
child 288897 a524e8ce1debeed49614072256e6057205baea3d
push id5067
push userraliiev@mozilla.com
push dateMon, 21 Sep 2015 14:04:52 +0000
treeherdermozilla-beta@14221ffe5b2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, ritu
bugs1185351
milestone42.0a2
Bug 1185351 - Don't force inline style CSP checks on native anonymous content. r=ckerschb, a=ritu
dom/base/nsStyledElement.cpp
dom/base/test/mochitest.ini
dom/base/test/test_anonymousContent_style_csp.html
dom/base/test/test_anonymousContent_style_csp.html^headers^
--- a/dom/base/nsStyledElement.cpp
+++ b/dom/base/nsStyledElement.cpp
@@ -146,29 +146,30 @@ nsStyledElementNotElementCSSInlineStyle:
 }
 
 void
 nsStyledElementNotElementCSSInlineStyle::ParseStyleAttribute(const nsAString& aValue,
                                                              nsAttrValue& aResult,
                                                              bool aForceInDataDoc)
 {
   nsIDocument* doc = OwnerDoc();
+  bool isNativeAnon = IsInNativeAnonymousSubtree();
 
-  if (!nsStyleUtil::CSPAllowsInlineStyle(nullptr, NodePrincipal(),
+  if (!isNativeAnon &&
+      !nsStyleUtil::CSPAllowsInlineStyle(nullptr, NodePrincipal(),
                                          doc->GetDocumentURI(), 0, aValue,
                                          nullptr))
     return;
 
   if (aForceInDataDoc ||
       !doc->IsLoadedAsData() ||
       doc->IsStaticDocument()) {
     bool isCSS = true; // assume CSS until proven otherwise
 
-    if (!IsInNativeAnonymousSubtree()) {  // native anonymous content
-                                          // always assumes CSS
+    if (!isNativeAnon) {  // native anonymous content always assumes CSS
       nsAutoString styleType;
       doc->GetHeaderData(nsGkAtoms::headerContentStyleType, styleType);
       if (!styleType.IsEmpty()) {
         static const char textCssStr[] = "text/css";
         isCSS = (styleType.EqualsIgnoreCase(textCssStr, sizeof(textCssStr) - 1));
       }
     }
 
--- a/dom/base/test/mochitest.ini
+++ b/dom/base/test/mochitest.ini
@@ -242,21 +242,23 @@ support-files =
   file_webaudioLoop.html
   file_webaudioLoop2.html
   file_pluginAudio.html
   noaudio.webm
   referrer_helper.js
   referrer_testserver.sjs
   script_postmessages_fileList.js
   iframe_postMessages.html
+  test_anonymousContent_style_csp.html^headers^
 
 [test_anonymousContent_api.html]
 [test_anonymousContent_append_after_reflow.html]
 [test_anonymousContent_insert.html]
 [test_anonymousContent_manipulate_content.html]
+[test_anonymousContent_style_csp.html]
 [test_appname_override.html]
 [test_async_setTimeout_stack.html]
 [test_async_setTimeout_stack_across_globals.html]
 [test_audioWindowUtils.html]
 [test_audioNotification.html]
 skip-if = buildapp == 'mulet'
 [test_audioNotificationStopOnNavigation.html]
 skip-if = buildapp == 'mulet'
new file mode 100644
--- /dev/null
+++ b/dom/base/test/test_anonymousContent_style_csp.html
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML>
+<html>
+<!-- https://bugzilla.mozilla.org/show_bug.cgi?id=1020244 -->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1185351 - Make sure that we don't enforce CSP on styles for AnonymousContent</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<div>
+  <div id="test-element" style="color:red;">text content</div>
+</div>
+<script type="application/javascript;version=1.8">
+  let chromeDocument = SpecialPowers.wrap(document);
+  let testElement = document.querySelector("div");
+  let anonymousContent = chromeDocument.insertAnonymousContent(testElement);
+
+  let style = anonymousContent.setAttributeForElement("test-element",
+                                                      "style", "color:green;");
+
+  let style = anonymousContent.getAttributeForElement("test-element", "style");
+  is(style, "color:green;", "The anonymous content exists with CSP");
+
+  chromeDocument.removeAnonymousContent(anonymousContent);
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/base/test/test_anonymousContent_style_csp.html^headers^
@@ -0,0 +1,1 @@
+Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'