14 files changed, 23 insertions, 59 deletions

diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs
index ae48fa1fb2f..e3590461604 100644
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@@ -4307,16 +4307,16 @@ impl Document {
         type_: csp::InlineCheckType,
         source: &str,
     ) -> csp::CheckResult {
-        let element = csp::Element {
-            nonce: el
-                .get_attribute(&ns!(), &local_name!("nonce"))
-                .map(|attr| Cow::Owned(attr.value().to_string())),
-        };
         let (result, violations) = match self.get_csp_list() {
             None => {
                 return csp::CheckResult::Allowed;
             },
             Some(csp_list) => {
+                let element = csp::Element {
+                    nonce: el
+                        .get_attribute(&ns!(), &local_name!("nonce"))
+                        .map(|attr| Cow::Owned(attr.value().to_string())),
+                };
                 csp_list.should_elements_inline_type_behavior_be_blocked(&element, type_, source)
             },
         };
diff --git a/components/script/dom/htmlstyleelement.rs b/components/script/dom/htmlstyleelement.rs
index 0deb507f283..194b81729fb 100644
--- a/components/script/dom/htmlstyleelement.rs
+++ b/components/script/dom/htmlstyleelement.rs
@@ -4,6 +4,7 @@
 
 use std::cell::Cell;
 
+use content_security_policy as csp;
 use dom_struct::dom_struct;
 use html5ever::{LocalName, Prefix};
 use js::rust::HandleObject;
@@ -97,8 +98,21 @@ impl HTMLStyleElement {
             return;
         }
 
-        let window = node.owner_window();
         let doc = self.owner_document();
+
+        // Step 5: If the Should element's inline behavior be blocked by Content Security Policy? algorithm
+        // returns "Blocked" when executed upon the style element, "style",
+        // and the style element's child text content, then return. [CSP]
+        if doc.should_elements_inline_type_behavior_be_blocked(
+            self.upcast(),
+            csp::InlineCheckType::Style,
+            &node.child_text_content(),
+        ) == csp::CheckResult::Blocked
+        {
+            return;
+        }
+
+        let window = node.owner_window();
         let data = node
             .GetTextContent()
             .expect("Element.textContent must be a string");
diff --git a/tests/wpt/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html.ini b/tests/wpt/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html.ini
deleted file mode 100644
index c67fec5245c..00000000000
--- a/tests/wpt/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[style-src-elem-blocked-attr-allowed.html]
-  expected: TIMEOUT
-  [Should fire a security policy violation for the inline block]
-    expected: NOTRUN
-
-  [The inline style should not be applied and the attribute style should be applied]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html.ini b/tests/wpt/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html.ini
deleted file mode 100644
index 06439a8cc0a..00000000000
--- a/tests/wpt/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[style-src-elem-blocked-src-allowed.html]
-  expected: TIMEOUT
-  [Should fire a security policy violation event]
-    expected: NOTRUN
-
-  [The inline style should not be applied]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/style-src/injected-inline-style-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/style-src/injected-inline-style-blocked.sub.html.ini
deleted file mode 100644
index 06132f67bfc..00000000000
--- a/tests/wpt/meta/content-security-policy/style-src/injected-inline-style-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[injected-inline-style-blocked.sub.html]
-  [Expecting logs: ["violated-directive=style-src-elem","violated-directive=style-src-elem","PASS"\]]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/style-src/inline-style-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/style-src/inline-style-blocked.sub.html.ini
deleted file mode 100644
index 62bbd2f0e13..00000000000
--- a/tests/wpt/meta/content-security-policy/style-src/inline-style-blocked.sub.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[inline-style-blocked.sub.html]
-  expected: TIMEOUT
-  [Triggers securitypolicyviolation.]
-    expected: TIMEOUT
-
-  [Inline style element is blocked by CSP.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini b/tests/wpt/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
index a79f011aec3..f63f4a41072 100644
--- a/tests/wpt/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
+++ b/tests/wpt/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
@@ -1,7 +1,4 @@
 [style-src-hash-blocked.html]
   expected: TIMEOUT
-  [Should not load style that does not match hash]
-    expected: FAIL
-
   [Should fire a securitypolicyviolation event]
     expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/style-src/style-src-hash-case-insensitive.html.ini b/tests/wpt/meta/content-security-policy/style-src/style-src-hash-case-insensitive.html.ini
new file mode 100644
index 00000000000..fe35d3ea411
--- /dev/null
+++ b/tests/wpt/meta/content-security-policy/style-src/style-src-hash-case-insensitive.html.ini
@@ -0,0 +1,3 @@
+[style-src-hash-case-insensitive.html]
+  [All style elements should load because they have proper hashes]
+    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini b/tests/wpt/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
index bb5c48df1b0..d77abcc7908 100644
--- a/tests/wpt/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
+++ b/tests/wpt/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
@@ -1,7 +1,4 @@
 [style-src-injected-inline-style-blocked.html]
   expected: TIMEOUT
-  [Injected style attributes should not be applied]
-    expected: FAIL
-
   [Should fire a securitypolicyviolation event]
     expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini b/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
index 33ee0df35af..3884b98ae92 100644
--- a/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
+++ b/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
@@ -1,7 +1,4 @@
 [style-src-inline-style-blocked.html]
   expected: TIMEOUT
-  [Inline style element should not load without 'unsafe-inline']
-    expected: FAIL
-
   [Should fire a securitypolicyviolation event]
     expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini b/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
index df0fb590691..f2eac484989 100644
--- a/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
+++ b/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
@@ -1,7 +1,4 @@
 [style-src-inline-style-nonce-blocked.html]
   expected: TIMEOUT
-  [Should not load inline style element with invalid nonce]
-    expected: FAIL
-
   [Should fire a securitypolicyviolation event]
     expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini
deleted file mode 100644
index 10375077b42..00000000000
--- a/tests/wpt/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[stylehash-basic-blocked.sub.html]
-  [Expecting alerts: ["PASS: The 'p' element's text is green, which means the style was correctly applied.", "violated-directive=style-src-elem"\]]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini b/tests/wpt/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini
deleted file mode 100644
index ae2f83c41d8..00000000000
--- a/tests/wpt/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[stylenonce-allowed.sub.html]
-  expected: TIMEOUT
-  [Should fire securitypolicyviolation]
-    expected: NOTRUN
-
-  [stylenonce-allowed]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini
deleted file mode 100644
index 97a86a69eea..00000000000
--- a/tests/wpt/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[stylenonce-blocked.sub.html]
-  expected: TIMEOUT
-  [Should fire securitypolicyviolation]
-    expected: NOTRUN
-
-  [stylenonce-blocked]
-    expected: FAIL