3 files changed, 21 insertions, 8 deletions

diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs
index ae48fa1fb2f..e3590461604 100644
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@@ -4307,16 +4307,16 @@ impl Document {
         type_: csp::InlineCheckType,
         source: &str,
     ) -> csp::CheckResult {
-        let element = csp::Element {
-            nonce: el
-                .get_attribute(&ns!(), &local_name!("nonce"))
-                .map(|attr| Cow::Owned(attr.value().to_string())),
-        };
         let (result, violations) = match self.get_csp_list() {
             None => {
                 return csp::CheckResult::Allowed;
             },
             Some(csp_list) => {
+                let element = csp::Element {
+                    nonce: el
+                        .get_attribute(&ns!(), &local_name!("nonce"))
+                        .map(|attr| Cow::Owned(attr.value().to_string())),
+                };
                 csp_list.should_elements_inline_type_behavior_be_blocked(&element, type_, source)
             },
         };
diff --git a/components/script/dom/htmlstyleelement.rs b/components/script/dom/htmlstyleelement.rs
index 0deb507f283..194b81729fb 100644
--- a/components/script/dom/htmlstyleelement.rs
+++ b/components/script/dom/htmlstyleelement.rs
@@ -4,6 +4,7 @@
 
 use std::cell::Cell;
 
+use content_security_policy as csp;
 use dom_struct::dom_struct;
 use html5ever::{LocalName, Prefix};
 use js::rust::HandleObject;
@@ -97,8 +98,21 @@ impl HTMLStyleElement {
             return;
         }
 
-        let window = node.owner_window();
         let doc = self.owner_document();
+
+        // Step 5: If the Should element's inline behavior be blocked by Content Security Policy? algorithm
+        // returns "Blocked" when executed upon the style element, "style",
+        // and the style element's child text content, then return. [CSP]
+        if doc.should_elements_inline_type_behavior_be_blocked(
+            self.upcast(),
+            csp::InlineCheckType::Style,
+            &node.child_text_content(),
+        ) == csp::CheckResult::Blocked
+        {
+            return;
+        }
+
+        let window = node.owner_window();
         let data = node
             .GetTextContent()
             .expect("Element.textContent must be a string");
diff --git a/components/script/dom/servoparser/html.rs b/components/script/dom/servoparser/html.rs
index 07848c87678..7fd0429612a 100644
--- a/components/script/dom/servoparser/html.rs
+++ b/components/script/dom/servoparser/html.rs
@@ -302,11 +302,10 @@ pub(crate) fn serialize_html_fragment<S: Serializer>(
                     serializer.write_processing_instruction(pi.target(), &data)?;
                 },
 
-                NodeTypeId::DocumentFragment(_) => {},
+                NodeTypeId::DocumentFragment(_) | NodeTypeId::Attr => {},
 
                 NodeTypeId::Document(_) => panic!("Can't serialize Document node itself"),
                 NodeTypeId::Element(_) => panic!("Element shouldn't appear here"),
-                NodeTypeId::Attr => panic!("Attr shouldn't appear here"),
             },
             SerializationCommand::SerializeShadowRoot(shadow_root) => {
                 // Shadow roots are serialized as template elements with a fixed set of