diff options
Diffstat (limited to 'components/script')
| -rw-r--r-- | components/script/dom/document.rs | 10 | ||||
| -rw-r--r-- | components/script/dom/htmlstyleelement.rs | 16 | ||||
| -rw-r--r-- | components/script/dom/servoparser/html.rs | 3 |
3 files changed, 21 insertions, 8 deletions
diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index ae48fa1fb2f..e3590461604 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -4307,16 +4307,16 @@ impl Document { type_: csp::InlineCheckType, source: &str, ) -> csp::CheckResult { - let element = csp::Element { - nonce: el - .get_attribute(&ns!(), &local_name!("nonce")) - .map(|attr| Cow::Owned(attr.value().to_string())), - }; let (result, violations) = match self.get_csp_list() { None => { return csp::CheckResult::Allowed; }, Some(csp_list) => { + let element = csp::Element { + nonce: el + .get_attribute(&ns!(), &local_name!("nonce")) + .map(|attr| Cow::Owned(attr.value().to_string())), + }; csp_list.should_elements_inline_type_behavior_be_blocked(&element, type_, source) }, }; diff --git a/components/script/dom/htmlstyleelement.rs b/components/script/dom/htmlstyleelement.rs index 0deb507f283..194b81729fb 100644 --- a/components/script/dom/htmlstyleelement.rs +++ b/components/script/dom/htmlstyleelement.rs @@ -4,6 +4,7 @@ use std::cell::Cell; +use content_security_policy as csp; use dom_struct::dom_struct; use html5ever::{LocalName, Prefix}; use js::rust::HandleObject; @@ -97,8 +98,21 @@ impl HTMLStyleElement { return; } - let window = node.owner_window(); let doc = self.owner_document(); + + // Step 5: If the Should element's inline behavior be blocked by Content Security Policy? algorithm + // returns "Blocked" when executed upon the style element, "style", + // and the style element's child text content, then return. [CSP] + if doc.should_elements_inline_type_behavior_be_blocked( + self.upcast(), + csp::InlineCheckType::Style, + &node.child_text_content(), + ) == csp::CheckResult::Blocked + { + return; + } + + let window = node.owner_window(); let data = node .GetTextContent() .expect("Element.textContent must be a string"); diff --git a/components/script/dom/servoparser/html.rs b/components/script/dom/servoparser/html.rs index 07848c87678..7fd0429612a 100644 --- a/components/script/dom/servoparser/html.rs +++ b/components/script/dom/servoparser/html.rs @@ -302,11 +302,10 @@ pub(crate) fn serialize_html_fragment<S: Serializer>( serializer.write_processing_instruction(pi.target(), &data)?; }, - NodeTypeId::DocumentFragment(_) => {}, + NodeTypeId::DocumentFragment(_) | NodeTypeId::Attr => {}, NodeTypeId::Document(_) => panic!("Can't serialize Document node itself"), NodeTypeId::Element(_) => panic!("Element shouldn't appear here"), - NodeTypeId::Attr => panic!("Attr shouldn't appear here"), }, SerializationCommand::SerializeShadowRoot(shadow_root) => { // Shadow roots are serialized as template elements with a fixed set of |