<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[182877] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/182877">182877</a></dd>
<dt>Author</dt> <dd>cdumez@apple.com</dd>
<dt>Date</dt> <dd>2015-04-15 19:53:44 -0700 (Wed, 15 Apr 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Add a console message when a stylesheet is not parsed due to invalid MIME type
https://bugs.webkit.org/show_bug.cgi?id=143784
Reviewed by Joseph Pecoraro.
Source/WebCore:
After <a href="http://trac.webkit.org/projects/webkit/changeset/180020">r180020</a>, we no longer have a quirks mode exception for CSS MIME
types. This means that we'll start rejecting stylesheets that were
previously accepted due to this quirk. In this case we log a console
message to help Web developers understand why their stylesheet is being
rejected.
* css/StyleRuleImport.cpp:
(WebCore::StyleRuleImport::setCSSStyleSheet):
* css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::parseAuthorStyleSheet):
- Initialize hasValidMIMEType to true so that it ends up being false
only when canUseSheet(hasValidMIMEType) is called and we've determined
the MIME type is indeed invalid. Otherwise, hasValidMIMEType would
also be false when m_data is null or empty in
CachedCSSStyleSheet::sheetText() and we don't want to display the MIME
type error in this case.
- If hasValidMIMEType is false, display the console message and abort
early. We don't need to execute the rest of the function in this case
as sheetText is a null String and there is no point in trying to parse
it.
- Drop handling of !hasValidMIMEType && !hasSyntacticallyValidCSSHeader()
as this can no longer be reached. This handling no longer makes sense
after <a href="http://trac.webkit.org/projects/webkit/changeset/180020">r180020</a> as sheetText() will now always return a null String if
the MIME type is invalid (as we no longer support the CSS MIME type
quirks mode).
* css/StyleSheetContents.h:
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet):
LayoutTests:
Update expectations for tests that are using stylesheets served with wrong
MIME type as we now display a console message in this case.
* http/tests/inspector/css/bad-mime-type-expected.txt:
* http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt:
* http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt:
* http/tests/misc/css-accept-any-type-expected.txt:
* http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt:
* http/tests/security/cross-origin-css-1-expected.txt: Added.
* http/tests/security/cross-origin-css-1.html: Added.
* http/tests/security/cross-origin-css-2-expected.txt: Added.
* http/tests/security/cross-origin-css-2.html: Added.
* http/tests/security/cross-origin-css-3-expected.txt: Added.
* http/tests/security/cross-origin-css-3.html: Added.
* http/tests/security/cross-origin-css-4-expected.txt: Added.
* http/tests/security/cross-origin-css-4.html: Added.
* http/tests/security/cross-origin-css-5-expected.txt: Added.
* http/tests/security/cross-origin-css-5.html: Added.
* http/tests/security/cross-origin-css-6-expected.txt: Added.
* http/tests/security/cross-origin-css-6.html: Added.
* http/tests/security/cross-origin-css-7-expected.txt: Added.
* http/tests/security/cross-origin-css-7.html: Added.
* http/tests/security/cross-origin-css-8-expected.txt: Added.
* http/tests/security/cross-origin-css-8.html: Added.
* http/tests/security/cross-origin-css-expected.txt: Removed.
* http/tests/security/cross-origin-css.html: Removed.
Split http/tests/security/cross-origin-css.html into several tests. The
test would be flaky otherwise as console messages could appear in
different order for every run.
* platform/mac/http/tests/misc/acid3-expected.txt:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestshttptestsinspectorcssbadmimetypeexpectedtxt">trunk/LayoutTests/http/tests/inspector/css/bad-mime-type-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsmimestandardmodedoesnotloadstylesheetwithtextplainandcssextensionexpectedtxt">trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsmimestandardmodedoesnotloadstylesheetwithtextplainexpectedtxt">trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsmisccssacceptanytypeexpectedtxt">trunk/LayoutTests/http/tests/misc/css-accept-any-type-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsmisccssrejectanytypeinstrictmodeexpectedtxt">trunk/LayoutTests/http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmachttptestsmiscacid3expectedtxt">trunk/LayoutTests/platform/mac/http/tests/misc/acid3-expected.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorecssStyleRuleImportcpp">trunk/Source/WebCore/css/StyleRuleImport.cpp</a></li>
<li><a href="#trunkSourceWebCorecssStyleSheetContentscpp">trunk/Source/WebCore/css/StyleSheetContents.cpp</a></li>
<li><a href="#trunkSourceWebCorecssStyleSheetContentsh">trunk/Source/WebCore/css/StyleSheetContents.h</a></li>
<li><a href="#trunkSourceWebCorehtmlHTMLLinkElementcpp">trunk/Source/WebCore/html/HTMLLinkElement.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss1expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss1html">trunk/LayoutTests/http/tests/security/cross-origin-css-1.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss2expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss2html">trunk/LayoutTests/http/tests/security/cross-origin-css-2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss3expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-3-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss3html">trunk/LayoutTests/http/tests/security/cross-origin-css-3.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss4expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-4-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss4html">trunk/LayoutTests/http/tests/security/cross-origin-css-4.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss5expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss5html">trunk/LayoutTests/http/tests/security/cross-origin-css-5.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss6expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-6-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss6html">trunk/LayoutTests/http/tests/security/cross-origin-css-6.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss7expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-7-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss7html">trunk/LayoutTests/http/tests/security/cross-origin-css-7.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss8expectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-8-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincss8html">trunk/LayoutTests/http/tests/security/cross-origin-css-8.html</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincssexpectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-css-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincsshtml">trunk/LayoutTests/http/tests/security/cross-origin-css.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/ChangeLog 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,3 +1,43 @@
</span><ins>+2015-04-15 Chris Dumez <cdumez@apple.com>
+
+ Add a console message when a stylesheet is not parsed due to invalid MIME type
+ https://bugs.webkit.org/show_bug.cgi?id=143784
+
+ Reviewed by Joseph Pecoraro.
+
+ Update expectations for tests that are using stylesheets served with wrong
+ MIME type as we now display a console message in this case.
+
+ * http/tests/inspector/css/bad-mime-type-expected.txt:
+ * http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt:
+ * http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt:
+ * http/tests/misc/css-accept-any-type-expected.txt:
+ * http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt:
+
+ * http/tests/security/cross-origin-css-1-expected.txt: Added.
+ * http/tests/security/cross-origin-css-1.html: Added.
+ * http/tests/security/cross-origin-css-2-expected.txt: Added.
+ * http/tests/security/cross-origin-css-2.html: Added.
+ * http/tests/security/cross-origin-css-3-expected.txt: Added.
+ * http/tests/security/cross-origin-css-3.html: Added.
+ * http/tests/security/cross-origin-css-4-expected.txt: Added.
+ * http/tests/security/cross-origin-css-4.html: Added.
+ * http/tests/security/cross-origin-css-5-expected.txt: Added.
+ * http/tests/security/cross-origin-css-5.html: Added.
+ * http/tests/security/cross-origin-css-6-expected.txt: Added.
+ * http/tests/security/cross-origin-css-6.html: Added.
+ * http/tests/security/cross-origin-css-7-expected.txt: Added.
+ * http/tests/security/cross-origin-css-7.html: Added.
+ * http/tests/security/cross-origin-css-8-expected.txt: Added.
+ * http/tests/security/cross-origin-css-8.html: Added.
+ * http/tests/security/cross-origin-css-expected.txt: Removed.
+ * http/tests/security/cross-origin-css.html: Removed.
+ Split http/tests/security/cross-origin-css.html into several tests. The
+ test would be flaky otherwise as console messages could appear in
+ different order for every run.
+
+ * platform/mac/http/tests/misc/acid3-expected.txt:
+
</ins><span class="cx"> 2015-04-15 Said Abou-Hallawa <said@apple.com>
</span><span class="cx">
</span><span class="cx"> Minimum font size pref breaks SVG text very badly.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsinspectorcssbadmimetypeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/inspector/css/bad-mime-type-expected.txt (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/inspector/css/bad-mime-type-expected.txt 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/http/tests/inspector/css/bad-mime-type-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because its MIME type was invalid.
</ins><span class="cx"> Tests that showing Web Inspector on a page that has a stylesheet with an invalid MIME type does not crash.
</span><span class="cx">
</span><span class="cx"> This test passes if it does not crash.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsmimestandardmodedoesnotloadstylesheetwithtextplainandcssextensionexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1 +1,2 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/mime/resources/style-with-text-plain.php/foo.css' because its MIME type was invalid.
</ins><span class="cx"> This test passes if we do NOT apply the stylesheet (which turns the background color red.) The background color is: rgba(0, 0, 0, 0).
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsmimestandardmodedoesnotloadstylesheetwithtextplainexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1 +1,2 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/mime/resources/style-with-text-plain.php' because its MIME type was invalid.
</ins><span class="cx"> This test passes if we do NOT apply the stylesheet (which turns the background color red.) The background color is: rgba(0, 0, 0, 0).
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsmisccssacceptanytypeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/misc/css-accept-any-type-expected.txt (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/misc/css-accept-any-type-expected.txt 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/http/tests/misc/css-accept-any-type-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because its MIME type was invalid.
</ins><span class="cx"> This was a test for http://bugs.webkit.org/show_bug.cgi?id=11451 REGRESSION: Dell.com does not render correctly in ToT (stylesheet not loaded): given the security implications of accepting bad MIME types, we're now intentionally breaking this case to match other browsers.
</span><span class="cx">
</span><span class="cx"> SUCCESS
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsmisccssrejectanytypeinstrictmodeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/stylesheet-bad-mime-type.php' because its MIME type was invalid.
</ins><span class="cx"> Related test to http://bugs.webkit.org/show_bug.cgi?id=11451 REGRESSION: Dell.com does not render correctly in ToT (stylesheet not loaded). Making sure that in strict mode we would not load such a stylesheet.
</span><span class="cx">
</span><span class="cx"> SUCCESS
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss1expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-1-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss1.html' because its MIME type was invalid.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss1.html should not be loaded via <link>.
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss1html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-1.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-1.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-1.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<link rel="stylesheet" href="/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss1.html"></link>
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id1'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss1.html should not be loaded via &lt;link&gt;.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id1" class="id1"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss2expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-2-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss2.html' because its MIME type was invalid.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss2.html should not be loaded either via <link> or @import.
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss2html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-2.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-2.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-2.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<link rel="stylesheet" type="text/css" href="/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss2.html"></link>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id2'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss2.html should not be loaded either via &lt;link&gt; or @import.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id2" class="id2"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss3expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-3-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-3-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-3-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss1.css should be loaded via <link>
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss3html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-3.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-3.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-3.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<link rel="stylesheet"
+ href="/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss1.css"></link>
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id3'), 'rgb(255, 255, 0)');
+ }, 'xorigincss1.css should be loaded via &lt;link&gt;');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id3" class="id3"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss4expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-4-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-4-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-4-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/security/resources/xorigincss3.html' because its MIME type was invalid.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss3.html should not be loaded, even though it is same-origin
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss4html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-4.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-4.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-4.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<link rel="stylesheet" href="resources/xorigincss3.html"></link>
+
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id4'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss3.html should not be loaded, even though it is same-origin');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id4" class="id4"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss5expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-5-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss4.html' because its MIME type was invalid.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss4.html should not be loaded via @import.
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss5html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-5.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-5.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-5.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<style>
+@import "/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss4.html";
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id5'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss4.html should not be loaded via @import.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id5" class="id5"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss6expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-6-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-6-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-6-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss2.css should be loaded.
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss6html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-6.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-6.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-6.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<style>
+@import "/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss2.css";
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id6'), 'rgb(255, 255, 0)');
+ }, 'xorigincss2.css should be loaded.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id6" class="id6"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss7expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-7-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-7-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-7-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/security/resources/xorigincss5.html' because its MIME type was invalid.
+
+PASS Testing cross-origin and MIME behavior for CSS.
+PASS xorigincss5.html should not be loaded.
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss7html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-7.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-7.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-7.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<style>
+@import "resources/xorigincss5.html";
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ test(function () {
+ assert_equals(getBackgroundColorForId('id7'), 'rgba(0, 0, 0, 0)');
+ }, 'xorigincss5.html should not be loaded.');
+
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <div id="id7" class="id7"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss8expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-8-expected.txt (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-8-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-8-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+Check that data: is still allowed for non-CORS cross-origin image fetches.
+
+PASS background image loaded
+
+PASS Testing cross-origin and MIME behavior for CSS.
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincss8html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-css-8.html (0 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-8.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-8.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Cross-origin CSS</title>
+
+<script src="/w3c/resources/testharness.js"></script>
+<script src="/w3c/resources/testharnessreport.js"></script>
+
+<style>
+#data-background-url {
+ content: "PASS (image loaded)";
+ background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='0px' height='0px'></svg>");
+}
+</style>
+<script>
+function getBackgroundColorForId(id) {
+ return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
+}
+
+var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
+
+window.onload = function () {
+ onloadTest.done();
+};
+</script>
+</head>
+<body>
+ <p>Check that data: is still allowed for non-CORS cross-origin image fetches.</p>
+ <div id="data-background-url">PASS background image loaded</div>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincssexpectedtxt"></a>
<div class="delfile"><h4>Deleted: trunk/LayoutTests/http/tests/security/cross-origin-css-expected.txt (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css-expected.txt 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,11 +0,0 @@
</span><del>-PASS background image loaded
-
-PASS Testing cross-origin and MIME behavior for CSS.
-PASS xorigincss1.html should not be loaded via .
-PASS xorigincss2.html should not be loaded either via or @import.
-PASS xorigincss1.css should be loaded via
-PASS xorigincss3.html should not be loaded, even though it is same-origin
-PASS xorigincss4.html should not be loaded via @import.
-PASS xorigincss2.css should be loaded.
-PASS xorigincss5.html should not be loaded.
-
</del></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincsshtml"></a>
<div class="delfile"><h4>Deleted: trunk/LayoutTests/http/tests/security/cross-origin-css.html (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-css.html 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css.html 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,83 +0,0 @@
</span><del>-<!DOCTYPE html>
-<html>
-<head>
-<title>Cross-origin CSS</title>
-
-<script src="/w3c/resources/testharness.js"></script>
-<script src="/w3c/resources/testharnessreport.js"></script>
-
-<!-- Bring in various same- and cross-origin stylesheets. -->
-<link rel="stylesheet"
- href="/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss1.html"></link>
-<link rel="stylesheet"
- type="text/css"
- href="/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss2.html"></link>
-<link rel="stylesheet"
- href="/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss1.css"></link>
-<link rel="stylesheet"
- href="resources/xorigincss3.html"></link>
-
-<style>
-/* Deliberately reuse the same file / class / id on this first one */
-@import "/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss2.html";
-@import "/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss4.html";
-@import "/resources/redirect.php?url=http://localhost:8000/security/resources/xorigincss2.css";
-@import "resources/xorigincss5.html";
-
-/* Check that data: is still allowed for non-CORS cross-origin image fetches. */
-#data-background-url {
- content: "PASS (image loaded)";
- background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='0px' height='0px'></svg>");
-}
-</style>
-<script>
-function getBackgroundColorForId(id) {
- return window.getComputedStyle(document.getElementById(id), null).getPropertyValue('background-color')
-}
-
-var onloadTest = async_test("Testing cross-origin and MIME behavior for CSS.");
-
-window.onload = function () {
- test(function () {
- assert_equals(getBackgroundColorForId('id1'), 'rgba(0, 0, 0, 0)');
- }, 'xorigincss1.html should not be loaded via <link>.');
-
- test(function () {
- assert_equals(getBackgroundColorForId('id2'), 'rgba(0, 0, 0, 0)');
- }, 'xorigincss2.html should not be loaded either via <link> or @import.');
-
- test(function () {
- assert_equals(getBackgroundColorForId('id3'), 'rgb(255, 255, 0)');
- }, 'xorigincss1.css should be loaded via <link>');
-
- test(function () {
- assert_equals(getBackgroundColorForId('id4'), 'rgba(0, 0, 0, 0)');
- }, 'xorigincss3.html should not be loaded, even though it is same-origin');
-
- test(function () {
- assert_equals(getBackgroundColorForId('id5'), 'rgba(0, 0, 0, 0)');
- }, 'xorigincss4.html should not be loaded via @import.');
-
- test(function () {
- assert_equals(getBackgroundColorForId('id6'), 'rgb(255, 255, 0)');
- }, 'xorigincss2.css should be loaded.');
-
- test(function () {
- assert_equals(getBackgroundColorForId('id7'), 'rgba(0, 0, 0, 0)');
- }, 'xorigincss5.html should not be loaded.');
-
- onloadTest.done();
-};
-</script>
-</head>
-<body>
- <div id="id1" class="id1"></div>
- <div id="id2" class="id2"></div>
- <div id="id3" class="id3"></div>
- <div id="id4" class="id4"></div>
- <div id="id5" class="id5"></div>
- <div id="id6" class="id6"></div>
- <div id="id7" class="id7"></div>
- <div id="data-background-url">PASS background image loaded</div>
-</body>
-</html>
</del></span></pre></div>
<a id="trunkLayoutTestsplatformmachttptestsmiscacid3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac/http/tests/misc/acid3-expected.txt (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac/http/tests/misc/acid3-expected.txt 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/LayoutTests/platform/mac/http/tests/misc/acid3-expected.txt 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Did not parse stylesheet at 'http://127.0.0.1:8000/misc/resources/acid3/empty.css' because its MIME type was invalid.
</ins><span class="cx"> layer at (0,0) size 800x600
</span><span class="cx"> RenderView at (0,0) size 800x600
</span><span class="cx"> layer at (20,20) size 644x433
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/Source/WebCore/ChangeLog 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -1,3 +1,41 @@
</span><ins>+2015-04-15 Chris Dumez <cdumez@apple.com>
+
+ Add a console message when a stylesheet is not parsed due to invalid MIME type
+ https://bugs.webkit.org/show_bug.cgi?id=143784
+
+ Reviewed by Joseph Pecoraro.
+
+ After r180020, we no longer have a quirks mode exception for CSS MIME
+ types. This means that we'll start rejecting stylesheets that were
+ previously accepted due to this quirk. In this case we log a console
+ message to help Web developers understand why their stylesheet is being
+ rejected.
+
+ * css/StyleRuleImport.cpp:
+ (WebCore::StyleRuleImport::setCSSStyleSheet):
+
+ * css/StyleSheetContents.cpp:
+ (WebCore::StyleSheetContents::parseAuthorStyleSheet):
+ - Initialize hasValidMIMEType to true so that it ends up being false
+ only when canUseSheet(hasValidMIMEType) is called and we've determined
+ the MIME type is indeed invalid. Otherwise, hasValidMIMEType would
+ also be false when m_data is null or empty in
+ CachedCSSStyleSheet::sheetText() and we don't want to display the MIME
+ type error in this case.
+ - If hasValidMIMEType is false, display the console message and abort
+ early. We don't need to execute the rest of the function in this case
+ as sheetText is a null String and there is no point in trying to parse
+ it.
+ - Drop handling of !hasValidMIMEType && !hasSyntacticallyValidCSSHeader()
+ as this can no longer be reached. This handling no longer makes sense
+ after r180020 as sheetText() will now always return a null String if
+ the MIME type is invalid (as we no longer support the CSS MIME type
+ quirks mode).
+
+ * css/StyleSheetContents.h:
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::setCSSStyleSheet):
+
</ins><span class="cx"> 2015-04-15 Said Abou-Hallawa <said@apple.com>
</span><span class="cx">
</span><span class="cx"> Minimum font size pref breaks SVG text very badly.
</span></span></pre></div>
<a id="trunkSourceWebCorecssStyleRuleImportcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/css/StyleRuleImport.cpp (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/css/StyleRuleImport.cpp 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/Source/WebCore/css/StyleRuleImport.cpp 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -71,10 +71,8 @@
</span><span class="cx"> context.baseURL = baseURL;
</span><span class="cx">
</span><span class="cx"> m_styleSheet = StyleSheetContents::create(this, href, context);
</span><ins>+ m_styleSheet->parseAuthorStyleSheet(cachedStyleSheet);
</ins><span class="cx">
</span><del>- Document* document = m_parentStyleSheet ? m_parentStyleSheet->singleOwnerDocument() : 0;
- m_styleSheet->parseAuthorStyleSheet(cachedStyleSheet, document ? document->securityOrigin() : 0);
-
</del><span class="cx"> m_loading = false;
</span><span class="cx">
</span><span class="cx"> if (m_parentStyleSheet) {
</span></span></pre></div>
<a id="trunkSourceWebCorecssStyleSheetContentscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/css/StyleSheetContents.cpp (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/css/StyleSheetContents.cpp 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/Source/WebCore/css/StyleSheetContents.cpp 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> #include "MediaList.h"
</span><span class="cx"> #include "Node.h"
</span><span class="cx"> #include "RuleSet.h"
</span><del>-#include "SecurityOrigin.h"
</del><span class="cx"> #include "StyleProperties.h"
</span><span class="cx"> #include "StyleRule.h"
</span><span class="cx"> #include "StyleRuleImport.h"
</span><span class="lines">@@ -285,24 +284,21 @@
</span><span class="cx"> return it->value;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void StyleSheetContents::parseAuthorStyleSheet(const CachedCSSStyleSheet* cachedStyleSheet, const SecurityOrigin* securityOrigin)
</del><ins>+void StyleSheetContents::parseAuthorStyleSheet(const CachedCSSStyleSheet* cachedStyleSheet)
</ins><span class="cx"> {
</span><del>- bool hasValidMIMEType = false;
</del><ins>+ bool hasValidMIMEType = true;
</ins><span class="cx"> String sheetText = cachedStyleSheet->sheetText(&hasValidMIMEType);
</span><span class="cx">
</span><ins>+ if (!hasValidMIMEType) {
+ ASSERT(sheetText.isNull());
+ if (auto* document = singleOwnerDocument())
+ document->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because its MIME type was invalid.");
+ return;
+ }
+
</ins><span class="cx"> CSSParser p(parserContext());
</span><span class="cx"> p.parseSheet(this, sheetText, TextPosition(), nullptr, true);
</span><span class="cx">
</span><del>- // If we're loading a stylesheet cross-origin, and the MIME type is not standard, require the CSS
- // to at least start with a syntactically valid CSS rule.
- // This prevents an attacker playing games by injecting CSS strings into HTML, XML, JSON, etc. etc.
- if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) {
- bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(baseURL());
- if (isCrossOriginCSS) {
- clearRules();
- return;
- }
- }
</del><span class="cx"> if (m_parserContext.needsSiteSpecificQuirks && isStrictParserMode(m_parserContext.mode)) {
</span><span class="cx"> // Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
</span><span class="cx"> DEPRECATED_DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, (ASCIILiteral("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n")));
</span></span></pre></div>
<a id="trunkSourceWebCorecssStyleSheetContentsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/css/StyleSheetContents.h (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/css/StyleSheetContents.h 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/Source/WebCore/css/StyleSheetContents.h 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -36,7 +36,6 @@
</span><span class="cx"> class CachedCSSStyleSheet;
</span><span class="cx"> class Document;
</span><span class="cx"> class Node;
</span><del>-class SecurityOrigin;
</del><span class="cx"> class StyleRuleBase;
</span><span class="cx"> class StyleRuleImport;
</span><span class="cx">
</span><span class="lines">@@ -61,7 +60,7 @@
</span><span class="cx">
</span><span class="cx"> const AtomicString& determineNamespace(const AtomicString& prefix);
</span><span class="cx">
</span><del>- void parseAuthorStyleSheet(const CachedCSSStyleSheet*, const SecurityOrigin*);
</del><ins>+ void parseAuthorStyleSheet(const CachedCSSStyleSheet*);
</ins><span class="cx"> WEBCORE_EXPORT bool parseString(const String&);
</span><span class="cx"> bool parseStringAtPosition(const String&, const TextPosition&, bool createdByParser);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorehtmlHTMLLinkElementcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLLinkElement.cpp (182876 => 182877)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/html/HTMLLinkElement.cpp 2015-04-16 02:50:29 UTC (rev 182876)
+++ trunk/Source/WebCore/html/HTMLLinkElement.cpp 2015-04-16 02:53:44 UTC (rev 182877)
</span><span class="lines">@@ -341,7 +341,7 @@
</span><span class="cx"> m_sheet->setMediaQueries(MediaQuerySet::createAllowingDescriptionSyntax(m_media));
</span><span class="cx"> m_sheet->setTitle(title());
</span><span class="cx">
</span><del>- styleSheet.get().parseAuthorStyleSheet(cachedStyleSheet, document().securityOrigin());
</del><ins>+ styleSheet.get().parseAuthorStyleSheet(cachedStyleSheet);
</ins><span class="cx">
</span><span class="cx"> m_loading = false;
</span><span class="cx"> styleSheet.get().notifyLoadedSheet(cachedStyleSheet);
</span></span></pre>
</div>
</div>
</body>
</html>