<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[186617] branches/safari-600.8-branch</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/186617">186617</a></dd>
<dt>Author</dt> <dd>matthew_hanson@apple.com</dd>
<dt>Date</dt> <dd>2015-07-09 14:02:37 -0700 (Thu, 09 Jul 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/186521">r186521</a>. rdar://problem/21707887</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari6008branchLayoutTestsChangeLog">branches/safari-600.8-branch/LayoutTests/ChangeLog</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreChangeLog">branches/safari-600.8-branch/Source/WebCore/ChangeLog</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreModuleswebsocketsWebSocketcpp">branches/safari-600.8-branch/Source/WebCore/Modules/websockets/WebSocket.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreWebCoreexpin">branches/safari-600.8-branch/Source/WebCore/WebCore.exp.in</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSCanvasValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSCanvasValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSCrossfadeValuecpp">branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSCrossfadeValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSCursorImageValuecpp">branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSCursorImageValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSFilterImageValuecpp">branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSFilterImageValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSFontFaceSrcValuecpp">branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSFontFaceSrcValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSFontSelectorcpp">branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSFontSelectorh">branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSGradientValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSGradientValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSImageGeneratorValuecpp">branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSImageGeneratorValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSImageSetValuecpp">branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSImageSetValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSImageValuecpp">branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssCSSImageValueh">branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssRuleSetcpp">branches/safari-600.8-branch/Source/WebCore/css/RuleSet.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssRuleSeth">branches/safari-600.8-branch/Source/WebCore/css/RuleSet.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssStyleResolvercpp">branches/safari-600.8-branch/Source/WebCore/css/StyleResolver.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorecssStyleRuleImportcpp">branches/safari-600.8-branch/Source/WebCore/css/StyleRuleImport.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoredomInlineStyleSheetOwnercpp">branches/safari-600.8-branch/Source/WebCore/dom/InlineStyleSheetOwner.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoredomNodecpp">branches/safari-600.8-branch/Source/WebCore/dom/Node.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoredomNodeh">branches/safari-600.8-branch/Source/WebCore/dom/Node.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCoredomScriptElementcpp">branches/safari-600.8-branch/Source/WebCore/dom/ScriptElement.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoredomStyledElementcpp">branches/safari-600.8-branch/Source/WebCore/dom/StyledElement.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorehtmlHTMLMediaElementcpp">branches/safari-600.8-branch/Source/WebCore/html/HTMLMediaElement.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorehtmlHTMLTrackElementcpp">branches/safari-600.8-branch/Source/WebCore/html/HTMLTrackElement.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorehtmltrackLoadableTextTrackcpp">branches/safari-600.8-branch/Source/WebCore/html/track/LoadableTextTrack.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderDocumentLoadercpp">branches/safari-600.8-branch/Source/WebCore/loader/DocumentLoader.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderImageLoadercpp">branches/safari-600.8-branch/Source/WebCore/loader/ImageLoader.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderNetscapePlugInStreamLoadercpp">branches/safari-600.8-branch/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderPolicyCheckercpp">branches/safari-600.8-branch/Source/WebCore/loader/PolicyChecker.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderResourceLoaderOptionsh">branches/safari-600.8-branch/Source/WebCore/loader/ResourceLoaderOptions.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderSubframeLoadercpp">branches/safari-600.8-branch/Source/WebCore/loader/SubframeLoader.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderTextTrackLoadercpp">branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloaderTextTrackLoaderh">branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloadercacheCachedResourceLoadercpp">branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloadercacheCachedSVGDocumentReferencecpp">branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloadercacheCachedSVGDocumentReferenceh">branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreloadericonIconLoadercpp">branches/safari-600.8-branch/Source/WebCore/loader/icon/IconLoader.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorepageContentSecurityPolicycpp">branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorepageContentSecurityPolicyh">branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCorepageDOMSecurityPolicycpp">branches/safari-600.8-branch/Source/WebCore/page/DOMSecurityPolicy.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCorepageEventSourcecpp">branches/safari-600.8-branch/Source/WebCore/page/EventSource.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreplatformgraphicsavfoundationobjcWebCoreAVFResourceLoadermm">branches/safari-600.8-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm</a></li>
<li><a href="#branchessafari6008branchSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamercpp">branches/safari-600.8-branch/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoresvgSVGFEImageElementcpp">branches/safari-600.8-branch/Source/WebCore/svg/SVGFEImageElement.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoresvgSVGFontFaceUriElementcpp">branches/safari-600.8-branch/Source/WebCore/svg/SVGFontFaceUriElement.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoresvgSVGUseElementcpp">branches/safari-600.8-branch/Source/WebCore/svg/SVGUseElement.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoretestingInternalscpp">branches/safari-600.8-branch/Source/WebCore/testing/Internals.cpp</a></li>
<li><a href="#branchessafari6008branchSourceWebCoretestingInternalsh">branches/safari-600.8-branch/Source/WebCore/testing/Internals.h</a></li>
<li><a href="#branchessafari6008branchSourceWebCoretestingInternalsidl">branches/safari-600.8-branch/Source/WebCore/testing/Internals.idl</a></li>
<li><a href="#branchessafari6008branchSourceWebCorexmlXMLHttpRequestcpp">branches/safari-600.8-branch/Source/WebCore/xml/XMLHttpRequest.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyresourcesalertpassandnotifydonejs">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyresourceswaituntildonejs">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js</a></li>
<li>branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/</li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowaudioexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowaudiohtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssbackgroundexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssbackgroundhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsscursorexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsscursorhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssfilteronimageexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssfilteronimagehtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsswebkitimagesetexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsswebkitimagesethtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowembedpluginexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowembedpluginhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowexternalscriptexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowexternalscripthtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowiframeexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowiframehtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimageafterredirectexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimageafterredirecthtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimageexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimagehtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinescriptexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinescripthtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestyleexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestylehtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestylesheetexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestylesheethtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjectexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjectpluginexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjectpluginhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjecthtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfeimageelementexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfeimageelementhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfontexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfonthtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvguseelementexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvguseelementhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowtrackexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowtrackhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowvideoexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowvideohtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMblockloadinguseragentimagefromnonuseragentcontentexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMblockloadinguseragentimagefromnonuseragentcontenthtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlallowedexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlallowedhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblockedexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblockedhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked2expectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked2html">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked3expectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked3html">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html</a></li>
<li>branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/</li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMresourcesABCFontsvg">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMresourcesallowinlinescriptjs">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMresourcesfloodGreenFiltersvg">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMvideocontrolsallowedexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMvideocontrolsallowedhtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldimageloadshouldnotbypassmainworldcspexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldimageloadshouldnotbypassmainworldcsphtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldbypassmainworldcspexpectedtxt">branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt</a></li>
<li><a href="#branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldbypassmainworldcsphtml">branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari6008branchLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/LayoutTests/ChangeLog (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/ChangeLog 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/LayoutTests/ChangeLog 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1,5 +1,91 @@
</span><span class="cx"> 2015-07-09 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><ins>+ Merge r186521. rdar://problem/21707887
+
+ 2015-07-08 Daniel Bates <dabates@apple.com>
+
+ Merge r186388. rdar://problem/21708243
+
+ 2015-07-06 Daniel Bates <dabates@apple.com>
+
+ Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
+ should be exempt from Content Security Policy
+ https://bugs.webkit.org/show_bug.cgi?id=144830
+ <rdar://problem/18860261>
+
+ Reviewed by Geoffrey Garen.
+
+ Add tests to ensure that we exempt nodes in a user agent shadow tree from the Content Security Policy (CSP) of the page.
+
+ Updated test LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html to ensure that
+ we do not bypass the CSP of the page for a script that executes in an isolated world and renamed the
+ file image-load-should-not-bypass-main-world-csp.html.
+
+ * http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js: Added.
+ * http/tests/security/contentSecurityPolicy/resources/wait-until-done.js: Added.
+ (alertAndDone):
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js: Added.
+ (window.onload):
+ (testPassed):
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html: Added.
+ * http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt.
+ * http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html: Renamed from LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html.
+
+2015-07-09 Matthew Hanson <matthew_hanson@apple.com>
+
</ins><span class="cx"> Merge r186516. rdar://problem/21707896
</span><span class="cx">
</span><span class="cx"> 2015-06-10 Chris Dumez <cdumez@apple.com>
</span></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyresourcesalertpassandnotifydonejs"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+alert("PASS");
+if (window.testRunner)
+ testRunner.notifyDone();
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyresourceswaituntildonejs"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/wait-until-done.js 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+if (window.testRunner)
+ testRunner.waitUntilDone();
+
+function alertAndDone(message)
+{
+ alert(message);
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowaudioexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+Tests that a HTML audio element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS did load audio metadata.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowaudiohtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,45 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML audio element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var audio = document.createElement("audio");
+ userAgentShadowRoot.appendChild(audio);
+
+ audio.onloadedmetadata = function () {
+ log("PASS did load audio metadata.");
+ testRunner.notifyDone();
+ }
+ audio.onerror = function () {
+ log("FAIL did not load audio metadata.");
+ testRunner.notifyDone();
+ }
+ audio.src = "http://localhost:8000/resources/balls-of-the-orient.aif";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssbackgroundexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a background image when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssbackgroundhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a background image when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var style = document.createElement("style");
+ userAgentShadowRoot.appendChild(style);
+
+ style.textContent = "#test1 { background-image: url(../../resources/abe.png); }";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsscursorexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image for a cursor when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsscursorhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image for a cursor when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var style = document.createElement("style");
+ userAgentShadowRoot.appendChild(style);
+
+ style.textContent = "#test1 { cursor: url(../../resources/abe.png); }";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssfilteronimageexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a SVG filter image when the page has CSP policy: img-src 'none'.
+
+PASS SVG filter image did load.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcssfilteronimagehtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,48 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load a SVG filter image when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+
+ var image = new Image;
+ userAgentShadowRoot.appendChild(image);
+
+ image.onload = function () {
+ log("PASS SVG filter image did load.");
+ testRunner.notifyDone();
+ }
+ image.onerror = function () {
+ log("FAIL SVG filter image did not load.");
+ testRunner.notifyDone();
+ }
+
+ image.style.webkitFilter = "url(resources/floodGreenFilter.svg#filter)";
+ image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsswebkitimagesetexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image set when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowcsswebkitimagesethtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load an image set when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var style = document.createElement("style");
+ userAgentShadowRoot.appendChild(style);
+
+ style.textContent = "#test1 { background-image: -webkit-image-set(url(../../resources/abe.png) 1x, url(../../resources/abe.png) 2x) }";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowembedpluginexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that a HTML embed element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: object-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowembedpluginhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'">
+<script src="/js-test-resources/plugin.js"></script>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a HTML embed element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: <code>object-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var object = document.createElement("embed");
+ object.type = "application/x-webkit-test-netscape";
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ userAgentShadowRoot.appendChild(object);
+ runAfterPluginLoad(null, NotifyDone);
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowexternalscriptexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+ALERT: PASS
+Tests that a external JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: script-src 'unsafe-inline'.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowexternalscripthtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a external JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>script-src 'unsafe-inline'</code>.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var script = document.createElement("script");
+ userAgentShadowRoot.appendChild(script);
+
+ script.onerror = function () {
+ alert("FAIL script did not load.");
+ testRunner.notifyDone();
+ }
+ script.src = "http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowiframeexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+ALERT: PASS iframe did load.
+Tests that a HTML iframe element, in a user agent shadow tree, is allowed to load when the page has CSP policy: frame-src 'none'. This test FAILED if it timesout.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowiframehtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML iframe element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>frame-src 'none'</code>. This test FAILED if it timesout.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var iframe = document.createElement("iframe");
+ userAgentShadowRoot.appendChild(iframe);
+
+ iframe.onload = function () {
+ alert("PASS iframe did load.");
+ // The content document of the HTML iframe will call testRunner.notifyDone().
+ }
+ iframe.src = "http://127.0.0.1:8000/resources/notify-done.html";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimageafterredirectexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+Tests that a HTML image element, in a user agent shadow tree, is allowed to load an image resource that has been temporarily moved when the page has CSP policy: img-src 'none'.
+
+PASS image did load.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimageafterredirecthtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,46 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML image element, in a user agent shadow tree, is allowed to load an image resource that has been temporarily moved when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var image = new Image;
+ userAgentShadowRoot.appendChild(image);
+
+ image.onload = function () {
+ log("PASS image did load.");
+ testRunner.notifyDone();
+ }
+ image.onerror = function () {
+ log("FAIL image did not load.");
+ testRunner.notifyDone();
+ }
+ // HTTP 307 temporary redirect to <http://127.0.0.1:8000/security/resources/abe.png>.
+ image.src = "http://localhost:8000/resources/redirect.php?code=307&url=/security/resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimageexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+Tests that a HTML image element, in a user agent shadow tree, is allowed to load when the page has CSP policy: img-src 'none'.
+
+PASS image did load.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowimagehtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,46 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML image element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>img-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+
+ var image = new Image;
+ userAgentShadowRoot.appendChild(image);
+
+ image.onload = function () {
+ log("PASS image did load.");
+ testRunner.notifyDone();
+ }
+ image.onerror = function () {
+ log("FAIL image did not load.");
+ testRunner.notifyDone();
+ }
+ image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinescriptexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that an inline JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: script-src 'self'.
+
+PASS did execute inline script.
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinescripthtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
+<script src="resources/allow-inline-script.js"></script>
+</head>
+<body>
+<p>Tests that an inline JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>script-src 'self'</code>.</p>
+<div id="shadow-host"></div>
+<p id="result">FAIL did not execute inline script.</p>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestyleexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+Tests that the CSS style of an element, in a user agent shadow tree, can be modified via the HTML style attribute when the page has CSP policy: style-src 'none'.
+
+PASS modified CSS style of element.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestylehtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,41 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that the CSS style of an element, in a user agent shadow tree, can be modified via the HTML style attribute when the page has CSP policy: <code>style-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var div = document.createElement("div");
+ userAgentShadowRoot.appendChild(div);
+
+ var expectedColor = "green";
+ div.setAttribute("style", "background-color: " + expectedColor);
+
+ if (div.style.backgroundColor === expectedColor)
+ log("PASS modified CSS style of element.");
+ else
+ log("FAIL background-style of element should be " + expectedColor + ". Was " + div.style.backgroundColor + ".");
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestylesheetexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load when the page has CSP policy: style-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowinlinestylesheethtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that an inline stylesheet, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>style-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var style = document.createElement("style");
+ userAgentShadowRoot.appendChild(style);
+
+ style.textContent = "#test1 { display: none; }";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjectexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+ALERT: PASS user agent object loaded.
+Tests that a HTML object element, in a user agent shadow tree, is allowed to load markup when the page has CSP policy: frame-src 'none'. This test FAILED if it timesout.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjectpluginexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that a HTML object element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: object-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjectpluginhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,32 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="object-src 'none'; script-src 'self' 'unsafe-inline'">
+<script src="/js-test-resources/plugin.js"></script>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a HTML object element, in a user agent shadow tree, is allowed to load a plugin when the page has CSP policy: <code>object-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var object = document.createElement("object");
+ object.type = "application/x-webkit-test-netscape";
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ userAgentShadowRoot.appendChild(object);
+
+ runAfterPluginLoad(null, NotifyDone);
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowobjecthtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,36 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML object element, in a user agent shadow tree, is allowed to load markup when the page has CSP policy: <code>frame-src 'none'</code>. This test FAILED if it timesout.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var object = document.createElement("object");
+ userAgentShadowRoot.appendChild(object);
+
+ object.type = "text/html";
+ object.onload = function () {
+ alert("PASS user agent object loaded.");
+ // The content document of the HTML object will call testRunner.notifyDone().
+ }
+ object.data = "http://localhost:8000/resources/notify-done.html";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfeimageelementexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that a SVG feImage element, in a user agent shadow tree, is allowed to load an external image when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfeimageelementhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,33 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG feImage element, in a user agent shadow tree, is allowed to load an external image when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var svgElement = document.createElementNS("http://www.w3.org/2000/svg", "svg");
+ userAgentShadowRoot.appendChild(svgElement);
+ var filterElement = document.createElementNS("http://www.w3.org/2000/svg", "filter");
+ svgElement.appendChild(filterElement);
+ var feImageElement = document.createElementNS("http://www.w3.org/2000/svg", "feImage");
+ filterElement.appendChild(feImageElement);
+
+ feImageElement.setAttributeNS("http://www.w3.org/1999/xlink", "href", "../../resources/abe.png");
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfontexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that a SVG font-face element, in a user agent shadow tree, is allowed to load an external SVG font when the page has CSP policy: font-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvgfonthtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,33 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="font-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG font-face element, in a user agent shadow tree, is allowed to load an external SVG font when the page has CSP policy: <code>font-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<svg id="shadow-host" viewBox="0 0 100 100">
+</svg>
+<script>
+function runTest()
+{
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var fontFace = document.createElementNS("http://www.w3.org/2000/svg", "font-face");
+ userAgentShadowRoot.appendChild(fontFace);
+ var fontFaceSrc = document.createElementNS("http://www.w3.org/2000/svg", "font-face-src");
+ fontFace.appendChild(fontFaceSrc);
+ var fontFaceURI = document.createElementNS("http://www.w3.org/2000/svg", "font-face-uri");
+ fontFaceSrc.appendChild(fontFaceURI);
+
+ fontFace.setAttributeNS(null, "font-family", "ABCFont");
+ fontFaceURI.setAttributeNS("http://www.w3.org/1999/xlink", "href", "resources/ABCFont.svg#ABCFont");
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvguseelementexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Tests that a SVG Use element, in a user agent shadow tree, is allowed to load an external SVG document when the page has CSP policy: img-src 'none'. This test PASSED if there are no console warning messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowsvguseelementhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<p>Tests that a SVG Use element, in a user agent shadow tree, is allowed to load an external SVG document when the page has CSP policy: <code>img-src 'none'</code>. This test PASSED if there are no console warning messages.</p>
+<div id="shadow-host"></div>
+<script>
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var svgElement = document.createElementNS("http://www.w3.org/2000/svg", "svg");
+ userAgentShadowRoot.appendChild(svgElement);
+ var useElement = document.createElementNS("http://www.w3.org/2000/svg", "use");
+ svgElement.appendChild(useElement);
+
+ useElement.setAttributeNS("http://www.w3.org/1999/xlink", "href", "resources/allow-svg-use-element.svg#blue-square");
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowtrackexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+Tests that a HTML track element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS track did load.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowtrackhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,49 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML track element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var video = document.createElement("video");
+ userAgentShadowRoot.appendChild(video);
+ var track = document.createElement("track");
+ video.appendChild(track);
+
+ track.track.mode = "hidden";
+ track.kind = "captions";
+ track.onload = function () {
+ log("PASS track did load.");
+ testRunner.notifyDone();
+ }
+ track.onerror = function () {
+ log("FAIL track did not load.");
+ testRunner.notifyDone();
+ }
+ track.src = "../resources/track.vtt";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowvideoexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+Tests that a HTML video element, in a user agent shadow tree, is allowed to load when the page has CSP policy: media-src 'none'.
+
+PASS did load video metadata.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMallowvideohtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,45 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="media-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that a HTML video element, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>media-src 'none'</code>.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var video = document.createElement("video");
+ userAgentShadowRoot.appendChild(video);
+
+ video.onloadedmetadata = function () {
+ log("PASS did load video metadata.");
+ testRunner.notifyDone();
+ }
+ video.onerror = function () {
+ log("FAIL did not load video metadata.");
+ testRunner.notifyDone();
+ }
+ video.src = "http://127.0.0.1:8000/resources/test.mp4";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMblockloadinguseragentimagefromnonuseragentcontentexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+Tests that we prevent the document from loading an image that was loaded earlier from a user agent shadow tree. This test can only be run in the test tool. This test PASSED if you see the word PASS below and there is exactly one Content Security Policy console message about a blocked image load.
+
+PASS image was not loaded by document.
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMblockloadinguseragentimagefromnonuseragentcontenthtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,54 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'; script-src 'unsafe-inline'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>Tests that we prevent the document from loading an image that was loaded earlier from a user agent shadow tree. This test can only be run in the test tool. This test PASSED if you see the word PASS below and there is exactly one Content Security Policy console message about a blocked image load.</p>
+<div id="shadow-host"></div>
+<pre id="console"></pre>
+<script>
+function log(message)
+{
+ document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
+}
+
+function runTest()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var image = new Image;
+ userAgentShadowRoot.appendChild(image);
+
+ image.onload = function () {
+ // Load image again in document; should be prevented by Content Security Policy.
+ var unprivilegedImage = new Image;
+ unprivilegedImage.src = "../../resources/abe.png";
+ unprivilegedImage.onload = function () {
+ log("FAIL image should not have been loaded by document. But it was loaded.");
+ testRunner.notifyDone();
+ }
+ unprivilegedImage.onerror = function () {
+ log("PASS image was not loaded by document.");
+ testRunner.notifyDone();
+ }
+ }
+ image.onerror = function () {
+ log("FAIL image did not load.");
+ testRunner.notifyDone();
+ }
+ image.src = "../../resources/abe.png";
+}
+
+runTest();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlallowedexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,2 @@
</span><ins>+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlallowedhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://127.0.0.1:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('PASS')" onerror="alertAndDone('FAIL')"></object>
+<video controls></video>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblockedhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')">
+ <video controls></video>
+</object>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked2expectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked2html"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')"></object>
+<video controls></video>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked3expectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Refused to load the image 'http://localhost:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
+
+ALERT: PASS
+This test passes if it doesn't alert FAIL and does alert PASS.
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMdefaultsrcobjectdataurlblocked3html"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+<script src="../resources/wait-until-done.js"></script>
+</head>
+<body>
+This test passes if it doesn't alert FAIL and does alert PASS.
+<object data="http://localhost:8000/security/resources/abe.png" type="image/png" onload="alertAndDone('FAIL')" onerror="alertAndDone('PASS')"></object>
+<video></video>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMresourcesABCFontsvg"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+<?xml version="1.0"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <defs>
+ <!-- Based on DejaVu Serif (http://dejavu-fonts.org/wiki/index.php?title=License) -->
+ <font id="ABCFont" horiz-adv-x="1716">
+ <font-face
+ font-family="DejaVu Serif"
+ font-weight="400"
+ font-stretch="normal"
+ units-per-em="2048"
+ panose-1="2 6 6 3 5 6 5 2 2 4"
+ ascent="1556"
+ descent="-492"
+ x-height="1063"
+ cap-height="1493"
+ bbox="-1576 -710 3439 2544"
+ underline-thickness="90"
+ underline-position="-85"
+ unicode-range="U+0020-U+1D7E1"
+ />
+
+ <missing-glyph horiz-adv-x="1229" d="M102 -362v1806h1024v-1806h-1024zM217 -248h795v1577h-795v-1577z" />
+
+ <glyph glyph-name="space" unicode=" " horiz-adv-x="651" />
+
+ <glyph glyph-name="a" unicode="a" horiz-adv-x="1221"
+ d="M815 334v225h-237q-137 0 -204 -59t-67 -181q0 -111 68 -176t184 -65q115 0 185.5 71t70.5 185zM999 664v-558h164v-106h-348v115q-61 -74 -141 -109t-187 -35q-177 0 -281 94t-104 254q0 165 119 256t336 91h258v73q0 121 -73.5 187.5t-206.5 66.5q-110 0 -175 -50t-81 -148h-95v215q96 41 186.5 61.5t176.5 20.5q221 0 336.5 -109.5t115.5 -318.5z" />
+ <glyph glyph-name="b" unicode="b" horiz-adv-x="1311"
+ d="M236 106v1344h-177v106h361v-659q54 100 137.5 147.5t206.5 47.5q196 0 320 -155t124 -405t-124 -405.5t-320 -155.5q-123 0 -206.5 47.5t-137.5 147.5v-166h-361v106h177zM420 479q0 -192 73.5 -292.5t213.5 -100.5q141 0 213.5 113t72.5 333q0 221 -72.5 333t-213.5 112q-140 0 -213.5 -101t-73.5 -292v-105z" />
+ <glyph glyph-name="c" unicode="c" horiz-adv-x="1147"
+ d="M1053 319q-39 -170 -150 -259t-287 -89q-232 0 -373 153.5t-141 407.5q0 255 141 407.5t373 152.5q101 0 201 -23.5t201 -71.5v-272h-107q-21 140 -91.5 204t-201.5 64q-149 0 -225 -115.5t-76 -345.5t75.5 -346t225.5 -116q119 0 190 62t97 187h148z" />
+ <glyph glyph-name="ellipsis" unicode="&#x2026;" horiz-adv-x="1638" d="M133 0v268h279v-268h-279zM680 0v268h278v-268h-278zM1225 0v268h278v-268h-278z" />
+ </font>
+ </defs>
+</svg>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMresourcesallowinlinescriptjs"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/allow-inline-script.js 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+if (window.testRunner)
+ testRunner.dumpAsText();
+
+window.onload = function ()
+{
+ if (!window.testRunner || !window.internals)
+ return;
+
+ var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host"));
+ var script = document.createElement("script");
+ userAgentShadowRoot.appendChild(script);
+
+ script.textContent = "testPassed()";
+}
+
+function testPassed()
+{
+ document.getElementById("result").textContent = "PASS did execute inline script.";
+}
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMresourcesfloodGreenFiltersvg"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/floodGreenFilter.svg 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+<svg width="0" height="0" xmlns="http://www.w3.org/2000/svg" version="1.1">
+ <defs>
+ <filter id="filter">
+ <feFlood flood-color="green"/>
+ </filter>
+ </defs>
+</svg>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMvideocontrolsallowedexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+This test passed if there are no console error messages.
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecuritycontentSecurityPolicyuserAgentShadowDOMvideocontrolsallowedhtml"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'">
+<script src="../resources/dump-as-text.js"></script>
+</head>
+<body>
+<p>This test passed if there are no console error messages.</p>
+<video controls></video>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldbypassmainworldcspexpectedtxt"></a>
<div class="delfile"><h4>Deleted: branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1,7 +0,0 @@
</span><del>-CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
-
-ALERT: BLOCKED in main world
-ALERT: LOADED in isolated world
-This test ensures that scripts run in isolated worlds aren't affected by the page's content security policy. Extensions, for example, should be able to load any resource they like.
-
-
</del></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldbypassmainworldcsphtml"></a>
<div class="delfile"><h4>Deleted: branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1,53 +0,0 @@
</span><del>-<!DOCTYPE html>
-<html>
-<head>
-<meta http-equiv="Content-Security-Policy" content="img-src 'none'">
-<script>
- if (window.testRunner) {
- testRunner.dumpAsText();
- testRunner.waitUntilDone();
- }
-
- tests = 2;
- window.addEventListener("message", function(message) {
- tests -= 1;
- test();
- }, false);
-
- function test() {
- function setImgSrc(isolated) {
- var img = document.createElement('img');
- document.body.appendChild(img);
- img.onload = function () {
- alert('LOADED in ' + (isolated ? "isolated world" : "main world"));
- window.postMessage("next", "*");
- };
- img.onerror = function () {
- alert('BLOCKED in ' + (isolated ? "isolated world" : "main world"));
- window.postMessage("next", "*");
- };
- img.src = "../resources/abe.png";
- }
-
- switch (tests) {
- case 2:
- setImgSrc(false);
- break;
- case 1:
- testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);");
- break;
- case 0:
- testRunner.notifyDone();
- break;
- }
- }
-</script>
-</head>
-<body onload='test();'>
- <p>
- This test ensures that scripts run in isolated worlds aren't affected
- by the page's content security policy. Extensions, for example, should
- be able to load any resource they like.
- </p>
-</body>
-</html>
</del></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldimageloadshouldnotbypassmainworldcspexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+ALERT: BLOCKED in main world
+<<<<<<< HEAD:LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt
+ALERT: LOADED in isolated world
+This test ensures that scripts run in isolated worlds aren't affected by the page's content security policy. Extensions, for example, should be able to load any resource they like.
+=======
+CONSOLE MESSAGE: Refused to load the image 'http://127.0.0.1:8000/security/resources/abe.png' because it violates the following Content Security Policy directive: "img-src 'none'".
+
+ALERT: BLOCKED in isolated world
+CONSOLE MESSAGE: line 38: EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+ALERT: BLOCKED eval() in main world
+ALERT: Called eval() in isolated world
+This test ensures that scripts run in isolated worlds are affected by the page's content security policy. Extensions, for example, should not be able to load any resource they like.
+>>>>>>> 264add7... Isolated worlds should respect Content Security Policy; User Agent Shadow DOM:LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp-expected.txt
+
+
</ins></span></pre></div>
<a id="branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldimageloadshouldnotbypassmainworldcsphtmlfromrev186616branchessafari6008branchLayoutTestshttptestssecurityisolatedWorldbypassmainworldcsphtml"></a>
<div class="copfile"><h4>Copied: branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html (from rev 186616, branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html) (0 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html (rev 0)
+++ branches/safari-600.8-branch/LayoutTests/http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -0,0 +1,53 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'">
+<script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+
+ tests = 2;
+ window.addEventListener("message", function(message) {
+ tests -= 1;
+ test();
+ }, false);
+
+ function test() {
+ function setImgSrc(isolated) {
+ var img = document.createElement('img');
+ document.body.appendChild(img);
+ img.onload = function () {
+ alert('LOADED in ' + (isolated ? "isolated world" : "main world"));
+ window.postMessage("next", "*");
+ };
+ img.onerror = function () {
+ alert('BLOCKED in ' + (isolated ? "isolated world" : "main world"));
+ window.postMessage("next", "*");
+ };
+ img.src = "../resources/abe.png";
+ }
+
+ switch (tests) {
+ case 2:
+ setImgSrc(false);
+ break;
+ case 1:
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);");
+ break;
+ case 0:
+ testRunner.notifyDone();
+ break;
+ }
+ }
+</script>
+</head>
+<body onload='test();'>
+ <p>
+ This test ensures that scripts run in isolated worlds are affected
+ by the page's content security policy. Extensions, for example, should
+ not be able to load any resource they like.
+ </p>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/ChangeLog (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/ChangeLog 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/ChangeLog 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1,5 +1,216 @@
</span><span class="cx"> 2015-07-09 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><ins>+ Merge r186521. rdar://problem/21707887
+
+ 2015-07-08 Daniel Bates <dabates@apple.com>
+
+ Merge r186388. rdar://problem/21708243
+
+ 2015-07-06 Daniel Bates <dabates@apple.com>
+
+ Isolated worlds should respect Content Security Policy; User Agent Shadow DOM
+ should be exempt from Content Security Policy
+ https://bugs.webkit.org/show_bug.cgi?id=144830
+ <rdar://problem/18860261>
+
+ Reviewed by Geoffrey Garen.
+
+ Make scripts that run in an isolated world be subject to the Content Security Policy (CSP) of the page
+ and exempt features implemented using a user agent shadow DOM. As a side effect of this change,
+ Safari Content Extensions will respect the CSP policy of the page when loading subresources (e.g. an image).
+
+ Tests: http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-background.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-cursor.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-filter-on-image.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-css-webkit-image-set.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-embed-plugin.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-external-script.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-iframe.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image-after-redirect.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-image.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-script.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-style.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-inline-stylesheet.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object-plugin.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-object.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-feimage-element.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-use-element.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-track.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/block-loading-user-agent-image-from-non-user-agent-content.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-allowed.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked2.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/default-src-object-data-url-blocked3.html
+ http/tests/security/contentSecurityPolicy/userAgentShadowDOM/video-controls-allowed.html
+ http/tests/security/isolatedWorld/image-load-should-not-bypass-main-world-csp.html
+
+ * Modules/websockets/WebSocket.cpp:
+ (WebCore::WebSocket::connect): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+ * css/CSSCanvasValue.h:
+ (WebCore::CSSCanvasValue::loadSubimages): Modified to take argument ResourceLoaderOptions (unused).
+ * css/CSSCrossfadeValue.cpp:
+ (WebCore::CSSCrossfadeValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
+ pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+ the cross fade is applied to an element in a user agent shadow tree.
+ (WebCore::CSSCrossfadeValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+ as appropriate.
+ (WebCore::CSSCrossfadeValue::image): Explicitly instantiate default ResourceLoaderOptions and pass it
+ when requesting a cached image. Added FIXME comment to skip Content Security Policy check when the cross
+ fade is applied to an element in a user agent shadow tree.
+ * css/CSSCrossfadeValue.h:
+ * css/CSSCursorImageValue.cpp:
+ (WebCore::CSSCursorImageValue::cachedImage): Take a ResourceLoaderOptions as an argument and passes it
+ as appropriate.
+ * css/CSSCursorImageValue.h:
+ * css/CSSFilterImageValue.cpp:
+ (WebCore::CSSFilterImageValue::fixedSize): Explicitly instantiate default ResourceLoaderOptions and pass
+ pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+ the cross fade is applied to an element in a user agent shadow tree.
+ (WebCore::CSSFilterImageValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+ as appropriate.
+ (WebCore::CSSFilterImageValue::loadSubimages): Explicitly instantiate default ResourceLoaderOptions and pass
+ pass it when requesting a cached image. Added FIXME comment to skip Content Security Policy check when
+ the cross fade is applied to an element in a user agent shadow tree.
+ (WebCore::CSSFilterImageValue::image):
+ * css/CSSFilterImageValue.h:
+ * css/CSSFontFaceSrcValue.cpp:
+ (WebCore::CSSFontFaceSrcValue::cachedFont): Take a boolean, isInitiatingElementInUserAgentShadowTree,
+ so as to determine the appropriate CSP imposition. In particular, we skip the CSP check when the initiating element
+ (e.g. SVG font-face element) is in a user agent shadow tree.
+ * css/CSSFontFaceSrcValue.h:
+ * css/CSSFontSelector.cpp:
+ (WebCore::CSSFontSelector::addFontFaceRule): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
+ it as appropriate.
+ * css/CSSFontSelector.h:
+ * css/CSSGradientValue.h:
+ (WebCore::CSSGradientValue::loadSubimages): Take a ResourceLoaderOptions as an argument and passes it
+ as appropriate.
+ * css/CSSImageGeneratorValue.cpp:
+ (WebCore::CSSImageGeneratorValue::loadSubimages): Ditto.
+ (WebCore::CSSImageGeneratorValue::cachedImageForCSSValue): Ditto.
+ * css/CSSImageGeneratorValue.h:
+ * css/CSSImageSetValue.cpp:
+ (WebCore::CSSImageSetValue::cachedImageSet): Deleted.
+ * css/CSSImageSetValue.h:
+ * css/CSSImageValue.cpp:
+ (WebCore::CSSImageValue::cachedImage): Deleted.
+ * css/CSSImageValue.h:
+ * css/RuleSet.cpp:
+ (WebCore::RuleSet::addChildRules): Take a boolean, isInitiatingElementInUserAgentShadowTree, and passes
+ it as appropriate.
+ (WebCore::RuleSet::addRulesFromSheet): Added FIXME comment to skip Content Security Policy check when
+ when stylesheet is in a user agent shadow tree.
+ * css/RuleSet.h:
+ * css/StyleResolver.cpp:
+ (WebCore::StyleResolver::StyleResolver): Determine whether the SVG font-face element is in a user agent shadow tree
+ and pass the appropriate value when calling CSSFontSelector::addFontFaceRule(). Also, modernized code; used C++11 range
+ -based for-loop instead of const_iterator idiom.
+ (WebCore::StyleResolver::loadPendingSVGDocuments): Skip CSP check when requesting subresources as a byproduct of
+ resolving style for an element in a user agent shadow tree.
+ (WebCore::StyleResolver::loadPendingImage): Ditto.
+ (WebCore::StyleResolver::loadPendingShapeImage): Ditto.
+ * css/StyleRuleImport.cpp:
+ (WebCore::StyleRuleImport::requestStyleSheet): Added FIXME comment to skip Content Security Policy check when
+ when stylesheet is in a user agent shadow tree.
+ * dom/Element.h:
+ * dom/InlineStyleSheetOwner.cpp:
+ (WebCore::InlineStyleSheetOwner::createSheet): Skip CSP check for an inline <style> that is in a user agent shadow tree.
+ * dom/Node.cpp:
+ (WebCore::Node::isInUserAgentShadowTree): Added.
+ * dom/Node.h:
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::requestScript): Skip CSP check for an external JavaScript script in a user agent shadow tree.
+ (WebCore::ScriptElement::executeScript): Skip CSP check for an inline JavaScript script that is in a user agent shadow tree.
+ * dom/StyledElement.cpp:
+ (WebCore::StyledElement::styleAttributeChanged): Skip CSP check when modifying the inline style of an element in a user
+ agent shadow tree.
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::isSafeToLoadURL): Skip CSP check for a <audio>, <video> in a user agent shadow tree.
+ (WebCore::HTMLMediaElement::outOfBandTrackSources): Ditto.
+ * html/HTMLTrackElement.cpp:
+ (WebCore::HTMLTrackElement::canLoadURL): Ditto.
+ * html/track/LoadableTextTrack.cpp:
+ (WebCore::LoadableTextTrack::loadTimerFired): Determine whether the <track> is in a user agent shadow tree
+ and pass the appropriate value when calling TextTrackLoader::load().
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::startLoadingMainResource): Do CSP check when loading a resource by default.
+ * loader/ImageLoader.cpp:
+ (WebCore::ImageLoader::updateFromElement): Skip CSP check for an image that is in a user agent shadow tree.
+ * loader/MediaResourceLoader.cpp:
+ (WebCore::MediaResourceLoader::start): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+ This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+ * loader/NetscapePlugInStreamLoader.cpp:
+ (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Added FIXME comment to skip Content Security Policy check
+ when when associated plugin element is in a user agent shadow tree.
+ * loader/PolicyChecker.cpp:
+ (WebCore::PolicyChecker::checkNavigationPolicy): Skip CSP check for a <iframe> in a user agent shadow tree.
+ * loader/ResourceLoaderOptions.h: Defined enum class ContentSecurityPolicyImposition with explicit type uint8_t so
+ as to provide a hint to the compiler (for better packing) when it computes the memory layout for struct that
+ contains an instance of this class.
+ (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): Added argument contentSecurityPolicyImposition.
+ (WebCore::ResourceLoaderOptions::contentSecurityPolicyImposition): Added.
+ (WebCore::ResourceLoaderOptions::setContentSecurityPolicyImposition): Added.
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::pluginIsLoadable): Skip CSP check for a plugin element that is in a user agent shadow tree.
+ (WebCore::SubframeLoader::createJavaAppletWidget): Skip CSP check for an applet element that is in a user agent shadow tree.
+ * loader/TextTrackLoader.cpp:
+ (WebCore::TextTrackLoader::load): Take a boolean, isInitiatingElementInUserAgentShadowTree, and sets the appropriate
+ Content Security Policy imposition for the text track request.
+ * loader/TextTrackLoader.h:
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Skip CSP check for a user-specified stylesheet.
+ (WebCore::CachedResourceLoader::canRequest): Only check the CSP of the page if specified in the resource loader options for the request.
+ (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Add ContentSecurityPolicyImposition::DoPolicyCheck to the default
+ resource loader options so that do check the CSP policy of the page before performing a resource request by default.
+ * loader/cache/CachedSVGDocumentReference.cpp:
+ (WebCore::CachedSVGDocumentReference::load): Take a ResourceLoaderOptions as an argument and passes it as appropriate.
+ * loader/cache/CachedSVGDocumentReference.h:
+ * loader/icon/IconLoader.cpp:
+ (WebCore::IconLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+ This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+ * page/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Take an argument called overrideContentSecurityPolicy (defaults to false). When
+ overrideContentSecurityPolicy := true, this function unconditionally returns true.
+ (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
+ (WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
+ (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
+ (WebCore::ContentSecurityPolicy::allowEval): Ditto.
+ (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
+ (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
+ (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
+ (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
+ * page/ContentSecurityPolicy.h:
+ * page/DOMSecurityPolicy.cpp:
+ * page/EventSource.cpp:
+ (WebCore::EventSource::create): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+ * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
+ (WebCore::WebCoreAVFResourceLoader::startLoading): Instantiate ResourceLoaderOptions passing placeholder value ContentSecurityPolicyImposition::DoPolicyCheck.
+ This value does not affect the request because we do not check the Content Security Policy for raw resource requests.
+ * svg/SVGFEImageElement.cpp:
+ (WebCore::SVGFEImageElement::requestImageResource): Skip CSP check for a SVG FEImage element in a user agent shadow tree.
+ * svg/SVGFontFaceUriElement.cpp:
+ (WebCore::SVGFontFaceUriElement::loadFont): Skip CSP check for a SVG font-face-uri element in a user agent shadow tree.
+ * svg/SVGUseElement.cpp:
+ (WebCore::SVGUseElement::updateExternalDocument): Skip CSP check for a SVG use element in a user agent shadow tree.
+ * testing/Internals.cpp:
+ (WebCore::Internals::ensureUserAgentShadowRoot): Added.
+ * testing/Internals.h:
+ * testing/Internals.idl: Added declaration for ensureUserAgentShadowRoot().
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::open): Pass shouldBypassMainWorldContentSecurityPolicy to ContentSecurityPolicy::allowConnectToSource().
+
+2015-07-09 Matthew Hanson <matthew_hanson@apple.com>
+
</ins><span class="cx"> Merge r186516. rdar://problem/21707896
</span><span class="cx">
</span><span class="cx"> 2015-06-10 Chris Dumez <cdumez@apple.com>
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreModuleswebsocketsWebSocketcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/Modules/websockets/WebSocket.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/Modules/websockets/WebSocket.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/Modules/websockets/WebSocket.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -244,7 +244,7 @@
</span><span class="cx"> Document* document = toDocument(scriptExecutionContext());
</span><span class="cx"> shouldBypassMainWorldContentSecurityPolicy = document->frame()->script().shouldBypassMainWorldContentSecurityPolicy();
</span><span class="cx"> }
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
</del><ins>+ if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url, shouldBypassMainWorldContentSecurityPolicy)) {
</ins><span class="cx"> m_state = CLOSED;
</span><span class="cx">
</span><span class="cx"> // FIXME: Should this be throwing an exception?
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreWebCoreexpin"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/WebCore.exp.in (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/WebCore.exp.in 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/WebCore.exp.in 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1296,6 +1296,7 @@
</span><span class="cx"> __ZN7WebCore7Element12setAttributeERKNS_13QualifiedNameERKN3WTF12AtomicStringE
</span><span class="cx"> __ZN7WebCore7Element16createShadowRootERi
</span><span class="cx"> __ZN7WebCore7Element21boundsInRootViewSpaceEv
</span><ins>+__ZN7WebCore7Element25ensureUserAgentShadowRootEv
</ins><span class="cx"> __ZN7WebCore7Element9innerTextEv
</span><span class="cx"> __ZN7WebCore7Element9setPseudoERKN3WTF12AtomicStringE
</span><span class="cx"> __ZN7WebCore7IntRect5scaleEf
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSCanvasValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSCanvasValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSCanvasValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSCanvasValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -45,7 +45,7 @@
</span><span class="cx"> FloatSize fixedSize(const RenderElement*);
</span><span class="cx">
</span><span class="cx"> bool isPending() const { return false; }
</span><del>- void loadSubimages(CachedResourceLoader*) { }
</del><ins>+ void loadSubimages(CachedResourceLoader*, const ResourceLoaderOptions&) { }
</ins><span class="cx">
</span><span class="cx"> bool equals(const CSSCanvasValue&) const;
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSCrossfadeValuecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -84,9 +84,13 @@
</span><span class="cx"> float percentage = m_percentageValue->getFloatValue();
</span><span class="cx"> float inversePercentage = 1 - percentage;
</span><span class="cx">
</span><ins>+ // FIXME: Skip Content Security Policy check when cross fade is applied to an element in a user agent shadow tree.
+ // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
</ins><span class="cx"> CachedResourceLoader* cachedResourceLoader = renderer->document().cachedResourceLoader();
</span><del>- CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
- CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
</del><ins>+ CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+ CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
</ins><span class="cx">
</span><span class="cx"> if (!cachedFromImage || !cachedToImage)
</span><span class="cx"> return FloatSize();
</span><span class="lines">@@ -114,13 +118,13 @@
</span><span class="cx"> return subimageKnownToBeOpaque(*m_fromValue, renderer) && subimageKnownToBeOpaque(*m_toValue, renderer);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CSSCrossfadeValue::loadSubimages(CachedResourceLoader* cachedResourceLoader)
</del><ins>+void CSSCrossfadeValue::loadSubimages(CachedResourceLoader* cachedResourceLoader, const ResourceLoaderOptions& options)
</ins><span class="cx"> {
</span><span class="cx"> CachedResourceHandle<CachedImage> oldCachedFromImage = m_cachedFromImage;
</span><span class="cx"> CachedResourceHandle<CachedImage> oldCachedToImage = m_cachedToImage;
</span><span class="cx">
</span><del>- m_cachedFromImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
- m_cachedToImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
</del><ins>+ m_cachedFromImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+ m_cachedToImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
</ins><span class="cx">
</span><span class="cx"> if (m_cachedFromImage != oldCachedFromImage) {
</span><span class="cx"> if (oldCachedFromImage)
</span><span class="lines">@@ -144,9 +148,13 @@
</span><span class="cx"> if (size.isEmpty())
</span><span class="cx"> return 0;
</span><span class="cx">
</span><ins>+ // FIXME: Skip Content Security Policy check when cross fade is applied to an element in a user agent shadow tree.
+ // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
</ins><span class="cx"> CachedResourceLoader* cachedResourceLoader = renderer->document().cachedResourceLoader();
</span><del>- CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader);
- CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader);
</del><ins>+ CachedImage* cachedFromImage = cachedImageForCSSValue(m_fromValue.get(), cachedResourceLoader, options);
+ CachedImage* cachedToImage = cachedImageForCSSValue(m_toValue.get(), cachedResourceLoader, options);
</ins><span class="cx">
</span><span class="cx"> if (!cachedFromImage || !cachedToImage)
</span><span class="cx"> return Image::nullImage();
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSCrossfadeValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSCrossfadeValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx"> bool isPending() const;
</span><span class="cx"> bool knownToBeOpaque(const RenderElement*) const;
</span><span class="cx">
</span><del>- void loadSubimages(CachedResourceLoader*);
</del><ins>+ void loadSubimages(CachedResourceLoader*, const ResourceLoaderOptions&);
</ins><span class="cx">
</span><span class="cx"> void setPercentage(PassRefPtr<CSSPrimitiveValue> percentageValue) { m_percentageValue = percentageValue; }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSCursorImageValuecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -130,11 +130,11 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader* loader)
</del><ins>+StyleImage* CSSCursorImageValue::cachedImage(CachedResourceLoader* loader, const ResourceLoaderOptions& options)
</ins><span class="cx"> {
</span><span class="cx"> #if ENABLE(CSS_IMAGE_SET)
</span><span class="cx"> if (m_imageValue.get().isImageSetValue())
</span><del>- return toCSSImageSetValue(m_imageValue.get()).cachedImageSet(loader);
</del><ins>+ return toCSSImageSetValue(m_imageValue.get()).cachedImageSet(loader, options);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> if (!m_accessedImage) {
</span><span class="lines">@@ -148,7 +148,7 @@
</span><span class="cx"> if (SVGCursorElement* cursorElement = resourceReferencedByCursorElement(toCSSImageValue(m_imageValue.get()).url(), *loader->document())) {
</span><span class="cx"> detachPendingImage();
</span><span class="cx"> Ref<CSSImageValue> svgImageValue(CSSImageValue::create(cursorElement->href()));
</span><del>- StyleCachedImage* cachedImage = svgImageValue->cachedImage(loader);
</del><ins>+ StyleCachedImage* cachedImage = svgImageValue->cachedImage(loader, options);
</ins><span class="cx"> m_image = cachedImage;
</span><span class="cx"> return cachedImage;
</span><span class="cx"> }
</span><span class="lines">@@ -156,7 +156,7 @@
</span><span class="cx">
</span><span class="cx"> if (m_imageValue.get().isImageValue()) {
</span><span class="cx"> detachPendingImage();
</span><del>- m_image = toCSSImageValue(m_imageValue.get()).cachedImage(loader);
</del><ins>+ m_image = toCSSImageValue(m_imageValue.get()).cachedImage(loader, options);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSCursorImageValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSCursorImageValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -52,7 +52,7 @@
</span><span class="cx"> String customCSSText() const;
</span><span class="cx">
</span><span class="cx"> bool updateIfSVGCursorIsUsed(Element*);
</span><del>- StyleImage* cachedImage(CachedResourceLoader*);
</del><ins>+ StyleImage* cachedImage(CachedResourceLoader*, const ResourceLoaderOptions&);
</ins><span class="cx"> StyleImage* cachedOrPendingImage(Document&);
</span><span class="cx">
</span><span class="cx"> void removeReferencedElement(SVGElement*);
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSFilterImageValuecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -62,8 +62,12 @@
</span><span class="cx">
</span><span class="cx"> FloatSize CSSFilterImageValue::fixedSize(const RenderElement* renderer)
</span><span class="cx"> {
</span><ins>+ // FIXME: Skip Content Security Policy check when filter is applied to an element in a user agent shadow tree.
+ // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
</ins><span class="cx"> CachedResourceLoader* cachedResourceLoader = renderer->document().cachedResourceLoader();
</span><del>- CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
</del><ins>+ CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
</ins><span class="cx">
</span><span class="cx"> if (!cachedImage)
</span><span class="cx"> return FloatSize();
</span><span class="lines">@@ -81,11 +85,11 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CSSFilterImageValue::loadSubimages(CachedResourceLoader* cachedResourceLoader)
</del><ins>+void CSSFilterImageValue::loadSubimages(CachedResourceLoader* cachedResourceLoader, const ResourceLoaderOptions& options)
</ins><span class="cx"> {
</span><span class="cx"> CachedResourceHandle<CachedImage> oldCachedImage = m_cachedImage;
</span><span class="cx">
</span><del>- m_cachedImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
</del><ins>+ m_cachedImage = CSSImageGeneratorValue::cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
</ins><span class="cx">
</span><span class="cx"> if (m_cachedImage != oldCachedImage) {
</span><span class="cx"> if (oldCachedImage)
</span><span class="lines">@@ -102,8 +106,12 @@
</span><span class="cx"> if (size.isEmpty())
</span><span class="cx"> return 0;
</span><span class="cx">
</span><ins>+ // FIXME: Skip Content Security Policy check when filter is applied to an element in a user agent shadow tree.
+ // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+
</ins><span class="cx"> CachedResourceLoader* cachedResourceLoader = renderer->document().cachedResourceLoader();
</span><del>- CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader);
</del><ins>+ CachedImage* cachedImage = cachedImageForCSSValue(m_imageValue.get(), cachedResourceLoader, options);
</ins><span class="cx">
</span><span class="cx"> if (!cachedImage)
</span><span class="cx"> return Image::nullImage();
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSFilterImageValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSFilterImageValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -64,7 +64,7 @@
</span><span class="cx"> bool isPending() const;
</span><span class="cx"> bool knownToBeOpaque(const RenderElement*) const;
</span><span class="cx">
</span><del>- void loadSubimages(CachedResourceLoader*);
</del><ins>+ void loadSubimages(CachedResourceLoader*, const ResourceLoaderOptions&);
</ins><span class="cx">
</span><span class="cx"> bool hasFailedOrCanceledSubresources() const;
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSFontFaceSrcValuecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -93,10 +93,13 @@
</span><span class="cx"> return m_cachedFont->loadFailedOrCanceled();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-CachedFont* CSSFontFaceSrcValue::cachedFont(Document* document)
</del><ins>+CachedFont* CSSFontFaceSrcValue::cachedFont(Document* document, bool isInitiatingElementInUserAgentShadowTree)
</ins><span class="cx"> {
</span><span class="cx"> if (!m_cachedFont) {
</span><del>- CachedResourceRequest request(ResourceRequest(document->completeURL(m_resource)));
</del><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+ CachedResourceRequest request(ResourceRequest(document->completeURL(m_resource)), options);
</ins><span class="cx"> request.setInitiator(cachedResourceRequestInitiators().css);
</span><span class="cx"> m_cachedFont = document->cachedResourceLoader()->requestFont(request);
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSFontFaceSrcValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSFontFaceSrcValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -69,7 +69,7 @@
</span><span class="cx">
</span><span class="cx"> bool hasFailedOrCanceledSubresources() const;
</span><span class="cx">
</span><del>- CachedFont* cachedFont(Document*);
</del><ins>+ CachedFont* cachedFont(Document*, bool isInitiatingElementInUserAgentShadowTree);
</ins><span class="cx">
</span><span class="cx"> bool equals(const CSSFontFaceSrcValue&) const;
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSFontSelectorcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -84,7 +84,7 @@
</span><span class="cx"> return m_fonts.isEmpty();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule)
</del><ins>+void CSSFontSelector::addFontFaceRule(const StyleRuleFontFace* fontFaceRule, bool isInitiatingElementInUserAgentShadowTree)
</ins><span class="cx"> {
</span><span class="cx"> // Obtain the font-family property and the src property. Both must be defined.
</span><span class="cx"> const StyleProperties& style = fontFaceRule->properties();
</span><span class="lines">@@ -212,7 +212,7 @@
</span><span class="cx"> Settings* settings = m_document ? m_document->frame() ? &m_document->frame()->settings() : 0 : 0;
</span><span class="cx"> bool allowDownloading = foundSVGFont || (settings && settings->downloadableBinaryFontsEnabled());
</span><span class="cx"> if (allowDownloading && item->isSupportedFormat() && m_document) {
</span><del>- CachedFont* cachedFont = item->cachedFont(m_document);
</del><ins>+ CachedFont* cachedFont = item->cachedFont(m_document, isInitiatingElementInUserAgentShadowTree);
</ins><span class="cx"> if (cachedFont) {
</span><span class="cx"> source = std::make_unique<CSSFontFaceSource>(item->resource(), cachedFont);
</span><span class="cx"> #if ENABLE(SVG_FONTS)
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSFontSelectorh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSFontSelector.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -67,7 +67,7 @@
</span><span class="cx">
</span><span class="cx"> void clearDocument();
</span><span class="cx">
</span><del>- void addFontFaceRule(const StyleRuleFontFace*);
</del><ins>+ void addFontFaceRule(const StyleRuleFontFace*, bool isInitiatingElementInUserAgentShadowTree);
</ins><span class="cx">
</span><span class="cx"> void fontLoaded();
</span><span class="cx"> virtual void fontCacheInvalidated() override;
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSGradientValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSGradientValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSGradientValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSGradientValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -85,7 +85,7 @@
</span><span class="cx"> bool isPending() const { return false; }
</span><span class="cx"> bool knownToBeOpaque(const RenderElement*) const;
</span><span class="cx">
</span><del>- void loadSubimages(CachedResourceLoader*) { }
</del><ins>+ void loadSubimages(CachedResourceLoader*, const ResourceLoaderOptions&) { }
</ins><span class="cx"> PassRefPtr<CSSGradientValue> gradientWithStylesResolved(StyleResolver*);
</span><span class="cx">
</span><span class="cx"> protected:
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSImageGeneratorValuecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -210,25 +210,25 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CSSImageGeneratorValue::loadSubimages(CachedResourceLoader* cachedResourceLoader)
</del><ins>+void CSSImageGeneratorValue::loadSubimages(CachedResourceLoader* cachedResourceLoader, const ResourceLoaderOptions& options)
</ins><span class="cx"> {
</span><span class="cx"> switch (classType()) {
</span><span class="cx"> case CrossfadeClass:
</span><del>- toCSSCrossfadeValue(this)->loadSubimages(cachedResourceLoader);
</del><ins>+ toCSSCrossfadeValue(this)->loadSubimages(cachedResourceLoader, options);
</ins><span class="cx"> break;
</span><span class="cx"> case CanvasClass:
</span><del>- toCSSCanvasValue(this)->loadSubimages(cachedResourceLoader);
</del><ins>+ toCSSCanvasValue(this)->loadSubimages(cachedResourceLoader, options);
</ins><span class="cx"> break;
</span><span class="cx"> #if ENABLE(CSS_FILTERS)
</span><span class="cx"> case FilterImageClass:
</span><del>- toCSSFilterImageValue(this)->loadSubimages(cachedResourceLoader);
</del><ins>+ toCSSFilterImageValue(this)->loadSubimages(cachedResourceLoader, options);
</ins><span class="cx"> break;
</span><span class="cx"> #endif
</span><span class="cx"> case LinearGradientClass:
</span><del>- toCSSLinearGradientValue(this)->loadSubimages(cachedResourceLoader);
</del><ins>+ toCSSLinearGradientValue(this)->loadSubimages(cachedResourceLoader, options);
</ins><span class="cx"> break;
</span><span class="cx"> case RadialGradientClass:
</span><del>- toCSSRadialGradientValue(this)->loadSubimages(cachedResourceLoader);
</del><ins>+ toCSSRadialGradientValue(this)->loadSubimages(cachedResourceLoader, options);
</ins><span class="cx"> break;
</span><span class="cx"> default:
</span><span class="cx"> ASSERT_NOT_REACHED();
</span><span class="lines">@@ -251,13 +251,13 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, CachedResourceLoader* cachedResourceLoader)
</del><ins>+CachedImage* CSSImageGeneratorValue::cachedImageForCSSValue(CSSValue* value, CachedResourceLoader* cachedResourceLoader, const ResourceLoaderOptions& options)
</ins><span class="cx"> {
</span><span class="cx"> if (!value)
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span><span class="cx"> if (value->isImageValue()) {
</span><del>- StyleCachedImage* styleCachedImage = toCSSImageValue(value)->cachedImage(cachedResourceLoader);
</del><ins>+ StyleCachedImage* styleCachedImage = toCSSImageValue(value)->cachedImage(cachedResourceLoader, options);
</ins><span class="cx"> if (!styleCachedImage)
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span><span class="lines">@@ -265,7 +265,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (value->isImageGeneratorValue()) {
</span><del>- toCSSImageGeneratorValue(value)->loadSubimages(cachedResourceLoader);
</del><ins>+ toCSSImageGeneratorValue(value)->loadSubimages(cachedResourceLoader, options);
</ins><span class="cx"> // FIXME: Handle CSSImageGeneratorValue (and thus cross-fades with gradients and canvas).
</span><span class="cx"> return nullptr;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSImageGeneratorValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSImageGeneratorValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -40,6 +40,7 @@
</span><span class="cx"> class Image;
</span><span class="cx"> class RenderElement;
</span><span class="cx"> class StyleResolver;
</span><ins>+struct ResourceLoaderOptions;
</ins><span class="cx">
</span><span class="cx"> class CSSImageGeneratorValue : public CSSValue {
</span><span class="cx"> public:
</span><span class="lines">@@ -56,7 +57,7 @@
</span><span class="cx"> bool isPending() const;
</span><span class="cx"> bool knownToBeOpaque(const RenderElement*) const;
</span><span class="cx">
</span><del>- void loadSubimages(CachedResourceLoader*);
</del><ins>+ void loadSubimages(CachedResourceLoader*, const ResourceLoaderOptions&);
</ins><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> CSSImageGeneratorValue(ClassType);
</span><span class="lines">@@ -66,7 +67,7 @@
</span><span class="cx"> const HashCountedSet<RenderElement*>& clients() const { return m_clients; }
</span><span class="cx">
</span><span class="cx"> // Helper functions for Crossfade and Filter.
</span><del>- static CachedImage* cachedImageForCSSValue(CSSValue*, CachedResourceLoader*);
</del><ins>+ static CachedImage* cachedImageForCSSValue(CSSValue*, CachedResourceLoader*, const ResourceLoaderOptions&);
</ins><span class="cx"> static bool subimageIsPending(CSSValue*);
</span><span class="cx">
</span><span class="cx"> private:
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSImageSetValuecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -133,11 +133,6 @@
</span><span class="cx"> return (m_imageSet && m_imageSet->isCachedImageSet()) ? toStyleCachedImageSet(m_imageSet.get()) : nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-StyleCachedImageSet* CSSImageSetValue::cachedImageSet(CachedResourceLoader* loader)
-{
- return cachedImageSet(loader, CachedResourceLoader::defaultCachedResourceOptions());
-}
-
</del><span class="cx"> StyleImage* CSSImageSetValue::cachedOrPendingImageSet(Document& document)
</span><span class="cx"> {
</span><span class="cx"> if (!m_imageSet)
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSImageSetValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSImageSetValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -48,7 +48,6 @@
</span><span class="cx"> ~CSSImageSetValue();
</span><span class="cx">
</span><span class="cx"> StyleCachedImageSet* cachedImageSet(CachedResourceLoader*, const ResourceLoaderOptions&);
</span><del>- StyleCachedImageSet* cachedImageSet(CachedResourceLoader*);
</del><span class="cx">
</span><span class="cx"> // Returns a StyleCachedImageSet if the best fit image has been cached already, otherwise a StylePendingImage.
</span><span class="cx"> StyleImage* cachedOrPendingImageSet(Document&);
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSImageValuecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -96,10 +96,6 @@
</span><span class="cx"> return (m_image && m_image->isCachedImage()) ? toStyleCachedImage(m_image.get()) : nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-StyleCachedImage* CSSImageValue::cachedImage(CachedResourceLoader* loader)
-{
- return cachedImage(loader, CachedResourceLoader::defaultCachedResourceOptions());
-}
</del><span class="cx">
</span><span class="cx"> bool CSSImageValue::hasFailedOrCanceledSubresources() const
</span><span class="cx"> {
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssCSSImageValueh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/CSSImageValue.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -40,7 +40,6 @@
</span><span class="cx"> ~CSSImageValue();
</span><span class="cx">
</span><span class="cx"> StyleCachedImage* cachedImage(CachedResourceLoader*, const ResourceLoaderOptions&);
</span><del>- StyleCachedImage* cachedImage(CachedResourceLoader*);
</del><span class="cx"> // Returns a StyleCachedImage if the image is cached already, otherwise a StylePendingImage.
</span><span class="cx"> StyleImage* cachedOrPendingImage();
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssRuleSetcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/RuleSet.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/RuleSet.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/RuleSet.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -321,7 +321,7 @@
</span><span class="cx"> m_regionSelectorsAndRuleSets.append(RuleSetSelectorPair(regionRule->selectorList().first(), WTF::move(regionRuleSet)));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool hasDocumentSecurityOrigin, AddRuleFlags addRuleFlags)
</del><ins>+void RuleSet::addChildRules(const Vector<RefPtr<StyleRuleBase>>& rules, const MediaQueryEvaluator& medium, StyleResolver* resolver, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags addRuleFlags)
</ins><span class="cx"> {
</span><span class="cx"> for (unsigned i = 0; i < rules.size(); ++i) {
</span><span class="cx"> StyleRuleBase* rule = rules[i].get();
</span><span class="lines">@@ -334,11 +334,11 @@
</span><span class="cx"> else if (rule->isMediaRule()) {
</span><span class="cx"> StyleRuleMedia* mediaRule = static_cast<StyleRuleMedia*>(rule);
</span><span class="cx"> if ((!mediaRule->mediaQueries() || medium.eval(mediaRule->mediaQueries(), resolver)))
</span><del>- addChildRules(mediaRule->childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
</del><ins>+ addChildRules(mediaRule->childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
</ins><span class="cx"> } else if (rule->isFontFaceRule() && resolver) {
</span><span class="cx"> // Add this font face to our set.
</span><span class="cx"> const StyleRuleFontFace* fontFaceRule = static_cast<StyleRuleFontFace*>(rule);
</span><del>- resolver->fontSelector()->addFontFaceRule(fontFaceRule);
</del><ins>+ resolver->fontSelector()->addFontFaceRule(fontFaceRule, isInitiatingElementInUserAgentShadowTree);
</ins><span class="cx"> resolver->invalidateMatchedPropertiesCache();
</span><span class="cx"> } else if (rule->isKeyframesRule() && resolver) {
</span><span class="cx"> resolver->addKeyframeStyle(static_cast<StyleRuleKeyframes*>(rule));
</span><span class="lines">@@ -374,7 +374,10 @@
</span><span class="cx"> bool hasDocumentSecurityOrigin = resolver && resolver->document().securityOrigin()->canRequest(sheet->baseURL());
</span><span class="cx"> AddRuleFlags addRuleFlags = static_cast<AddRuleFlags>((hasDocumentSecurityOrigin ? RuleHasDocumentSecurityOrigin : 0));
</span><span class="cx">
</span><del>- addChildRules(sheet->childRules(), medium, resolver, hasDocumentSecurityOrigin, addRuleFlags);
</del><ins>+ // FIXME: Skip Content Security Policy check when stylesheet is in a user agent shadow tree.
+ // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
+ bool isInitiatingElementInUserAgentShadowTree = false;
+ addChildRules(sheet->childRules(), medium, resolver, hasDocumentSecurityOrigin, isInitiatingElementInUserAgentShadowTree, addRuleFlags);
</ins><span class="cx">
</span><span class="cx"> if (m_autoShrinkToFitEnabled)
</span><span class="cx"> shrinkToFit();
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssRuleSeth"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/RuleSet.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/RuleSet.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/RuleSet.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -181,7 +181,7 @@
</span><span class="cx"> bool hasShadowPseudoElementRules() const { return !m_shadowPseudoElementRules.isEmpty(); }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool hasDocumentSecurityOrigin, AddRuleFlags);
</del><ins>+ void addChildRules(const Vector<RefPtr<StyleRuleBase>>&, const MediaQueryEvaluator& medium, StyleResolver*, bool hasDocumentSecurityOrigin, bool isInitiatingElementInUserAgentShadowTree, AddRuleFlags);
</ins><span class="cx">
</span><span class="cx"> AtomRuleMap m_idRules;
</span><span class="cx"> AtomRuleMap m_classRules;
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssStyleResolvercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/StyleResolver.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/StyleResolver.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/StyleResolver.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -290,9 +290,8 @@
</span><span class="cx"> #if ENABLE(SVG_FONTS)
</span><span class="cx"> if (m_document.svgExtensions()) {
</span><span class="cx"> const HashSet<SVGFontFaceElement*>& svgFontFaceElements = m_document.svgExtensions()->svgFontFaceElements();
</span><del>- HashSet<SVGFontFaceElement*>::const_iterator end = svgFontFaceElements.end();
- for (HashSet<SVGFontFaceElement*>::const_iterator it = svgFontFaceElements.begin(); it != end; ++it)
- fontSelector()->addFontFaceRule((*it)->fontFaceRule());
</del><ins>+ for (auto* svgFontFaceElement : svgFontFaceElements)
+ fontSelector()->addFontFaceRule(svgFontFaceElement->fontFaceRule(), svgFontFaceElement->isInUserAgentShadowTree());
</ins><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="lines">@@ -3399,9 +3398,12 @@
</span><span class="cx"> if (!state.style() || !state.style()->hasFilter() || state.filtersWithPendingSVGDocuments().isEmpty())
</span><span class="cx"> return;
</span><span class="cx">
</span><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
</ins><span class="cx"> CachedResourceLoader* cachedResourceLoader = state.document().cachedResourceLoader();
</span><span class="cx"> for (auto& filterOperation : state.filtersWithPendingSVGDocuments())
</span><del>- filterOperation->getOrCreateCachedSVGDocumentReference()->load(cachedResourceLoader);
</del><ins>+ filterOperation->getOrCreateCachedSVGDocumentReference()->load(cachedResourceLoader, options);
</ins><span class="cx">
</span><span class="cx"> state.filtersWithPendingSVGDocuments().clear();
</span><span class="cx"> }
</span><span class="lines">@@ -3554,12 +3556,12 @@
</span><span class="cx"> return imageValue->cachedImage(m_state.document().cachedResourceLoader(), options);
</span><span class="cx">
</span><span class="cx"> if (auto imageGeneratorValue = pendingImage.cssImageGeneratorValue()) {
</span><del>- imageGeneratorValue->loadSubimages(m_state.document().cachedResourceLoader());
</del><ins>+ imageGeneratorValue->loadSubimages(m_state.document().cachedResourceLoader(), options);
</ins><span class="cx"> return StyleGeneratedImage::create(*imageGeneratorValue);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (auto cursorImageValue = pendingImage.cssCursorImageValue())
</span><del>- return cursorImageValue->cachedImage(m_state.document().cachedResourceLoader());
</del><ins>+ return cursorImageValue->cachedImage(m_state.document().cachedResourceLoader(), options);
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(CSS_IMAGE_SET)
</span><span class="cx"> if (auto imageSetValue = pendingImage.cssImageSetValue())
</span><span class="lines">@@ -3571,7 +3573,9 @@
</span><span class="cx">
</span><span class="cx"> PassRefPtr<StyleImage> StyleResolver::loadPendingImage(const StylePendingImage& pendingImage)
</span><span class="cx"> {
</span><del>- return loadPendingImage(pendingImage, CachedResourceLoader::defaultCachedResourceOptions());
</del><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+ return loadPendingImage(pendingImage, options);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #if ENABLE(CSS_SHAPES)
</span><span class="lines">@@ -3589,6 +3593,7 @@
</span><span class="cx"> ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
</span><span class="cx"> options.setRequestOriginPolicy(PotentiallyCrossOriginEnabled);
</span><span class="cx"> options.setAllowCredentials(DoNotAllowStoredCredentials);
</span><ins>+ options.setContentSecurityPolicyImposition(m_state.element() && m_state.element()->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
</ins><span class="cx">
</span><span class="cx"> shapeValue->setImage(loadPendingImage(pendingImage, options));
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorecssStyleRuleImportcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/css/StyleRuleImport.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/css/StyleRuleImport.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/css/StyleRuleImport.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -117,6 +117,8 @@
</span><span class="cx"> rootSheet = sheet;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // FIXME: Skip Content Security Policy check when stylesheet is in a user agent shadow tree.
+ // See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
</ins><span class="cx"> CachedResourceRequest request(ResourceRequest(absURL), m_parentStyleSheet->charset());
</span><span class="cx"> request.setInitiator(cachedResourceRequestInitiators().css);
</span><span class="cx"> if (m_cachedSheet)
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoredomInlineStyleSheetOwnercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/dom/InlineStyleSheetOwner.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/dom/InlineStyleSheetOwner.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/dom/InlineStyleSheetOwner.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -123,7 +123,7 @@
</span><span class="cx">
</span><span class="cx"> if (!isValidCSSContentType(element, m_contentType))
</span><span class="cx"> return;
</span><del>- if (!document.contentSecurityPolicy()->allowInlineStyle(document.url(), m_startLineNumber))
</del><ins>+ if (!document.contentSecurityPolicy()->allowInlineStyle(document.url(), m_startLineNumber, element.isInUserAgentShadowTree()))
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> RefPtr<MediaQuerySet> mediaQueries;
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoredomNodecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/dom/Node.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/dom/Node.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/dom/Node.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -952,6 +952,12 @@
</span><span class="cx"> return root.isShadowRoot() ? toShadowRoot(&root) : nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool Node::isInUserAgentShadowTree() const
+{
+ auto* shadowRoot = containingShadowRoot();
+ return shadowRoot && shadowRoot->type() == ShadowRoot::UserAgentShadowRoot;
+}
+
</ins><span class="cx"> Node* Node::nonBoundaryShadowTreeRootNode()
</span><span class="cx"> {
</span><span class="cx"> ASSERT(!isShadowRoot());
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoredomNodeh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/dom/Node.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/dom/Node.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/dom/Node.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -409,6 +409,7 @@
</span><span class="cx"> {
</span><span class="cx"> return getFlag(InDocumentFlag);
</span><span class="cx"> }
</span><ins>+ bool isInUserAgentShadowTree() const;
</ins><span class="cx"> bool isInShadowTree() const { return getFlag(IsInShadowTreeFlag); }
</span><span class="cx"> bool isInTreeScope() const { return getFlag(static_cast<NodeFlags>(InDocumentFlag | IsInShadowTreeFlag)); }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoredomScriptElementcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/dom/ScriptElement.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/dom/ScriptElement.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/dom/ScriptElement.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -250,8 +250,11 @@
</span><span class="cx">
</span><span class="cx"> ASSERT(!m_cachedScript);
</span><span class="cx"> if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
</span><del>- CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)));
</del><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(m_element.isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
</ins><span class="cx">
</span><ins>+ CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)), options);
+
</ins><span class="cx"> String crossOriginMode = m_element.fastGetAttribute(HTMLNames::crossoriginAttr);
</span><span class="cx"> if (!crossOriginMode.isNull()) {
</span><span class="cx"> m_requestUsesAccessControl = true;
</span><span class="lines">@@ -280,7 +283,7 @@
</span><span class="cx"> if (sourceCode.isEmpty())
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- if (!m_isExternalScript && !m_element.document().contentSecurityPolicy()->allowInlineScript(m_element.document().url(), m_startLineNumber))
</del><ins>+ if (!m_isExternalScript && !m_element.document().contentSecurityPolicy()->allowInlineScript(m_element.document().url(), m_startLineNumber, m_element.isInUserAgentShadowTree()))
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> #if ENABLE(NOSNIFF)
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoredomStyledElementcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/dom/StyledElement.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/dom/StyledElement.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/dom/StyledElement.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -202,7 +202,7 @@
</span><span class="cx"> if (PropertySetCSSStyleDeclaration* cssomWrapper = inlineStyleCSSOMWrapper())
</span><span class="cx"> cssomWrapper->clearParentElement();
</span><span class="cx"> ensureUniqueElementData().m_inlineStyle.clear();
</span><del>- } else if (reason == ModifiedByCloning || document().contentSecurityPolicy()->allowInlineStyle(document().url(), startLineNumber))
</del><ins>+ } else if (reason == ModifiedByCloning || document().contentSecurityPolicy()->allowInlineStyle(document().url(), startLineNumber, isInUserAgentShadowTree()))
</ins><span class="cx"> setInlineStyleFromString(newStyleString);
</span><span class="cx">
</span><span class="cx"> elementData()->setStyleAttributeIsDirty(false);
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorehtmlHTMLMediaElementcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/html/HTMLMediaElement.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/html/HTMLMediaElement.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/html/HTMLMediaElement.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1721,7 +1721,7 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) {
</del><ins>+ if (!document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) {
</ins><span class="cx"> LOG(Media, "HTMLMediaElement::isSafeToLoadURL(%s) -> rejected by Content Security Policy", urlForLoggingMedia(url).utf8().data());
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="lines">@@ -5608,7 +5608,7 @@
</span><span class="cx"> if (url.isEmpty())
</span><span class="cx"> continue;
</span><span class="cx">
</span><del>- if (!document().contentSecurityPolicy()->allowMediaFromSource(url))
</del><ins>+ if (!document().contentSecurityPolicy()->allowMediaFromSource(url, trackElement.isInUserAgentShadowTree()))
</ins><span class="cx"> continue;
</span><span class="cx">
</span><span class="cx"> PlatformTextTrack::TrackKind platformKind = PlatformTextTrack::Caption;
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorehtmlHTMLTrackElementcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/html/HTMLTrackElement.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/html/HTMLTrackElement.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/html/HTMLTrackElement.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -238,7 +238,7 @@
</span><span class="cx"> if (url.isEmpty())
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) {
</del><ins>+ if (!document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) {
</ins><span class="cx"> LOG(Media, "HTMLTrackElement::canLoadURL(%s) -> rejected by Content Security Policy", urlForLoggingTrack(url).utf8().data());
</span><span class="cx"> return false;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorehtmltrackLoadableTextTrackcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/html/track/LoadableTextTrack.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/html/track/LoadableTextTrack.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/html/track/LoadableTextTrack.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -99,7 +99,7 @@
</span><span class="cx"> // mode being the state of the media element's crossorigin content attribute, the origin being the
</span><span class="cx"> // origin of the media element's Document, and the default origin behaviour set to fail.
</span><span class="cx"> m_loader = std::make_unique<TextTrackLoader>(static_cast<TextTrackLoaderClient&>(*this), static_cast<ScriptExecutionContext*>(&m_trackElement->document()));
</span><del>- if (!m_loader->load(m_url, m_trackElement->mediaElementCrossOriginAttribute()))
</del><ins>+ if (!m_loader->load(m_url, m_trackElement->mediaElementCrossOriginAttribute(), m_trackElement->isInUserAgentShadowTree()))
</ins><span class="cx"> m_trackElement->didCompleteLoad(HTMLTrackElement::Failure);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderDocumentLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/DocumentLoader.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/DocumentLoader.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/DocumentLoader.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1439,7 +1439,7 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> ResourceRequest request(m_request);
</span><del>- static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType);
</del><ins>+ static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, ContentSecurityPolicyImposition::DoPolicyCheck);
</ins><span class="cx"> CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions);
</span><span class="cx"> m_mainResource = m_cachedResourceLoader->requestMainResource(cachedResourceRequest);
</span><span class="cx"> if (!m_mainResource) {
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderImageLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/ImageLoader.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/ImageLoader.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/ImageLoader.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -178,7 +178,10 @@
</span><span class="cx"> // an empty string.
</span><span class="cx"> CachedResourceHandle<CachedImage> newImage = 0;
</span><span class="cx"> if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) {
</span><del>- CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))));
</del><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(element().isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+ CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options);
</ins><span class="cx"> request.setInitiator(&element());
</span><span class="cx">
</span><span class="cx"> String crossOriginMode = element().fastGetAttribute(HTMLNames::crossoriginAttr);
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderNetscapePlugInStreamLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -36,8 +36,10 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><ins>+// FIXME: Skip Content Security Policy check when associated plugin element is in a user agent shadow tree.
+// See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
</ins><span class="cx"> NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame* frame, NetscapePlugInStreamLoaderClient* client)
</span><del>- : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType))
</del><ins>+ : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, ContentSecurityPolicyImposition::DoPolicyCheck))
</ins><span class="cx"> , m_client(client)
</span><span class="cx"> {
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderPolicyCheckercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/PolicyChecker.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/PolicyChecker.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/PolicyChecker.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -86,9 +86,7 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // If we're loading content into a subframe, check against the parent's Content Security Policy
- // and kill the load if that check fails.
- if (m_frame.ownerElement() && !m_frame.ownerElement()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url())) {
</del><ins>+ if (m_frame.ownerElement() && !m_frame.ownerElement()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), m_frame.ownerElement()->isInUserAgentShadowTree())) {
</ins><span class="cx"> function(request, 0, false);
</span><span class="cx"> return;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderResourceLoaderOptionsh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/ResourceLoaderOptions.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/ResourceLoaderOptions.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/ResourceLoaderOptions.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -61,6 +61,11 @@
</span><span class="cx"> PotentiallyCrossOriginEnabled // Indicates "potentially CORS-enabled fetch" in HTML standard.
</span><span class="cx"> };
</span><span class="cx">
</span><ins>+enum class ContentSecurityPolicyImposition : uint8_t {
+ SkipPolicyCheck,
+ DoPolicyCheck
+};
+
</ins><span class="cx"> struct ResourceLoaderOptions {
</span><span class="cx"> ResourceLoaderOptions()
</span><span class="cx"> : m_sendLoadCallbacks(DoNotSendCallbacks)
</span><span class="lines">@@ -73,7 +78,7 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, SecurityCheckPolicy securityCheck, RequestOriginPolicy requestOriginPolicy)
</del><ins>+ ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, SecurityCheckPolicy securityCheck, RequestOriginPolicy requestOriginPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition)
</ins><span class="cx"> : m_sendLoadCallbacks(sendLoadCallbacks)
</span><span class="cx"> , m_sniffContent(sniffContent)
</span><span class="cx"> , m_dataBufferingPolicy(dataBufferingPolicy)
</span><span class="lines">@@ -81,6 +86,7 @@
</span><span class="cx"> , m_clientCredentialPolicy(credentialPolicy)
</span><span class="cx"> , m_securityCheck(securityCheck)
</span><span class="cx"> , m_requestOriginPolicy(requestOriginPolicy)
</span><ins>+ , m_contentSecurityPolicyImposition(contentSecurityPolicyImposition)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -98,6 +104,8 @@
</span><span class="cx"> void setSecurityCheck(SecurityCheckPolicy check) { m_securityCheck = check; }
</span><span class="cx"> RequestOriginPolicy requestOriginPolicy() const { return static_cast<RequestOriginPolicy>(m_requestOriginPolicy); }
</span><span class="cx"> void setRequestOriginPolicy(RequestOriginPolicy policy) { m_requestOriginPolicy = policy; }
</span><ins>+ ContentSecurityPolicyImposition contentSecurityPolicyImposition() const { return m_contentSecurityPolicyImposition; }
+ void setContentSecurityPolicyImposition(ContentSecurityPolicyImposition imposition) { m_contentSecurityPolicyImposition = imposition; }
</ins><span class="cx">
</span><span class="cx"> unsigned m_sendLoadCallbacks : 1;
</span><span class="cx"> unsigned m_sniffContent : 1;
</span><span class="lines">@@ -106,6 +114,7 @@
</span><span class="cx"> unsigned m_clientCredentialPolicy : 2; // When we should ask the client for credentials (if we allow credentials at all).
</span><span class="cx"> unsigned m_securityCheck : 1;
</span><span class="cx"> unsigned m_requestOriginPolicy : 2;
</span><ins>+ ContentSecurityPolicyImposition m_contentSecurityPolicyImposition { ContentSecurityPolicyImposition::DoPolicyCheck };
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderSubframeLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/SubframeLoader.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/SubframeLoader.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/SubframeLoader.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -125,8 +125,9 @@
</span><span class="cx"> String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ?
</span><span class="cx"> document()->ownerElement()->fastGetAttribute(HTMLNames::typeAttr) :
</span><span class="cx"> pluginElement.fastGetAttribute(HTMLNames::typeAttr);
</span><del>- if (!document()->contentSecurityPolicy()->allowObjectFromSource(url)
- || !document()->contentSecurityPolicy()->allowPluginType(mimeType, declaredMimeType, url)) {
</del><ins>+ bool isInUserAgentShadowTree = pluginElement.isInUserAgentShadowTree();
+ if (!document()->contentSecurityPolicy()->allowObjectFromSource(url, isInUserAgentShadowTree)
+ || !document()->contentSecurityPolicy()->allowPluginType(mimeType, declaredMimeType, url, isInUserAgentShadowTree)) {
</ins><span class="cx"> RenderEmbeddedObject* renderer = pluginElement.renderEmbeddedObject();
</span><span class="cx"> renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginBlockedByContentSecurityPolicy);
</span><span class="cx"> return false;
</span><span class="lines">@@ -253,8 +254,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> const char javaAppletMimeType[] = "application/x-java-applet";
</span><del>- if (!element.document().contentSecurityPolicy()->allowObjectFromSource(codeBaseURL)
- || !element.document().contentSecurityPolicy()->allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL))
</del><ins>+ bool isInUserAgentShadowTree = element.isInUserAgentShadowTree();
+ if (!element.document().contentSecurityPolicy()->allowObjectFromSource(codeBaseURL, isInUserAgentShadowTree)
+ || !element.document().contentSecurityPolicy()->allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL, isInUserAgentShadowTree))
</ins><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderTextTrackLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -151,14 +151,18 @@
</span><span class="cx"> cancelLoad();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool TextTrackLoader::load(const URL& url, const String& crossOriginMode)
</del><ins>+bool TextTrackLoader::load(const URL& url, const String& crossOriginMode, bool isInitiatingElementInUserAgentShadowTree)
</ins><span class="cx"> {
</span><span class="cx"> cancelLoad();
</span><span class="cx">
</span><span class="cx"> ASSERT(m_scriptExecutionContext->isDocument());
</span><span class="cx"> Document* document = toDocument(m_scriptExecutionContext);
</span><del>- CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)));
</del><span class="cx">
</span><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+ CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)), options);
+
</ins><span class="cx"> if (!crossOriginMode.isNull()) {
</span><span class="cx"> m_crossOriginMode = crossOriginMode;
</span><span class="cx"> StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloaderTextTrackLoaderh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/TextTrackLoader.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -60,7 +60,7 @@
</span><span class="cx"> TextTrackLoader(TextTrackLoaderClient&, ScriptExecutionContext*);
</span><span class="cx"> virtual ~TextTrackLoader();
</span><span class="cx">
</span><del>- bool load(const URL&, const String& crossOriginMode);
</del><ins>+ bool load(const URL&, const String& crossOriginMode, bool isInitiatingElementInUserAgentShadowTree);
</ins><span class="cx"> void cancelLoad();
</span><span class="cx"> void getNewCues(Vector<RefPtr<TextTrackCue>>& outputCues);
</span><span class="cx"> #if ENABLE(WEBVTT_REGIONS)
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloadercacheCachedResourceLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -213,7 +213,7 @@
</span><span class="cx"> memoryCache()->add(userSheet.get());
</span><span class="cx"> // FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too?
</span><span class="cx">
</span><del>- userSheet->load(this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType));
</del><ins>+ userSheet->load(this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, ContentSecurityPolicyImposition::SkipPolicyCheck));
</ins><span class="cx">
</span><span class="cx"> return userSheet;
</span><span class="cx"> }
</span><span class="lines">@@ -303,8 +303,7 @@
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
- bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script().shouldBypassMainWorldContentSecurityPolicy());
</del><ins>+ bool skipContentSecurityPolicyCheck = options.contentSecurityPolicyImposition() == ContentSecurityPolicyImposition::SkipPolicyCheck;
</ins><span class="cx">
</span><span class="cx"> // Some types of resources can be loaded only from the same origin. Other
</span><span class="cx"> // types of resources, like Images, Scripts, and CSS, can be loaded from
</span><span class="lines">@@ -342,27 +341,27 @@
</span><span class="cx"> switch (type) {
</span><span class="cx"> #if ENABLE(XSLT)
</span><span class="cx"> case CachedResource::XSLStyleSheet:
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
</del><ins>+ if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck))
</ins><span class="cx"> return false;
</span><span class="cx"> break;
</span><span class="cx"> #endif
</span><span class="cx"> case CachedResource::Script:
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
</del><ins>+ if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck))
</ins><span class="cx"> return false;
</span><span class="cx"> if (frame() && !frame()->settings().isScriptEnabled())
</span><span class="cx"> return false;
</span><span class="cx"> break;
</span><span class="cx"> case CachedResource::CSSStyleSheet:
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowStyleFromSource(url))
</del><ins>+ if (!m_document->contentSecurityPolicy()->allowStyleFromSource(url, skipContentSecurityPolicyCheck))
</ins><span class="cx"> return false;
</span><span class="cx"> break;
</span><span class="cx"> case CachedResource::SVGDocumentResource:
</span><span class="cx"> case CachedResource::ImageResource:
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowImageFromSource(url))
</del><ins>+ if (!m_document->contentSecurityPolicy()->allowImageFromSource(url, skipContentSecurityPolicyCheck))
</ins><span class="cx"> return false;
</span><span class="cx"> break;
</span><span class="cx"> case CachedResource::FontResource: {
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowFontFromSource(url))
</del><ins>+ if (!m_document->contentSecurityPolicy()->allowFontFromSource(url, skipContentSecurityPolicyCheck))
</ins><span class="cx"> return false;
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -375,7 +374,7 @@
</span><span class="cx"> break;
</span><span class="cx"> #if ENABLE(VIDEO_TRACK)
</span><span class="cx"> case CachedResource::TextTrackResource:
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowMediaFromSource(url))
</del><ins>+ if (!m_document->contentSecurityPolicy()->allowMediaFromSource(url, skipContentSecurityPolicyCheck))
</ins><span class="cx"> return false;
</span><span class="cx"> break;
</span><span class="cx"> #endif
</span><span class="lines">@@ -976,7 +975,7 @@
</span><span class="cx">
</span><span class="cx"> const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions()
</span><span class="cx"> {
</span><del>- static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType);
</del><ins>+ static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, ContentSecurityPolicyImposition::SkipPolicyCheck);
</ins><span class="cx"> return options;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloadercacheCachedSVGDocumentReferencecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -48,13 +48,13 @@
</span><span class="cx"> m_document->removeClient(this);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CachedSVGDocumentReference::load(CachedResourceLoader* loader)
</del><ins>+void CachedSVGDocumentReference::load(CachedResourceLoader* loader, const ResourceLoaderOptions& options)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(loader);
</span><span class="cx"> if (m_loadRequested)
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- CachedResourceRequest request(ResourceRequest(loader->document()->completeURL(m_url)));
</del><ins>+ CachedResourceRequest request(ResourceRequest(loader->document()->completeURL(m_url)), options);
</ins><span class="cx"> request.setInitiator(cachedResourceRequestInitiators().css);
</span><span class="cx"> m_document = loader->requestSVGDocument(request);
</span><span class="cx"> if (m_document)
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloadercacheCachedSVGDocumentReferenceh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/cache/CachedSVGDocumentReference.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx">
</span><span class="cx"> class CachedSVGDocument;
</span><span class="cx"> class CachedResourceLoader;
</span><ins>+struct ResourceLoaderOptions;
</ins><span class="cx">
</span><span class="cx"> class CachedSVGDocumentReference : public CachedSVGDocumentClient {
</span><span class="cx"> public:
</span><span class="lines">@@ -42,7 +43,7 @@
</span><span class="cx">
</span><span class="cx"> virtual ~CachedSVGDocumentReference();
</span><span class="cx">
</span><del>- void load(CachedResourceLoader*);
</del><ins>+ void load(CachedResourceLoader*, const ResourceLoaderOptions&);
</ins><span class="cx"> bool loadRequested() const { return m_loadRequested; }
</span><span class="cx">
</span><span class="cx"> CachedSVGDocument* document() { return m_document.get(); }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreloadericonIconLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/loader/icon/IconLoader.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/loader/icon/IconLoader.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/loader/icon/IconLoader.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -58,7 +58,8 @@
</span><span class="cx"> if (m_resource || !m_frame.document())
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType));
</del><ins>+ // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+ CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, ContentSecurityPolicyImposition::DoPolicyCheck));
</ins><span class="cx">
</span><span class="cx"> request.mutableResourceRequest().setPriority(ResourceLoadPriorityLow);
</span><span class="cx"> request.setInitiator(cachedResourceRequestInitiators().icon);
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorepageContentSecurityPolicycpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -1441,31 +1441,29 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_policies, contextURL, contextLine, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_policies, contextURL, contextLine, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineEventHandlers>(m_policies, contextURL, contextLine, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineEventHandlers>(m_policies, contextURL, contextLine, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineScript>(m_policies, contextURL, contextLine, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineScript>(m_policies, contextURL, contextLine, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- if (m_overrideInlineStyleAllowed)
- return true;
- return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || m_overrideInlineStyleAllowed || isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowEval(JSC::ExecState* state, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowEval(JSC::ExecState* state, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, state, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, state, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> String ContentSecurityPolicy::evalDisabledErrorMessage() const
</span><span class="lines">@@ -1477,8 +1475,10 @@
</span><span class="cx"> return String();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><ins>+ if (overrideContentSecurityPolicy)
+ return true;
</ins><span class="cx"> for (size_t i = 0; i < m_policies.size(); ++i) {
</span><span class="cx"> if (!m_policies[i]->allowPluginType(type, typeAttribute, url, reportingStatus))
</span><span class="cx"> return false;
</span><span class="lines">@@ -1486,54 +1486,54 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowImageFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowImageFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowFontFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowFontFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowMediaFromSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowMediaFromSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowConnectToSource(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowConnectToSource(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowConnectToSource>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowConnectToSource>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowFormAction(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowFormAction(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowFormAction>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowFormAction>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-bool ContentSecurityPolicy::allowBaseURI(const URL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</del><ins>+bool ContentSecurityPolicy::allowBaseURI(const URL& url, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus reportingStatus) const
</ins><span class="cx"> {
</span><del>- return isAllowedByAllWithURL<&CSPDirectiveList::allowBaseURI>(m_policies, url, reportingStatus);
</del><ins>+ return overrideContentSecurityPolicy || isAllowedByAllWithURL<&CSPDirectiveList::allowBaseURI>(m_policies, url, reportingStatus);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool ContentSecurityPolicy::isActive() const
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorepageContentSecurityPolicyh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/page/ContentSecurityPolicy.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -84,23 +84,23 @@
</span><span class="cx"> const String& deprecatedHeader() const;
</span><span class="cx"> HeaderType deprecatedHeaderType() const;
</span><span class="cx">
</span><del>- bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
- bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
- bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
- bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
- bool allowEval(JSC::ExecState* = 0, ReportingStatus = SendReport) const;
- bool allowPluginType(const String& type, const String& typeAttribute, const URL&, ReportingStatus = SendReport) const;
</del><ins>+ bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowEval(JSC::ExecState* = 0, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowPluginType(const String& type, const String& typeAttribute, const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
</ins><span class="cx">
</span><del>- bool allowScriptFromSource(const URL&, ReportingStatus = SendReport) const;
- bool allowObjectFromSource(const URL&, ReportingStatus = SendReport) const;
- bool allowChildFrameFromSource(const URL&, ReportingStatus = SendReport) const;
- bool allowImageFromSource(const URL&, ReportingStatus = SendReport) const;
- bool allowStyleFromSource(const URL&, ReportingStatus = SendReport) const;
- bool allowFontFromSource(const URL&, ReportingStatus = SendReport) const;
- bool allowMediaFromSource(const URL&, ReportingStatus = SendReport) const;
- bool allowConnectToSource(const URL&, ReportingStatus = SendReport) const;
- bool allowFormAction(const URL&, ReportingStatus = SendReport) const;
- bool allowBaseURI(const URL&, ReportingStatus = SendReport) const;
</del><ins>+ bool allowScriptFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowObjectFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowChildFrameFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowImageFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowStyleFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowFontFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowMediaFromSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowConnectToSource(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowFormAction(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
+ bool allowBaseURI(const URL&, bool overrideContentSecurityPolicy = false, ReportingStatus = SendReport) const;
</ins><span class="cx">
</span><span class="cx"> ReflectedXSSDisposition reflectedXSSDisposition() const;
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorepageDOMSecurityPolicycpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/page/DOMSecurityPolicy.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/page/DOMSecurityPolicy.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/page/DOMSecurityPolicy.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -47,16 +47,17 @@
</span><span class="cx"> return context->contentSecurityPolicy()->isActive();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const URL&, ContentSecurityPolicy::ReportingStatus) const>
</del><ins>+template<bool (ContentSecurityPolicy::*allowWithType)(const String&, const String&, const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
</ins><span class="cx"> bool isAllowedWithType(ScriptExecutionContext* context, const String& type)
</span><span class="cx"> {
</span><span class="cx"> if (!isPolicyActiveInContext(context))
</span><span class="cx"> return true;
</span><span class="cx">
</span><del>- return (context->contentSecurityPolicy()->*allowWithType)(type, type, URL(), ContentSecurityPolicy::SuppressReport);
</del><ins>+ bool overrideContentSecurityPolicy = false;
+ return (context->contentSecurityPolicy()->*allowWithType)(type, type, URL(), overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-template<bool (ContentSecurityPolicy::*allowWithURL)(const URL&, ContentSecurityPolicy::ReportingStatus) const>
</del><ins>+template<bool (ContentSecurityPolicy::*allowWithURL)(const URL&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
</ins><span class="cx"> bool isAllowedWithURL(ScriptExecutionContext* context, const String& url)
</span><span class="cx"> {
</span><span class="cx"> if (!isPolicyActiveInContext(context))
</span><span class="lines">@@ -66,16 +67,18 @@
</span><span class="cx"> if (!parsedURL.isValid())
</span><span class="cx"> return false; // FIXME: Figure out how to throw a JavaScript error.
</span><span class="cx">
</span><del>- return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, ContentSecurityPolicy::SuppressReport);
</del><ins>+ bool overrideContentSecurityPolicy = false;
+ return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const>
</del><ins>+template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, bool overrideContentSecurityPolicy, ContentSecurityPolicy::ReportingStatus) const>
</ins><span class="cx"> bool isAllowed(ScriptExecutionContext* context)
</span><span class="cx"> {
</span><span class="cx"> if (!isPolicyActiveInContext(context))
</span><span class="cx"> return true;
</span><span class="cx">
</span><del>- return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport);
</del><ins>+ bool overrideContentSecurityPolicy = false;
+ return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), overrideContentSecurityPolicy, ContentSecurityPolicy::SuppressReport);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorepageEventSourcecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/page/EventSource.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/page/EventSource.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/page/EventSource.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -92,7 +92,7 @@
</span><span class="cx"> Document& document = toDocument(context);
</span><span class="cx"> shouldBypassMainWorldContentSecurityPolicy = document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
</span><span class="cx"> }
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) {
</del><ins>+ if (!context.contentSecurityPolicy()->allowConnectToSource(fullURL, shouldBypassMainWorldContentSecurityPolicy)) {
</ins><span class="cx"> // FIXME: Should this be throwing an exception?
</span><span class="cx"> ec = SECURITY_ERR;
</span><span class="cx"> return 0;
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreplatformgraphicsavfoundationobjcWebCoreAVFResourceLoadermm"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -68,7 +68,8 @@
</span><span class="cx">
</span><span class="cx"> URL requestURL = [[m_avRequest.get() request] URL];
</span><span class="cx">
</span><del>- CachedResourceRequest request(ResourceRequest(requestURL), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType));
</del><ins>+ // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+ CachedResourceRequest request(ResourceRequest(requestURL), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, ContentSecurityPolicyImposition::DoPolicyCheck));
</ins><span class="cx">
</span><span class="cx"> request.mutableResourceRequest().setPriority(ResourceLoadPriorityLow);
</span><span class="cx"> CachedResourceLoader* loader = m_parent->player()->cachedResourceLoader();
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoreplatformgraphicsgstreamerWebKitWebSourceGStreamercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -999,8 +999,10 @@
</span><span class="cx"> DataBufferingPolicy bufferingPolicy = request.url().protocolIs("blob") ? BufferData : DoNotBufferData;
</span><span class="cx"> RequestOriginPolicy corsPolicy = corsMode != MediaPlayerClient::Unspecified ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType;
</span><span class="cx"> StoredCredentials allowCredentials = corsMode == MediaPlayerClient::UseCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials;
</span><del>- ResourceLoaderOptions options(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy);
</del><span class="cx">
</span><ins>+ // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
+ ResourceLoaderOptions options(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, DoNotAskClientForCrossOriginCredentials, DoSecurityCheck, corsPolicy, ContentSecurityPolicyImposition::DoPolicyCheck);
+
</ins><span class="cx"> CachedResourceRequest cacheRequest(request, options);
</span><span class="cx">
</span><span class="cx"> if (corsMode != MediaPlayerClient::Unspecified) {
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoresvgSVGFEImageElementcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/svg/SVGFEImageElement.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/svg/SVGFEImageElement.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/svg/SVGFEImageElement.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -82,7 +82,10 @@
</span><span class="cx">
</span><span class="cx"> void SVGFEImageElement::requestImageResource()
</span><span class="cx"> {
</span><del>- CachedResourceRequest request(ResourceRequest(document().completeURL(href())));
</del><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+ CachedResourceRequest request(ResourceRequest(document().completeURL(href())), options);
</ins><span class="cx"> request.setInitiator(this);
</span><span class="cx"> m_cachedImage = document().cachedResourceLoader()->requestImage(request);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoresvgSVGFontFaceUriElementcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/svg/SVGFontFaceUriElement.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/svg/SVGFontFaceUriElement.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/svg/SVGFontFaceUriElement.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -95,8 +95,11 @@
</span><span class="cx">
</span><span class="cx"> const AtomicString& href = getAttribute(XLinkNames::hrefAttr);
</span><span class="cx"> if (!href.isNull()) {
</span><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
</ins><span class="cx"> CachedResourceLoader* cachedResourceLoader = document().cachedResourceLoader();
</span><del>- CachedResourceRequest request(ResourceRequest(document().completeURL(href)));
</del><ins>+ CachedResourceRequest request(ResourceRequest(document().completeURL(href)), options);
</ins><span class="cx"> request.setInitiator(this);
</span><span class="cx"> m_cachedFont = cachedResourceLoader->requestFont(request);
</span><span class="cx"> if (m_cachedFont) {
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoresvgSVGUseElementcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/svg/SVGUseElement.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/svg/SVGUseElement.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/svg/SVGUseElement.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -248,7 +248,10 @@
</span><span class="cx"> if (isExternalReference) {
</span><span class="cx"> URL url = document().completeURL(href());
</span><span class="cx"> if (url.hasFragmentIdentifier()) {
</span><del>- CachedResourceRequest request(ResourceRequest(url.string()));
</del><ins>+ ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+ options.setContentSecurityPolicyImposition(isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
+
+ CachedResourceRequest request(ResourceRequest(url.string()), options);
</ins><span class="cx"> request.setInitiator(this);
</span><span class="cx"> setCachedDocument(document().cachedResourceLoader()->requestSVGDocument(request));
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoretestingInternalscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/testing/Internals.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/testing/Internals.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/testing/Internals.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -559,6 +559,15 @@
</span><span class="cx"> return host->createShadowRoot(ec).get();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+Node* Internals::ensureUserAgentShadowRoot(Element* host, ExceptionCode& ec)
+{
+ if (!host) {
+ ec = INVALID_ACCESS_ERR;
+ return nullptr;
+ }
+ return &host->ensureUserAgentShadowRoot();
+}
+
</ins><span class="cx"> Node* Internals::createShadowRoot(Element* host, ExceptionCode& ec)
</span><span class="cx"> {
</span><span class="cx"> if (!host) {
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoretestingInternalsh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/testing/Internals.h (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/testing/Internals.h 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/testing/Internals.h 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -83,6 +83,7 @@
</span><span class="cx"> PassRefPtr<CSSComputedStyleDeclaration> computedStyleIncludingVisitedInfo(Node*, ExceptionCode&) const;
</span><span class="cx">
</span><span class="cx"> Node* ensureShadowRoot(Element* host, ExceptionCode&);
</span><ins>+ Node* ensureUserAgentShadowRoot(Element* host, ExceptionCode&);
</ins><span class="cx"> Node* createShadowRoot(Element* host, ExceptionCode&);
</span><span class="cx"> Node* shadowRoot(Element* host, ExceptionCode&);
</span><span class="cx"> String shadowRootType(const Node*, ExceptionCode&) const;
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCoretestingInternalsidl"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/testing/Internals.idl (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/testing/Internals.idl 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/testing/Internals.idl 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -44,6 +44,7 @@
</span><span class="cx"> [RaisesException] CSSStyleDeclaration computedStyleIncludingVisitedInfo(Node node);
</span><span class="cx">
</span><span class="cx"> [RaisesException] Node ensureShadowRoot(Element host);
</span><ins>+ [RaisesException] Node ensureUserAgentShadowRoot(Element host);
</ins><span class="cx"> [RaisesException] Node createShadowRoot(Element host);
</span><span class="cx"> [RaisesException] Node shadowRoot(Element host);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6008branchSourceWebCorexmlXMLHttpRequestcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.8-branch/Source/WebCore/xml/XMLHttpRequest.cpp (186616 => 186617)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.8-branch/Source/WebCore/xml/XMLHttpRequest.cpp 2015-07-09 21:02:10 UTC (rev 186616)
+++ branches/safari-600.8-branch/Source/WebCore/xml/XMLHttpRequest.cpp 2015-07-09 21:02:37 UTC (rev 186617)
</span><span class="lines">@@ -492,7 +492,7 @@
</span><span class="cx"> if (document->frame())
</span><span class="cx"> shouldBypassMainWorldContentSecurityPolicy = document->frame()->script().shouldBypassMainWorldContentSecurityPolicy();
</span><span class="cx"> }
</span><del>- if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
</del><ins>+ if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url, shouldBypassMainWorldContentSecurityPolicy)) {
</ins><span class="cx"> // FIXME: Should this be throwing an exception?
</span><span class="cx"> ec = SECURITY_ERR;
</span><span class="cx"> return;
</span></span></pre>
</div>
</div>
</body>
</html>