[Webkit-unassigned] [Bug 69433] New: cloneNode and CSP don't like each other
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 5 09:17:30 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=69433
Summary: cloneNode and CSP don't like each other
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ulfar.erlingsson at gmail.com
CC: sam at webkit.org, abarth at webkit.org
My Chrome extension runs with CSP, and I'm getting "Refused to apply inline style because of Content-Security-Policy." This is Chrome 14.0.835.186, webkit 535.1.
Everything is safe, so no errors should be being generated.
The culprit is the compound padding initializer I'm using (see below). What is strange is that the error doesn't get generated unless I do a cloneNode, by uncommenting the last two lines in the snippet below. Doing the initial initialization works just fine, without generating any error.
Probably the cloneNode goes through the same code path that the parser goes though when making new style objects. But there should be a flag or something to indicate that the source comes from already-CSP-approved data.
var legendDiv = document.createElement('div');
legendDiv.style.padding= '5px 5px 5px 5px';
document.body.appendChild(legendDiv);
// var legendDiv2 = legendDiv.cloneNode(true);
// document.body.appendChild(legendDiv2);
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list