[Webkit-unassigned] [Bug 69433] New: cloneNode and CSP don't like each other

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 5 09:17:30 PDT 2011


           Summary: cloneNode and CSP don't like each other
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ulfar.erlingsson at gmail.com
                CC: sam at webkit.org, abarth at webkit.org

My Chrome extension runs with CSP, and I'm getting "Refused to apply inline style because of Content-Security-Policy."  This is Chrome 14.0.835.186, webkit 535.1.

Everything is safe, so no errors should be being generated.

The culprit is the compound padding initializer I'm using (see below).  What is strange is that the error doesn't get generated unless I do a cloneNode, by uncommenting the last two lines in the snippet below.  Doing the initial initialization works just fine, without generating any error.

Probably the cloneNode goes through the same code path that the parser goes though when making new style objects.  But there should be a flag or something to indicate that the source comes from already-CSP-approved data.

  var legendDiv = document.createElement('div');                                                                                                                                     
  legendDiv.style.padding= '5px 5px 5px 5px';                                                                                                                                        
//  var legendDiv2 = legendDiv.cloneNode(true);                                                                                                                                      
//  document.body.appendChild(legendDiv2);

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list