void StyleSheetContents::parseAuthorStyleSheet(const CachedCSSStyleSheet* cachedStyleSheet, const SecurityOrigin* securityOrigin)
{
// Check to see if we should enforce the MIME type of the CSS resource in strict mode.
// Running in iWeb 2 is one example of where we don't want to - <rdar://problem/6099748>
bool enforceMIMEType = isStrictParserMode(m_parserContext.mode) && m_parserContext.enforcesCSSMIMETypeInNoQuirksMode;
bool hasValidMIMEType = false;
String sheetText = cachedStyleSheet->sheetText(enforceMIMEType, &hasValidMIMEType);
CSSParser p(parserContext());
p.parseSheet(this, sheetText, 0);
// If we're loading a stylesheet cross-origin, and the MIME type is not standard, require the CSS
// to at least start with a syntactically valid CSS rule.
// This prevents an attacker playing games by injecting CSS strings into HTML, XML, JSON, etc. etc.
if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) {
bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(baseURL());
if (isCrossOriginCSS) {
clearRules();
return;
}
}
if (m_parserContext.needsSiteSpecificQuirks && isStrictParserMode(m_parserContext.mode)) {
// Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, (ASCIILiteral("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n")));
// There are two variants of KHTMLFixes.css. One is equal to mediaWikiKHTMLFixesStyleSheet,
// while the other lacks the second trailing newline.
if (baseURL().string().endsWith("/KHTMLFixes.css") && !sheetText.isNull() && mediaWikiKHTMLFixesStyleSheet.startsWith(sheetText)
&& sheetText.length() >= mediaWikiKHTMLFixesStyleSheet.length() - 1)
clearRules();
}
void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cachedStyleSheet, const SecurityOrigin* securityOrigin)
{
TRACE_EVENT0("webkit", "StyleSheetContents::parseAuthorStyleSheet");
bool quirksMode = isQuirksModeBehavior(m_parserContext.mode());
bool enforceMIMEType = !quirksMode;
bool hasValidMIMEType = false;
String sheetText = cachedStyleSheet->sheetText(enforceMIMEType, &hasValidMIMEType);
CSSParserContext context(parserContext(), UseCounter::getFrom(this));
BisonCSSParser p(context);
p.parseSheet(this, sheetText, TextPosition::minimumPosition(), 0, true);
// If we're loading a stylesheet cross-origin, and the MIME type is not standard, require the CSS
// to at least start with a syntactically valid CSS rule.
// This prevents an attacker playing games by injecting CSS strings into HTML, XML, JSON, etc. etc.
if (!hasValidMIMEType && !hasSyntacticallyValidCSSHeader()) {
bool isCrossOriginCSS = !securityOrigin || !securityOrigin->canRequest(baseURL());
if (isCrossOriginCSS) {
clearRules();
return;
}
}
}
bool StyleSheetContents::isCacheableForStyleElement() const {
// FIXME: Support copying import rules.
if (!importRules().isEmpty())
return false;
// Until import rules are supported in cached sheets it's not possible for
// loading to fail.
DCHECK(!didLoadErrorOccur());
// It is not the original sheet anymore.
if (isMutable())
return false;
if (!hasSyntacticallyValidCSSHeader())
return false;
return true;
}
