Add CSP check for inline style attribute (#36923)

To be able to abort the update, extract the functionality into a separate method. Otherwise, we don't run the `node.rev_version` at the end, which according to the comment is probably important. Not all `style-src` tests pass and I don't fully understand why yet, but I presume it has to do with some special quirks of stylesheets that other CSP checks don't have. All `style-src-attr-elem` tests pass though. Part of #4577 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-08-18 11:55:39 +01:00 · 2025-05-09 19:36:55 +02:00 · 2025-05-09 19:36:55 +02:00 · d0de4e64d2
commit d0de4e64d2
parent 565e16178f
10 changed files with 124 additions and 79 deletions
--- a/tests/wpt/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini
@ -1,13 +1,36 @@
 [inline-style-allowed-while-cloning-objects.sub.html]
-  expected: TIMEOUT
-  [Test that violation report event was fired]
-    expected: NOTRUN
-
-  [inline-style-allowed-while-cloning-objects 12]
-    expected: FAIL
-
-  [inline-style-allowed-while-cloning-objects 14]
-    expected: FAIL
-
  [non-HTML namespace]
    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 1]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 3]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 5]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 7]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 8]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 9]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 10]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 11]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 17]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 18]
+    expected: FAIL
+
+  [inline-style-allowed-while-cloning-objects 19]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini
@ -1,3 +0,0 @@
-[inline-style-attribute-blocked.sub.html]
-  [Expecting logs: ["violated-directive=style-src-attr","PASS"\]]
-    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini
+++ b/tests/wpt/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini
@ -1,7 +0,0 @@
-[style-src-inline-style-attribute-blocked.html]
-  expected: TIMEOUT
-  [Inline style attribute should not be applied without 'unsafe-inline']
-    expected: FAIL
-
-  [Should fire a securitypolicyviolation event]
-    expected: NOTRUN