Add CSP check for inline style attribute (#36923)

To be able to abort the update, extract the functionality into a separate method. Otherwise, we don't run the `node.rev_version` at the end, which according to the comment is probably important. Not all `style-src` tests pass and I don't fully understand why yet, but I presume it has to do with some special quirks of stylesheets that other CSP checks don't have. All `style-src-attr-elem` tests pass though. Part of #4577 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-09-30 08:39:16 +01:00 · 2025-05-09 19:36:55 +02:00 · 2025-05-09 19:36:55 +02:00 · d0de4e64d2
commit d0de4e64d2
parent 565e16178f
10 changed files with 124 additions and 79 deletions
--- a/tests/wpt/meta/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html.ini
+++ b/tests/wpt/meta/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html.ini
@ -1,4 +0,0 @@
-[style_attribute_denied_missing_unsafe_hashes.html]
-  expected: TIMEOUT
-  [Test that the inline style attribute is blocked]
-    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html.ini
+++ b/tests/wpt/meta/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html.ini
@ -1,4 +0,0 @@
-[style_attribute_denied_wrong_hash.html]
-  expected: TIMEOUT
-  [Test that the inline style attribute is blocked]
-    expected: NOTRUN