Diff
Modified: trunk/LayoutTests/ChangeLog (238697 => 238698)
--- trunk/LayoutTests/ChangeLog 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/LayoutTests/ChangeLog 2018-11-29 23:06:43 UTC (rev 238698)
@@ -1,3 +1,17 @@
+2018-11-29 Youenn Fablet <you...@apple.com>
+
+ CSS subresource loads should not be observable from resource timing if the stylesheet is opaque
+ https://bugs.webkit.org/show_bug.cgi?id=192132
+
+ Reviewed by Ryosuke Niwa.
+
+ * http/tests/security/clean-origin-css-exposed-resource-timing-expected.txt: Added.
+ * http/tests/security/clean-origin-css-exposed-resource-timinge-timing.html: Added.
+ * http/tests/security/cross-origin-css-resource-timing-expected.txt: Added.
+ * http/tests/security/cross-origin-css-resource-timing.html: Added.
+ * http/tests/security/resources/loading-subresources.css: Added.
+ * http/tests/security/resources/imported-loading-subresources.css: Added.
+
2018-11-29 Ryosuke Niwa <rn...@webkit.org>
Executing "insertunorderedlist" while selecting a contenteditable element inside a shadow dom hangs the browser
Added: trunk/LayoutTests/http/tests/security/clean-origin-css-exposed-resource-timing-expected.txt (0 => 238698)
--- trunk/LayoutTests/http/tests/security/clean-origin-css-exposed-resource-timing-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/clean-origin-css-exposed-resource-timing-expected.txt 2018-11-29 23:06:43 UTC (rev 238698)
@@ -0,0 +1,3 @@
+
+PASS CSS subresources of a clean stylesheet should populate resource timing entries
+
Added: trunk/LayoutTests/http/tests/security/clean-origin-css-exposed-resource-timing.html (0 => 238698)
--- trunk/LayoutTests/http/tests/security/clean-origin-css-exposed-resource-timing.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/clean-origin-css-exposed-resource-timing.html 2018-11-29 23:06:43 UTC (rev 238698)
@@ -0,0 +1,51 @@
+<!doctype html>
+<html>
+<head>
+<title>CSS subresources of a clean stylesheet should populate resource timing entries</title>
+<script src=""
+<script src=""
+<link href='' rel='stylesheet' type='text/css'>
+</head>
+<body>
+<div id="mydiv" style="font: 12px 'ahem'">Test</div>
+<script>
+const waitOnLoad = new Promise((resolve) => {
+ window._onload_ = resolve;
+})
+
+function waitFor(delay)
+{
+ return new Promise(resolve => setTimeout(resolve, delay));
+}
+
+document.fonts.ready.then(async () => {
+ await waitOnLoad;
+ let hasImport = false;
+ let hasImage = false;
+ let hasCursor = false;
+ let hasFont = false;
+ let counter = 0;
+ while (++counter < 20) {
+ const entries = performance.getEntries();
+ if (!hasImport)
+ hasImport = entries.some(entry => entry.name.includes('imported-loading-subresources.css'));
+ if (!hasImage)
+ hasImage = entries.some(entry => entry.name.includes('abe-allow-star.php?image'));
+ if (!hasCursor)
+ hasCursor = entries.some(entry => entry.name.includes('abe-allow-star.php?cursor'));
+ if (!hasFont)
+ hasFont = entries.some(entry => entry.name.includes('Ahem.woff'));
+ if (hasImport && hasImage && hasFont && hasCursor)
+ break;
+ await waitFor(50);
+ }
+ mydiv.innerHTML = "";
+ assert_true(hasImport, "import");
+ assert_true(hasImage, "image");
+ assert_true(hasCursor, "cursor");
+ assert_true(hasFont, "font");
+ done();
+})
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-resource-timing-expected.txt (0 => 238698)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-resource-timing-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-resource-timing-expected.txt 2018-11-29 23:06:43 UTC (rev 238698)
@@ -0,0 +1,3 @@
+
+PASS CSS subresources of an opaque stylesheet should not populate resource timing entries
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-css-resource-timing.html (0 => 238698)
--- trunk/LayoutTests/http/tests/security/cross-origin-css-resource-timing.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-css-resource-timing.html 2018-11-29 23:06:43 UTC (rev 238698)
@@ -0,0 +1,28 @@
+<!doctype html>
+<html>
+<head>
+<title>CSS subresources of an opaque stylesheet should not populate resource timing entries</title>
+<script src=""
+<script src=""
+<link href='' rel='stylesheet' type='text/css'>
+</head>
+<body>
+<div id="mydiv" style="font: 12px 'ahem'">Test</div>
+<script>
+const waitOnLoad = new Promise((resolve) => {
+ window._onload_ = resolve;
+})
+document.fonts.ready.then(async () => {
+ await waitOnLoad;
+ performance.getEntries().map(obj => {
+ assert_false(obj.name.includes('imported-loading-subresources.css'), "import");
+ assert_false(obj.name.includes('Ahem.woff'), "font");
+ assert_false(obj.name.includes('abe-allow-star.php?image'), "image");
+ assert_false(obj.name.includes('abe-allow-star.php?cursor'), "cursor");
+ });
+ mydiv.innerHTML = "";
+ done();
+})
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/resources/imported-loading-subresources.css (0 => 238698)
--- trunk/LayoutTests/http/tests/security/resources/imported-loading-subresources.css (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/imported-loading-subresources.css 2018-11-29 23:06:43 UTC (rev 238698)
@@ -0,0 +1,3 @@
+#mydiv {
+ background-image: url("/security/resources/abe-allow-star.php?image");
+}
Added: trunk/LayoutTests/http/tests/security/resources/loading-subresources.css (0 => 238698)
--- trunk/LayoutTests/http/tests/security/resources/loading-subresources.css (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/loading-subresources.css 2018-11-29 23:06:43 UTC (rev 238698)
@@ -0,0 +1,8 @@
+@import url("/security/resources/imported-loading-subresources.css");
+@font-face {
+ font-family:ahem;
+ src: url("/resources/Ahem.woff");
+}
+#mydiv {
+ cursor: url("/security/resources/abe-allow-star.php?cursor"), auto;
+}
Added: trunk/LayoutTests/http/tests/security/resources.font.otf (0 => 238698)
--- trunk/LayoutTests/http/tests/security/resources.font.otf (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources.font.otf 2018-11-29 23:06:43 UTC (rev 238698)
@@ -0,0 +1,25 @@
+OTTOÀ€
+\x80 CFF Vy\xD6\xEA\xAC"OGSUB45\xE9"\xFC\xBAOS/2H\xE0Y`'\xB8dcmap\xD5\xB1(lheadeD\xF8(\x886hheah5(\xC0$hmtx\xD4\x86(\xE4\xD4maxpk)\xB8 name\xD7\xF0/w)\xD8|post8T FontWithFeaturesOTF9\x87\x87\xFF\xFF\xFF\xFF\x85\xEEFontWithFeaturesOTF 
++ !"#$%&'()*+,-./012345I\xA7G\xE7\x87'\xC7g\xA7G\xE7\x87'\xC7 g
+
+\xA7G\xE7\x87+'+\xC7g\xA7G\xE7\x87'\xC7g\xA7G\xE7\x87'\xC7g\xA7G\xE7\x87'\xC7g\xA7G\xE7 \x87\xFF\xFF\xFF\xFF\xC8\xFF\xC8\xFF\xFFX\xFFX\xFF\xFF\xFF\xFD\xA8\xFF\xFD\xA8\xFF\xFF\xFF\xFF\xFF\xC8\xFF\xF4\xFF2\xFF2\xFF\xFA\xFF\xFF\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFE>\xFF\xFE>\xFF\xFE\xD4\xFF,\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp
\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE
\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF
\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF
\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF€À€À€À€\xFF\xF4À€À€\xFF&À€À€\xFF\x90À€À€\xFF\x90À€À€\xFFÀ€2À€À€\xFF\xFF\xCEÀ€À€\xFF\xFEpÀ€À€\xFF\xFEpÀ€À€\xFF\x90À€À€\xFF\xFEpÀ€À€\xFF\xFF\xCEÀ€À€\xFF\xFF\xCEÀ€À€\xFF\xFEpÀ€À€\xFF\x90À€À€
\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\x
FF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFE
p\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x9
0\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\
xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF
2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90
\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE
\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xF
Ep\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFE
p\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xF
F2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF
\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF
\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE€\xFF\xFF\xCEÀ€À€\xFF\xFEpÀ€À€\xFF\x90À€À€\xFF\xFEpÀ€À€\xFF\xFEpÀ€À€\xFF\xFF\xCEÀ€À€\xFFÀ€2À€À€\xFF\x90À€À€\xFF\x90À€À€\xFF\xFEpÀ€À€\xFF\x90À€À€\xFFÀ€2À€À€\xFFÀ€2À€À€\xFF\x90À€À€\xFF\xFEpÀ€À€
\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\
xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xF
F\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF
\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\x
FF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\x
FF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x9
0\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2
\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF
2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF
\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE
\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\x
FF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFE
p\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2
\xFF2\xFF\x90\xFF\xFEp\xFF\xFF\xFF\xFF\xF4\xFF&\xFF\x90\xFF\x90\xFF2\xFF\xFF\xCE\xFF\xFEp\xFF\xFEp\xFF\x90\xFF
\xFEp\xFF\xFF\xCE\xFF\xFF\xCE\xFF\xFEp\xFF\x90\xFF\xFEp\xFF\xFEp\xFF\xFF\xCE\xFF2\xFF\x90\xFF\x90\xFF\xFEp\xFF\x90\xFF2\xFF2\xFF\x90\xFF\xFEp
+Z\xD0DFLT\xFF\xFF 
++afrc\xBCc2pc\xC2c2sc\xC8calt\xCEclig\xD4dlig\xDAfrac\xE0fwid\xE6hist\xEChlig\xF2jp04\xF8jp78\xFEjp83jp90
+ligalnumonumordn"pcap(pnum.pwid4ruby:smcp@smplFsubsLsupsRtitlXtnum^traddunicjzerop 
++@HPX`hpx\x80\x88\x90\x98\xA0\xA8\xB0\xB8\xC0\xC8\xD0\xD8\xE0\xE8\xF0\xF8 (0\xF8\xFE
+"(.4:@FLRX^djpv|\x82\x88\x8E\x94\x9A\xA0\xA6\xAC+ !
+ \xF4TKBW\xFF\xFF\xFF\xFFf\xFF\xFC\xFF\xFF \xFF\xFFD
+(AZaz(Zz\xFF\xFFAa\xFF\xFF\xFF\xDA\xFF\xA0\xC3t\xD6_<\xF5\xFF\xFF\xFF\xFFf5\xC8\xC82222222222222222222222222222222222222222222222222225\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF5B&&&&L&r\x98&\x9E\xC44\xE0<6P€À€>\x86À€À€À€À€À€À€0\xC4À€À€À€À€À€À€2\xF4À€À€À€À€À€À€<&À€À€À€À€À€ À€>bÀ€À€À€À€À€
+2\xA0>\xD2@+*P*z$\xA4$\xC8\xEC*2*N6x6\xAE8\xE48T*r\x9C"\xA0*\xC2(\xEC *2!2\"2\x8E#$\xC0$*\xE4%8&4F'z(*\x96)4\xC0*4\xF4+"(,,J-,v.<\xA2/&\xDE0* 14 .24 b34 \x9644 \xCA5: \xFE6<
+87
+t8*
+\x949.
+\xBE:2
+\xEC;<&8FontWithFeaturesOTFFontWithFeaturesOTFFontWithFeaturesOTFFontWithFeaturesOTF1.0FontWithFeaturesOTFkLigaturesTypekCommonLigaturesOnSelectorkContextualLigaturesOnSelectorkCommonLigaturesOffSelectorkContextualLigaturesOffSelectorkRareLigaturesOnSelectorkRareLigaturesOffSelectorkHistoricalLigaturesOnSelectorkHistorical
LigaturesOffSelectorkContextualAlternatesTypekContextualAlternatesOnSelectorkContextualAlternatesOffSelectorkVerticalPositionTypedefaultUnusedSelectorkInferiorsSelec
torkSuperiorsSelectorkLowerCaseTypedefaultUnusedSelectorkUpperCaseTypedefaultUnusedSelectorkLowerCaseSmallCapsSelectorkUpperCaseSmallCapsSelectorkLowerCasePetiteCapsSelectorkUpperCasePetiteCapsSelectorkLetterCaseTypedefaultUnusedSelector14kStyleOptionsTypedefaultUnusedSelectorkTitlingCapsSelectorkNumberCaseTypedefaultUnusedSelecto€rÀ€kÀ€UÀ€pÀ€pÀ€eÀ€rÀ€CÀ€aÀ€sÀ€eÀ€NÀ€uÀ€mÀ€bÀ€eÀ€rÀ€sÀ€SÀ€eÀ€lÀ€eÀ€cÀ€tÀ€oÀ€rÀ€kÀ€LÀ€oÀ€wÀ€eÀ€rÀ€CÀ€aÀ€sÀ€eÀ€NÀ€uÀ€mÀ€bÀ€eÀ€rÀ€sÀ€SÀ€eÀ€lÀ€eÀ€cÀ€tÀ€oÀ€rÀ€kÀ€NÀ€uÀ€mÀ€bÀ€eÀ€rÀ€SÀ€pÀ€aÀ€cÀ€iÀ€nÀ€gÀ€TÀ€yÀ€pÀ€eÀ€dÀ€eÀ€fÀ€aÀ€uÀ€lÀ€tÀ€UÀ€nÀ€uÀ€sÀ€eÀ€dÀ€SÀ€eÀ€lÀ€eÀ€cÀ€tÀ€oÀ€rÀ€kÀ€PÀ€rÀ€oÀ€pÀ€oÀ€rÀ€tÀ€iÀ€oÀ€nÀ€aÀ€lÀ€NÀ€uÀ€mÀ€bÀ€eÀ€rÀ€sÀ€SÀ€eÀ€lÀ€eÀ€cÀ€tÀ€oÀ€rÀ€kÀ€MÀ€oÀ€nÀ€oÀ€sÀ€pÀ€aÀ€cÀ€eÀ€dÀ€NÀ€uÀ€mÀ€bÀ€eÀ€rÀ€sÀ€SÀ€eÀ€lÀ€eÀ€cÀ€tÀ€oÀ€rÀ€kÀ€FÀ€rÀ€aÀ€cÀ€tÀ€iÀ€oÀ€nÀ€sÀ€TÀ€yÀ€pÀ€eÀ€dÀ€eÀ€fÀ€aÀ€uÀ€lÀ€tÀ€UÀ€
nusedSelectorkDiagonalFractionsSelectorkVerticalFractionsSelectorkOrdinalsSelectorkTypographicExtrasTypekSlashedZeroOnSelectorkHistoricalLigaturesOnSelectorkCharacterShapeTypedefaultUnusedSelectorkJIS1978CharactersSelectorkJIS1983CharactersSelectorkJIS1990CharactersSelectorkJIS2004CharactersSelectorkSimplifiedCharactersSelectorkTra
ditionalCharactersSelectorkTextSpacingTypedefaultUnusedSelectorkMonospacedTextSelectorkProportionalTextSelectorkRubyKanaTypekRubyKanaOnSelector
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (238697 => 238698)
--- trunk/Source/WebCore/ChangeLog 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/ChangeLog 2018-11-29 23:06:43 UTC (rev 238698)
@@ -1,3 +1,62 @@
+2018-11-29 Youenn Fablet <you...@apple.com>
+
+ CSS subresource loads should not be observable from resource timing if the stylesheet is opaque
+ https://bugs.webkit.org/show_bug.cgi?id=192132
+
+ Reviewed by Ryosuke Niwa.
+
+ Introduce a new ResourceLoaderOptions to determine whether a load is made from a resource that is opaque.
+ Make use of that option to disable exposing such loads to the web page through resource timing.
+ The same option might later be used to bypass service workers.
+
+ Make use of this option for CSS subresource loads.
+ When the CSS stylesheet is opaque for the page, set this option.
+
+ Test: http/tests/security/clean-origin-exposed-resource-timing.html
+ http/tests/security/cross-origin-resource-timing.html
+
+ * css/CSSCursorImageValue.cpp:
+ (WebCore::CSSCursorImageValue::CSSCursorImageValue):
+ (WebCore::CSSCursorImageValue::loadImage):
+ * css/CSSCursorImageValue.h:
+ * css/CSSFontFaceSrcValue.cpp:
+ (WebCore::CSSFontFaceSrcValue::cachedFont):
+ * css/CSSFontFaceSrcValue.h:
+ * css/CSSImageSetValue.cpp:
+ (WebCore::CSSImageSetValue::CSSImageSetValue):
+ (WebCore::CSSImageSetValue::loadBestFitImage):
+ * css/CSSImageSetValue.h:
+ * css/CSSImageValue.cpp:
+ (WebCore::CSSImageValue::CSSImageValue):
+ (WebCore::CSSImageValue::loadImage):
+ * css/CSSImageValue.h:
+ * css/CSSStyleSheet.h:
+ * css/StyleRuleImport.cpp:
+ (WebCore::StyleRuleImport::setCSSStyleSheet):
+ (WebCore::StyleRuleImport::requestStyleSheet):
+ * css/StyleSheetContents.h:
+ * css/parser/CSSParserContext.h:
+ * css/parser/CSSPropertyParser.cpp:
+ (WebCore::consumeCursor):
+ (WebCore::consumeFontFaceSrcURI):
+ * css/parser/CSSPropertyParserHelpers.cpp:
+ (WebCore::CSSPropertyParserHelpers::consumeImageSet):
+ (WebCore::CSSPropertyParserHelpers::consumeImage):
+ * html/HTMLBodyElement.cpp:
+ (WebCore::HTMLBodyElement::collectStyleForPresentationAttribute):
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::initializeStyleSheet):
+ (WebCore::HTMLLinkElement::setCSSStyleSheet):
+ * html/HTMLTableElement.cpp:
+ (WebCore::HTMLTableElement::collectStyleForPresentationAttribute):
+ * html/HTMLTablePartElement.cpp:
+ (WebCore::HTMLTablePartElement::collectStyleForPresentationAttribute):
+ * loader/ResourceLoaderOptions.h:
+ * loader/ResourceTimingInformation.cpp:
+ (WebCore::ResourceTimingInformation::shouldAddResourceTiming):
+ * svg/SVGFontFaceUriElement.cpp:
+ (WebCore::SVGFontFaceUriElement::srcValue const):
+
2018-11-29 Megan Gardner <megan_gard...@apple.com>
Move Lookup Code for better cross platform usage
Modified: trunk/Source/WebCore/css/CSSCursorImageValue.cpp (238697 => 238698)
--- trunk/Source/WebCore/css/CSSCursorImageValue.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSCursorImageValue.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -35,11 +35,12 @@
namespace WebCore {
-CSSCursorImageValue::CSSCursorImageValue(Ref<CSSValue>&& imageValue, bool hasHotSpot, const IntPoint& hotSpot)
+CSSCursorImageValue::CSSCursorImageValue(Ref<CSSValue>&& imageValue, bool hasHotSpot, const IntPoint& hotSpot, LoadedFromOpaqueSource loadedFromOpaqueSource)
: CSSValue(CursorImageClass)
, m_imageValue(WTFMove(imageValue))
, m_hasHotSpot(hasHotSpot)
, m_hotSpot(hotSpot)
+ , m_loadedFromOpaqueSource(loadedFromOpaqueSource)
{
if (is<CSSImageValue>(m_imageValue.get()))
m_originalURL = downcast<CSSImageValue>(m_imageValue.get()).url();
@@ -106,7 +107,7 @@
if (auto* cursorElement = updateCursorElement(*loader.document())) {
if (cursorElement->href() != downcast<CSSImageValue>(m_imageValue.get()).url())
- m_imageValue = CSSImageValue::create(loader.document()->completeURL(cursorElement->href()));
+ m_imageValue = CSSImageValue::create(loader.document()->completeURL(cursorElement->href()), m_loadedFromOpaqueSource);
}
return { downcast<CSSImageValue>(m_imageValue.get()).loadImage(loader, options), 1 };
Modified: trunk/Source/WebCore/css/CSSCursorImageValue.h (238697 => 238698)
--- trunk/Source/WebCore/css/CSSCursorImageValue.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSCursorImageValue.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -22,6 +22,7 @@
#include "CSSValue.h"
#include "IntPoint.h"
+#include "ResourceLoaderOptions.h"
#include <wtf/HashSet.h>
namespace WebCore {
@@ -30,15 +31,14 @@
class CachedResourceLoader;
class Document;
class Element;
-struct ResourceLoaderOptions;
class SVGCursorElement;
class SVGElement;
class CSSCursorImageValue final : public CSSValue {
public:
- static Ref<CSSCursorImageValue> create(Ref<CSSValue>&& imageValue, bool hasHotSpot, const IntPoint& hotSpot)
+ static Ref<CSSCursorImageValue> create(Ref<CSSValue>&& imageValue, bool hasHotSpot, const IntPoint& hotSpot, LoadedFromOpaqueSource loadedFromOpaqueSource)
{
- return adoptRef(*new CSSCursorImageValue(WTFMove(imageValue), hasHotSpot, hotSpot));
+ return adoptRef(*new CSSCursorImageValue(WTFMove(imageValue), hasHotSpot, hotSpot, loadedFromOpaqueSource));
}
~CSSCursorImageValue();
@@ -66,7 +66,7 @@
void cursorElementChanged(SVGCursorElement&);
private:
- CSSCursorImageValue(Ref<CSSValue>&& imageValue, bool hasHotSpot, const IntPoint& hotSpot);
+ CSSCursorImageValue(Ref<CSSValue>&& imageValue, bool hasHotSpot, const IntPoint& hotSpot, LoadedFromOpaqueSource);
SVGCursorElement* updateCursorElement(const Document&);
@@ -76,6 +76,7 @@
bool m_hasHotSpot;
IntPoint m_hotSpot;
HashSet<SVGCursorElement*> m_cursorElements;
+ LoadedFromOpaqueSource m_loadedFromOpaqueSource { LoadedFromOpaqueSource::No };
};
} // namespace WebCore
Modified: trunk/Source/WebCore/css/CSSFontFaceSrcValue.cpp (238697 => 238698)
--- trunk/Source/WebCore/css/CSSFontFaceSrcValue.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSFontFaceSrcValue.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -98,6 +98,7 @@
ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
options.contentSecurityPolicyImposition = isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
+ options.loadedFromOpaqueSource = m_loadedFromOpaqueSource;
CachedResourceRequest request(ResourceRequest(document->completeURL(m_resource)), options);
request.setInitiator(cachedResourceRequestInitiators().css);
Modified: trunk/Source/WebCore/css/CSSFontFaceSrcValue.h (238697 => 238698)
--- trunk/Source/WebCore/css/CSSFontFaceSrcValue.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSFontFaceSrcValue.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -27,6 +27,7 @@
#include "CSSValue.h"
#include "CachedResourceHandle.h"
+#include "ResourceLoaderOptions.h"
#include <wtf/Function.h>
#include <wtf/text/WTFString.h>
@@ -38,13 +39,13 @@
class CSSFontFaceSrcValue final : public CSSValue {
public:
- static Ref<CSSFontFaceSrcValue> create(const String& resource)
+ static Ref<CSSFontFaceSrcValue> create(const String& resource, LoadedFromOpaqueSource loadedFromOpaqueSource)
{
- return adoptRef(*new CSSFontFaceSrcValue(resource, false));
+ return adoptRef(*new CSSFontFaceSrcValue(resource, false, loadedFromOpaqueSource));
}
static Ref<CSSFontFaceSrcValue> createLocal(const String& resource)
{
- return adoptRef(*new CSSFontFaceSrcValue(resource, true));
+ return adoptRef(*new CSSFontFaceSrcValue(resource, true, LoadedFromOpaqueSource::No));
}
const String& resource() const { return m_resource; }
@@ -72,10 +73,11 @@
bool equals(const CSSFontFaceSrcValue&) const;
private:
- CSSFontFaceSrcValue(const String& resource, bool local)
+ CSSFontFaceSrcValue(const String& resource, bool local, LoadedFromOpaqueSource loadedFromOpaqueSource)
: CSSValue(FontFaceSrcClass)
, m_resource(resource)
, m_isLocal(local)
+ , m_loadedFromOpaqueSource(loadedFromOpaqueSource)
#if ENABLE(SVG_FONTS)
, m_svgFontFaceElement(0)
#endif
@@ -85,6 +87,7 @@
String m_resource;
String m_format;
bool m_isLocal;
+ LoadedFromOpaqueSource m_loadedFromOpaqueSource { LoadedFromOpaqueSource::No };
CachedResourceHandle<CachedFont> m_cachedFont;
Modified: trunk/Source/WebCore/css/CSSImageSetValue.cpp (238697 => 238698)
--- trunk/Source/WebCore/css/CSSImageSetValue.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSImageSetValue.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -38,8 +38,9 @@
namespace WebCore {
-CSSImageSetValue::CSSImageSetValue()
+CSSImageSetValue::CSSImageSetValue(LoadedFromOpaqueSource loadedFromOpaqueSource)
: CSSValueList(ImageSetClass, CommaSeparator)
+ , m_loadedFromOpaqueSource(loadedFromOpaqueSource)
{
}
@@ -98,7 +99,10 @@
// All forms of scale should be included: Page::pageScaleFactor(), Frame::pageZoomFactor(),
// and any CSS transforms. https://bugs.webkit.org/show_bug.cgi?id=81698
ImageWithScale image = bestImageForScaleFactor();
- CachedResourceRequest request(ResourceRequest(document->completeURL(image.imageURL)), options);
+
+ ResourceLoaderOptions loadOptions = options;
+ loadOptions.loadedFromOpaqueSource = m_loadedFromOpaqueSource;
+ CachedResourceRequest request(ResourceRequest(document->completeURL(image.imageURL)), loadOptions);
request.setInitiator(cachedResourceRequestInitiators().css);
if (options.mode == FetchOptions::Mode::Cors)
request.updateForAccessControl(*document);
Modified: trunk/Source/WebCore/css/CSSImageSetValue.h (238697 => 238698)
--- trunk/Source/WebCore/css/CSSImageSetValue.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSImageSetValue.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -27,6 +27,7 @@
#include "CSSValueList.h"
#include "CachedResourceHandle.h"
+#include "ResourceLoaderOptions.h"
#include <wtf/Function.h>
namespace WebCore {
@@ -34,13 +35,12 @@
class CachedImage;
class CachedResourceLoader;
class Document;
-struct ResourceLoaderOptions;
class CSSImageSetValue final : public CSSValueList {
public:
- static Ref<CSSImageSetValue> create()
+ static Ref<CSSImageSetValue> create(LoadedFromOpaqueSource loadedFromOpaqueSource)
{
- return adoptRef(*new CSSImageSetValue());
+ return adoptRef(*new CSSImageSetValue(loadedFromOpaqueSource));
}
~CSSImageSetValue();
@@ -64,7 +64,7 @@
ImageWithScale bestImageForScaleFactor();
private:
- CSSImageSetValue();
+ explicit CSSImageSetValue(LoadedFromOpaqueSource);
void fillImageSet();
static inline bool compareByScaleFactor(ImageWithScale first, ImageWithScale second) { return first.scaleFactor < second.scaleFactor; }
@@ -75,6 +75,7 @@
float m_deviceScaleFactor { 1 };
Vector<ImageWithScale> m_imagesInSet;
+ LoadedFromOpaqueSource m_loadedFromOpaqueSource { LoadedFromOpaqueSource::No };
};
} // namespace WebCore
Modified: trunk/Source/WebCore/css/CSSImageValue.cpp (238697 => 238698)
--- trunk/Source/WebCore/css/CSSImageValue.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSImageValue.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -34,10 +34,11 @@
namespace WebCore {
-CSSImageValue::CSSImageValue(URL&& url)
+CSSImageValue::CSSImageValue(URL&& url, LoadedFromOpaqueSource loadedFromOpaqueSource)
: CSSValue(ImageClass)
, m_url(WTFMove(url))
, m_accessedImage(false)
+ , m_loadedFromOpaqueSource(loadedFromOpaqueSource)
{
}
@@ -62,7 +63,9 @@
if (!m_accessedImage) {
m_accessedImage = true;
- CachedResourceRequest request(ResourceRequest(loader.document()->completeURL(m_url.string())), options);
+ ResourceLoaderOptions loadOptions = options;
+ loadOptions.loadedFromOpaqueSource = m_loadedFromOpaqueSource;
+ CachedResourceRequest request(ResourceRequest(loader.document()->completeURL(m_url.string())), loadOptions);
if (m_initiatorName.isEmpty())
request.setInitiator(cachedResourceRequestInitiators().css);
else
Modified: trunk/Source/WebCore/css/CSSImageValue.h (238697 => 238698)
--- trunk/Source/WebCore/css/CSSImageValue.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSImageValue.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -22,6 +22,7 @@
#include "CSSValue.h"
#include "CachedResourceHandle.h"
+#include "ResourceLoaderOptions.h"
#include <wtf/Function.h>
#include <wtf/Ref.h>
@@ -32,11 +33,10 @@
class DeprecatedCSSOMValue;
class CSSStyleDeclaration;
class RenderElement;
-struct ResourceLoaderOptions;
class CSSImageValue final : public CSSValue {
public:
- static Ref<CSSImageValue> create(URL&& url) { return adoptRef(*new CSSImageValue(WTFMove(url))); }
+ static Ref<CSSImageValue> create(URL&& url, LoadedFromOpaqueSource loadedFromOpaqueSource) { return adoptRef(*new CSSImageValue(WTFMove(url), loadedFromOpaqueSource)); }
static Ref<CSSImageValue> create(CachedImage& image) { return adoptRef(*new CSSImageValue(image)); }
~CSSImageValue();
@@ -59,7 +59,7 @@
void setInitiator(const AtomicString& name) { m_initiatorName = name; }
private:
- explicit CSSImageValue(URL&&);
+ CSSImageValue(URL&&, LoadedFromOpaqueSource);
explicit CSSImageValue(CachedImage&);
URL m_url;
@@ -66,6 +66,7 @@
CachedResourceHandle<CachedImage> m_cachedImage;
bool m_accessedImage;
AtomicString m_initiatorName;
+ LoadedFromOpaqueSource m_loadedFromOpaqueSource { LoadedFromOpaqueSource::No };
};
} // namespace WebCore
Modified: trunk/Source/WebCore/css/CSSStyleSheet.h (238697 => 238698)
--- trunk/Source/WebCore/css/CSSStyleSheet.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/CSSStyleSheet.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -125,6 +125,8 @@
void detachFromDocument() { m_ownerNode = nullptr; }
+ bool canAccessRules() const;
+
private:
CSSStyleSheet(Ref<StyleSheetContents>&&, CSSImportRule* ownerRule);
CSSStyleSheet(Ref<StyleSheetContents>&&, Node* ownerNode, const TextPosition& startPosition, bool isInlineStylesheet);
@@ -133,8 +135,6 @@
bool isCSSStyleSheet() const final { return true; }
String type() const final { return "text/css"_s; }
- bool canAccessRules() const;
-
Ref<StyleSheetContents> m_contents;
bool m_isInlineStylesheet;
bool m_isDisabled;
Modified: trunk/Source/WebCore/css/StyleRuleImport.cpp (238697 => 238698)
--- trunk/Source/WebCore/css/StyleRuleImport.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/StyleRuleImport.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -74,6 +74,8 @@
Document* document = m_parentStyleSheet ? m_parentStyleSheet->singleOwnerDocument() : nullptr;
m_styleSheet = StyleSheetContents::create(this, href, context);
+ if (m_parentStyleSheet->isContentOpaque() || !cachedStyleSheet->isCORSSameOrigin())
+ m_styleSheet->setAsOpaque();
m_styleSheet->parseAuthorStyleSheet(cachedStyleSheet, document ? &document->securityOrigin() : nullptr);
m_loading = false;
@@ -121,7 +123,7 @@
if (m_cachedSheet)
m_cachedSheet->removeClient(m_styleSheetClient);
if (m_parentStyleSheet->isUserStyleSheet()) {
- request.setOptions(ResourceLoaderOptions(
+ ResourceLoaderOptions options {
SendCallbackPolicy::DoNotSendCallbacks,
ContentSniffingPolicy::SniffContent,
DataBufferingPolicy::BufferData,
@@ -133,10 +135,19 @@
CertificateInfoPolicy::DoNotIncludeCertificateInfo,
ContentSecurityPolicyImposition::SkipPolicyCheck,
DefersLoadingPolicy::AllowDefersLoading,
- CachingPolicy::AllowCaching));
+ CachingPolicy::AllowCaching
+ };
+ options.loadedFromOpaqueSource = m_parentStyleSheet->isContentOpaque() ? LoadedFromOpaqueSource::Yes : LoadedFromOpaqueSource::No;
+
+ request.setOptions(WTFMove(options));
+
m_cachedSheet = document->cachedResourceLoader().requestUserCSSStyleSheet(WTFMove(request));
- } else
+ } else {
+ auto options = request.options();
+ options.loadedFromOpaqueSource = m_parentStyleSheet->isContentOpaque() ? LoadedFromOpaqueSource::Yes : LoadedFromOpaqueSource::No;
+ request.setOptions(WTFMove(options));
m_cachedSheet = document->cachedResourceLoader().requestCSSStyleSheet(WTFMove(request)).value_or(nullptr);
+ }
if (m_cachedSheet) {
// if the import rule is issued dynamically, the sheet may be
// removed from the pending sheet count, so let the doc know
Modified: trunk/Source/WebCore/css/StyleSheetContents.h (238697 => 238698)
--- trunk/Source/WebCore/css/StyleSheetContents.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/StyleSheetContents.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -144,6 +144,9 @@
void shrinkToFit();
+ void setAsOpaque() { m_parserContext.isContentOpaque = true; }
+ bool isContentOpaque() const { return m_parserContext.isContentOpaque; }
+
private:
WEBCORE_EXPORT StyleSheetContents(StyleRuleImport* ownerRule, const String& originalURL, const CSSParserContext&);
StyleSheetContents(const StyleSheetContents&);
Modified: trunk/Source/WebCore/css/parser/CSSParserContext.h (238697 => 238698)
--- trunk/Source/WebCore/css/parser/CSSParserContext.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/parser/CSSParserContext.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -75,6 +75,8 @@
auto& encodingForURLParsing = encoding.encodingForFormSubmissionOrURLParsing();
return URL(baseURL, url, encodingForURLParsing == UTF8Encoding() ? nullptr : &encodingForURLParsing);
}
+
+ bool isContentOpaque { false };
};
bool operator==(const CSSParserContext&, const CSSParserContext&);
Modified: trunk/Source/WebCore/css/parser/CSSPropertyParser.cpp (238697 => 238698)
--- trunk/Source/WebCore/css/parser/CSSPropertyParser.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/parser/CSSPropertyParser.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -2170,7 +2170,7 @@
if (!list)
list = CSSValueList::createCommaSeparated();
- list->append(CSSCursorImageValue::create(image.releaseNonNull(), hotSpotSpecified, hotSpot));
+ list->append(CSSCursorImageValue::create(image.releaseNonNull(), hotSpotSpecified, hotSpot, context.isContentOpaque ? LoadedFromOpaqueSource::Yes : LoadedFromOpaqueSource::No));
if (!consumeCommaIncludingWhitespace(range))
return nullptr;
}
@@ -4434,9 +4434,9 @@
String url = ""
if (url.isNull())
return nullptr;
-
- RefPtr<CSSFontFaceSrcValue> uriValue = CSSFontFaceSrcValue::create(context.completeURL(url));
+ RefPtr<CSSFontFaceSrcValue> uriValue = CSSFontFaceSrcValue::create(context.completeURL(url), context.isContentOpaque ? LoadedFromOpaqueSource::Yes : LoadedFromOpaqueSource::No);
+
if (range.peek().functionId() != CSSValueFormat)
return uriValue;
Modified: trunk/Source/WebCore/css/parser/CSSPropertyParserHelpers.cpp (238697 => 238698)
--- trunk/Source/WebCore/css/parser/CSSPropertyParserHelpers.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/css/parser/CSSPropertyParserHelpers.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -1359,13 +1359,13 @@
{
CSSParserTokenRange rangeCopy = range;
CSSParserTokenRange args = consumeFunction(rangeCopy);
- RefPtr<CSSImageSetValue> imageSet = CSSImageSetValue::create();
+ RefPtr<CSSImageSetValue> imageSet = CSSImageSetValue::create(context.isContentOpaque ? LoadedFromOpaqueSource::Yes : LoadedFromOpaqueSource::No);
do {
AtomicString urlValue = consumeUrlAsStringView(args).toAtomicString();
if (urlValue.isNull())
return nullptr;
- RefPtr<CSSValue> image = CSSImageValue::create(completeURL(context, urlValue));
+ RefPtr<CSSValue> image = CSSImageValue::create(completeURL(context, urlValue), context.isContentOpaque ? LoadedFromOpaqueSource::Yes : LoadedFromOpaqueSource::No);
imageSet->append(image.releaseNonNull());
const CSSParserToken& token = args.consumeIncludingWhitespace();
@@ -1580,7 +1580,8 @@
{
AtomicString uri = consumeUrlAsStringView(range).toAtomicString();
if (!uri.isNull())
- return CSSImageValue::create(completeURL(context, uri));
+ return CSSImageValue::create(completeURL(context, uri), context.isContentOpaque ? LoadedFromOpaqueSource::Yes : LoadedFromOpaqueSource::No);
+
if (range.peek().type() == FunctionToken) {
CSSValueID id = range.peek().functionId();
if (id == CSSValueWebkitImageSet || id == CSSValueImageSet)
Modified: trunk/Source/WebCore/html/HTMLBodyElement.cpp (238697 => 238698)
--- trunk/Source/WebCore/html/HTMLBodyElement.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/html/HTMLBodyElement.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -74,7 +74,7 @@
if (name == backgroundAttr) {
String url = ""
if (!url.isEmpty()) {
- auto imageValue = CSSImageValue::create(document().completeURL(url));
+ auto imageValue = CSSImageValue::create(document().completeURL(url), LoadedFromOpaqueSource::No);
imageValue.get().setInitiator(localName());
style.setProperty(CSSProperty(CSSPropertyBackgroundImage, WTFMove(imageValue)));
}
Modified: trunk/Source/WebCore/html/HTMLLinkElement.cpp (238697 => 238698)
--- trunk/Source/WebCore/html/HTMLLinkElement.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/html/HTMLLinkElement.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -402,6 +402,9 @@
m_sheet = CSSStyleSheet::create(WTFMove(styleSheet), *this, originClean);
m_sheet->setMediaQueries(MediaQuerySet::create(m_media, context));
m_sheet->setTitle(title());
+
+ if (!m_sheet->canAccessRules())
+ m_sheet->contents().setAsOpaque();
}
void HTMLLinkElement::setCSSStyleSheet(const String& href, const URL& baseURL, const String& charset, const CachedCSSStyleSheet* cachedStyleSheet)
@@ -443,6 +446,8 @@
auto styleSheet = StyleSheetContents::create(href, parserContext);
initializeStyleSheet(styleSheet.copyRef(), *cachedStyleSheet, MediaQueryParserContext(document()));
+ // FIXME: Set the visibility option based on m_sheet being clean or not.
+ // Best approach might be to set it on the style sheet content itself or its context parser otherwise.
styleSheet.get().parseAuthorStyleSheet(cachedStyleSheet, &document().securityOrigin());
m_loading = false;
Modified: trunk/Source/WebCore/html/HTMLTableElement.cpp (238697 => 238698)
--- trunk/Source/WebCore/html/HTMLTableElement.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/html/HTMLTableElement.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -320,7 +320,7 @@
else if (name == backgroundAttr) {
String url = ""
if (!url.isEmpty())
- style.setProperty(CSSProperty(CSSPropertyBackgroundImage, CSSImageValue::create(document().completeURL(url))));
+ style.setProperty(CSSProperty(CSSPropertyBackgroundImage, CSSImageValue::create(document().completeURL(url), LoadedFromOpaqueSource::No)));
} else if (name == valignAttr) {
if (!value.isEmpty())
addPropertyToPresentationAttributeStyle(style, CSSPropertyVerticalAlign, value);
Modified: trunk/Source/WebCore/html/HTMLTablePartElement.cpp (238697 => 238698)
--- trunk/Source/WebCore/html/HTMLTablePartElement.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/html/HTMLTablePartElement.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -55,7 +55,7 @@
else if (name == backgroundAttr) {
String url = ""
if (!url.isEmpty())
- style.setProperty(CSSProperty(CSSPropertyBackgroundImage, CSSImageValue::create(document().completeURL(url))));
+ style.setProperty(CSSProperty(CSSPropertyBackgroundImage, CSSImageValue::create(document().completeURL(url), LoadedFromOpaqueSource::No)));
} else if (name == valignAttr) {
if (equalLettersIgnoringASCIICase(value, "top"))
addPropertyToPresentationAttributeStyle(style, CSSPropertyVerticalAlign, CSSValueTop);
Modified: trunk/Source/WebCore/loader/ResourceLoaderOptions.h (238697 => 238698)
--- trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2018-11-29 23:06:43 UTC (rev 238698)
@@ -122,6 +122,11 @@
Prevent
};
+enum class LoadedFromOpaqueSource : uint8_t {
+ Yes,
+ No
+};
+
struct ResourceLoaderOptions : public FetchOptions {
ResourceLoaderOptions() { }
@@ -167,6 +172,7 @@
ApplicationCacheMode applicationCacheMode { ApplicationCacheMode::Use };
ClientCredentialPolicy clientCredentialPolicy { ClientCredentialPolicy::CannotAskClientForCredentials };
PreflightPolicy preflightPolicy { PreflightPolicy::Consider };
+ LoadedFromOpaqueSource loadedFromOpaqueSource { LoadedFromOpaqueSource::No };
};
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/ResourceTimingInformation.cpp (238697 => 238698)
--- trunk/Source/WebCore/loader/ResourceTimingInformation.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/loader/ResourceTimingInformation.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -52,6 +52,9 @@
if (resource.wasCanceled())
return false;
+ if (resource.options().loadedFromOpaqueSource == LoadedFromOpaqueSource::Yes)
+ return false;
+
return true;
}
Modified: trunk/Source/WebCore/svg/SVGFontFaceUriElement.cpp (238697 => 238698)
--- trunk/Source/WebCore/svg/SVGFontFaceUriElement.cpp 2018-11-29 22:59:07 UTC (rev 238697)
+++ trunk/Source/WebCore/svg/SVGFontFaceUriElement.cpp 2018-11-29 23:06:43 UTC (rev 238698)
@@ -58,7 +58,7 @@
Ref<CSSFontFaceSrcValue> SVGFontFaceUriElement::srcValue() const
{
- auto src = "" XLinkNames::hrefAttr));
+ auto src = "" XLinkNames::hrefAttr), LoadedFromOpaqueSource::No);
AtomicString value(attributeWithoutSynchronization(formatAttr));
src.get().setFormat(value.isEmpty() ? "svg" : value); // Default format
return src;