Revert CSP application to `DOMParser.parseFromString`.

This patch partially reverts [1], which began applying the context document's CSP to the document fragment produced from `DOMParser.parseFromString`. This application broke the expectations of GMail's dynamic email feature, and we ought to pull it out until we understand whether our CSP implementation is wrong, or whether GMail is wrong. [1]: https://chromium-review.googlesource.com/c/chromium/src/+/1917532 Bug: 1030830, 951536 Change-Id: Id7e86ca85df8790bb58fda15827a3f34e00239fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1975710Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#726326}

Revert CSP application to `DOMParser.parseFromString`.
This patch partially reverts [1], which began applying the context document's CSP to the document fragment produced from `DOMParser.parseFromString`. This application broke the expectations of GMail's dynamic email feature, and we ought to pull it out until we understand whether our CSP implementation is wrong, or whether GMail is wrong. [1]: https://chromium-review.googlesource.com/c/chromium/src/+/1917532 Bug: 1030830, 951536 Change-Id: Id7e86ca85df8790bb58fda15827a3f34e00239fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1975710Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#726326}
748c18c4 · Mike West · Commit Bot · 5dbc7c51 · 748c18c4 · 748c18c4
Commit 748c18c4 authored Dec 19, 2019 by Mike West Committed by Commit Bot Dec 19, 2019
2 changed files
--- a/third_party/blink/renderer/core/xml/dom_parser.cc
+++ b/third_party/blink/renderer/core/xml/dom_parser.cc
@@ -46,8 +46,7 @@ Document* DOMParser::parseFromStringInternal(const String& str,
      type,
      DocumentInit::Create()
          .WithContextDocument(context_document_)
-          .WithOwnerDocument(context_document_)
+          .WithOwnerDocument(context_document_),
-          .WithContentSecurityPolicyFromContextDoc(),
      false);
  doc->SetContent(str);
  doc->SetMimeType(AtomicString(type));

--- a/third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-createHTMLDocument.tentative-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-createHTMLDocument.tentative-expected.txt
+This is a testharness.js-based test.
+PASS Trusted Type assignment is blocked. (document)
+PASS Trusted Type instances created in the main doc can be used. (document)
+PASS Trusted Type assignment is blocked. (createHTMLDocument)
+PASS Trusted Type instances created in the main doc can be used. (createHTMLDocument)
+FAIL Trusted Type assignment is blocked. (DOMParser) assert_throws: function "_ => { doc.createElement("script").textContent = "2+2"; }" did not throw
+FAIL Trusted Type instances created in the main doc can be used. (DOMParser) assert_throws: function "_ => { doc.body.innerHTML = "world"; }" did not throw
+PASS Trusted Type assignment is blocked. (XHR)
+PASS Trusted Type instances created in the main doc can be used. (XHR)
+PASS Install default policy.
+PASS Default policy applies. (document)
+PASS Default policy applies. (createHTMLDocument)
+PASS Default policy applies. (DOMParser)
+PASS Default policy applies. (XHR)
+Harness: the test ran to completion.