Remove InlineType argument from AllowInlineScript()

It's always InlineType::kBlock. Bug: 934651 Change-Id: I12090136c066387c004e09de63d0286daac12f9f Reviewed-on: https://chromium-review.googlesource.com/c/1485126 Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Cr-Commit-Position: refs/heads/master@{#636636}

Remove InlineType argument from AllowInlineScript()
It's always InlineType::kBlock. Bug: 934651 Change-Id: I12090136c066387c004e09de63d0286daac12f9f Reviewed-on: https://chromium-review.googlesource.com/c/1485126 Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Cr-Commit-Position: refs/heads/master@{#636636}
e1e4f5b3 · Hiroshige Hayashizaki · Commit Bot · 07c6baec · e1e4f5b3 · e1e4f5b3
Commit e1e4f5b3 authored Mar 01, 2019 by Hiroshige Hayashizaki Committed by Commit Bot Mar 01, 2019
11 changed files
--- a/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
@@ -540,7 +540,6 @@ bool ContentSecurityPolicy::AllowInlineScript(
    const String& nonce,
    const WTF::OrdinalNumber& context_line,
    const String& script_content,
-    InlineType inline_type,
    SecurityViolationReportingPolicy reporting_policy) const {
  DCHECK(element);
@@ -551,7 +550,8 @@ bool ContentSecurityPolicy::AllowInlineScript(
  bool is_allowed = true;
  for (const auto& policy : policies_) {
    is_allowed &=
-        CheckScriptHashAgainstPolicy(csp_hash_values, policy, inline_type) ||
+        CheckScriptHashAgainstPolicy(csp_hash_values, policy,
+                                     InlineType::kBlock) ||
        policy->AllowInlineScript(element, context_url, nonce, context_line,
                                  reporting_policy, script_content);
  }

--- a/third_party/blink/renderer/core/frame/csp/content_security_policy.h
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy.h
@@ -355,7 +355,6 @@ class CORE_EXPORT ContentSecurityPolicy
                         const String& nonce,
                         const WTF::OrdinalNumber& context_line,
                         const String& script_content,
-                         InlineType,
                         SecurityViolationReportingPolicy =
                             SecurityViolationReportingPolicy::kReport) const;
  bool AllowInlineStyle(Element*,

--- a/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc
@@ -732,10 +732,9 @@ TEST_F(ContentSecurityPolicyTest, NonceInline) {
    policy->DidReceiveHeader(String("script-src ") + test.policy,
                             kContentSecurityPolicyHeaderTypeEnforce,
                             kContentSecurityPolicyHeaderSourceHTTP);
-    EXPECT_EQ(test.allowed,
+    EXPECT_EQ(test.allowed, policy->AllowInlineScript(element, context_url,
-              policy->AllowInlineScript(
+                                                      String(test.nonce),
-                  element, context_url, String(test.nonce), context_line,
+                                                      context_line, content));
-                  content, ContentSecurityPolicy::InlineType::kBlock));
    EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
    // Enforce 'style-src'
@@ -757,8 +756,7 @@ TEST_F(ContentSecurityPolicyTest, NonceInline) {
                             kContentSecurityPolicyHeaderTypeReport,
                             kContentSecurityPolicyHeaderSourceHTTP);
    EXPECT_TRUE(policy->AllowInlineScript(
-        element, context_url, String(test.nonce), context_line, content,
+        element, context_url, String(test.nonce), context_line, content));
-        ContentSecurityPolicy::InlineType::kBlock));
    EXPECT_EQ(expected_reports, policy->violation_reports_sent_.size());
    // Report 'style-src'
@@ -1550,9 +1548,8 @@ TEST_F(ContentSecurityPolicyTest, EmptyCSPIsNoOp) {
  EXPECT_TRUE(csp->AllowScriptFromSource(
      example_url, nonce, IntegrityMetadataSet(), kParserInserted));
  EXPECT_TRUE(csp->AllowStyleFromSource(example_url, nonce));
-  EXPECT_TRUE(csp->AllowInlineScript(
+  EXPECT_TRUE(csp->AllowInlineScript(element, context_url, nonce,
-      element, context_url, nonce, ordinal_number, source,
+                                     ordinal_number, source));
-      ContentSecurityPolicy::InlineType::kBlock));
  EXPECT_TRUE(csp->AllowInlineStyle(element, context_url, nonce, ordinal_number,
                                    source,
                                    ContentSecurityPolicy::InlineType::kBlock));

--- a/third_party/blink/renderer/core/html/html_script_element.cc
+++ b/third_party/blink/renderer/core/html/html_script_element.cc
@@ -243,11 +243,9 @@ const AtomicString& HTMLScriptElement::GetNonceForElement() const {
 bool HTMLScriptElement::AllowInlineScriptForCSP(
    const AtomicString& nonce,
    const WTF::OrdinalNumber& context_line,
-    const String& script_content,
+    const String& script_content) {
-    ContentSecurityPolicy::InlineType inline_type) {
  return GetDocument().GetContentSecurityPolicy()->AllowInlineScript(
-      this, GetDocument().Url(), nonce, context_line, script_content,
+      this, GetDocument().Url(), nonce, context_line, script_content);
-      inline_type);
 }
 Document& HTMLScriptElement::GetDocument() const {

--- a/third_party/blink/renderer/core/html/html_script_element.h
+++ b/third_party/blink/renderer/core/html/html_script_element.h
@@ -101,8 +101,7 @@ class CORE_EXPORT HTMLScriptElement final : public HTMLElement,
  }
  bool AllowInlineScriptForCSP(const AtomicString& nonce,
                               const WTF::OrdinalNumber&,
-                               const String& script_content,
+                               const String& script_content) override;
-                               ContentSecurityPolicy::InlineType) override;
  void DispatchLoadEvent() override;
  void DispatchErrorEvent() override;
  void SetScriptElementForBinding(

--- a/third_party/blink/renderer/core/loader/http_equiv.cc
+++ b/third_party/blink/renderer/core/loader/http_equiv.cc
@@ -184,7 +184,6 @@ void HttpEquiv::ProcessHttpEquivRefresh(Document& document,
  UseCounter::Count(document, WebFeature::kMetaRefresh);
  if (!document.GetContentSecurityPolicy()->AllowInlineScript(
          element, NullURL(), "", OrdinalNumber(), "",
-          ContentSecurityPolicy::InlineType::kBlock,
          SecurityViolationReportingPolicy::kSuppressReporting)) {
    UseCounter::Count(document,
                      WebFeature::kMetaRefreshWhenCSPBlocksInlineScript);
@@ -200,7 +199,6 @@ void HttpEquiv::ProcessHttpEquivSetCookie(Document& document,
  if (!document.GetContentSecurityPolicy()->AllowInlineScript(
          element, NullURL(), "", OrdinalNumber(), "",
-          ContentSecurityPolicy::InlineType::kBlock,
          SecurityViolationReportingPolicy::kSuppressReporting)) {
    UseCounter::Count(document,
                      WebFeature::kMetaSetCookieWhenCSPBlocksInlineScript);

--- a/third_party/blink/renderer/core/script/mock_script_element_base.h
+++ b/third_party/blink/renderer/core/script/mock_script_element_base.h
@@ -46,11 +46,10 @@ class MockScriptElementBase
  MOCK_CONST_METHOD0(GetNonceForElement, const AtomicString&());
  MOCK_CONST_METHOD0(ElementHasDuplicateAttributes, bool());
  MOCK_CONST_METHOD0(InitiatorName, AtomicString());
-  MOCK_METHOD4(AllowInlineScriptForCSP,
+  MOCK_METHOD3(AllowInlineScriptForCSP,
               bool(const AtomicString&,
                    const WTF::OrdinalNumber&,
-                    const String&,
+                    const String&));
-                    ContentSecurityPolicy::InlineType));
  MOCK_CONST_METHOD0(GetDocument, Document&());
  MOCK_METHOD1(SetScriptElementForBinding,
               void(HTMLScriptElementOrSVGScriptElement&));

--- a/third_party/blink/renderer/core/script/pending_script.cc
+++ b/third_party/blink/renderer/core/script/pending_script.cc
@@ -160,9 +160,8 @@ void PendingScript::ExecuteScriptBlock(const KURL& document_url) {
    AtomicString nonce = element_->GetNonceForElement();
    if (!should_bypass_main_world_csp &&
-        !element_->AllowInlineScriptForCSP(
+        !element_->AllowInlineScriptForCSP(nonce, StartingPosition().line_,
-            nonce, StartingPosition().line_, script->InlineSourceTextForCSP(),
+                                           script->InlineSourceTextForCSP())) {
-            ContentSecurityPolicy::InlineType::kBlock)) {
      // Consider as if:
      //
      // <spec step="2">If the script's script is null, ...</spec>

--- a/third_party/blink/renderer/core/script/script_element_base.h
+++ b/third_party/blink/renderer/core/script/script_element_base.h
@@ -22,7 +22,6 @@
 #define THIRD_PARTY_BLINK_RENDERER_CORE_SCRIPT_SCRIPT_ELEMENT_BASE_H_
 #include "third_party/blink/renderer/core/core_export.h"
-#include "third_party/blink/renderer/core/frame/csp/content_security_policy.h"
 #include "third_party/blink/renderer/platform/heap/handle.h"
 #include "third_party/blink/renderer/platform/heap/heap.h"
 #include "third_party/blink/renderer/platform/wtf/text/atomic_string.h"
@@ -62,8 +61,7 @@ class CORE_EXPORT ScriptElementBase : public GarbageCollectedMixin {
  virtual bool AllowInlineScriptForCSP(const AtomicString& nonce,
                                       const WTF::OrdinalNumber&,
-                                       const String& script_content,
+                                       const String& script_content) = 0;
-                                       ContentSecurityPolicy::InlineType) = 0;
  virtual Document& GetDocument() const = 0;
  virtual void SetScriptElementForBinding(
      HTMLScriptElementOrSVGScriptElement&) = 0;

--- a/third_party/blink/renderer/core/svg/svg_script_element.cc
+++ b/third_party/blink/renderer/core/svg/svg_script_element.cc
@@ -136,11 +136,9 @@ const AtomicString& SVGScriptElement::GetNonceForElement() const {
 bool SVGScriptElement::AllowInlineScriptForCSP(
    const AtomicString& nonce,
    const WTF::OrdinalNumber& context_line,
-    const String& script_content,
+    const String& script_content) {
-    ContentSecurityPolicy::InlineType inline_type) {
  return GetDocument().GetContentSecurityPolicy()->AllowInlineScript(
-      this, GetDocument().Url(), nonce, context_line, script_content,
+      this, GetDocument().Url(), nonce, context_line, script_content);
-      inline_type);
 }
 Document& SVGScriptElement::GetDocument() const {

--- a/third_party/blink/renderer/core/svg/svg_script_element.h
+++ b/third_party/blink/renderer/core/svg/svg_script_element.h
@@ -91,8 +91,7 @@ class SVGScriptElement final : public SVGElement,
  }
  bool AllowInlineScriptForCSP(const AtomicString& nonce,
                               const WTF::OrdinalNumber&,
-                               const String& script_content,
+                               const String& script_content) override;
-                               ContentSecurityPolicy::InlineType) override;
  Document& GetDocument() const override;
  void DispatchLoadEvent() override;
  void DispatchErrorEvent() override;