Bug 1580710: Expose functionality on the CSP Object to allow skipping the inline style checks. r=bzbarsky

Differential Revision: https://phabricator.services.mozilla.com/D45631

--HG--
extra : moz-landing-system : lando

dom/interfaces/security/nsIContentSecurityPolicy.idl

@@ -256,6 +256,13 @@ interface nsIContentSecurityPolicy : nsISerializable
   [noscript] readonly attribute AString referrer;
   [noscript, notxpcom, nostdcall] readonly attribute unsigned long long innerWindowID;
 
+  /**
+   * Warning: Do not set that attribute unless you know exactly what you are doing!
+   *
+   * Primarily used to allow Devtools to edit inline styles!
+   */
+  [noscript, notxpcom, nostdcall] attribute boolean skipAllowInlineStyleCheck;
+
   /**
    *  Ensure we have a nsIEventTarget to use to label CSPReportSenderRunnable
    */

dom/security/nsCSPContext.cpp

@@ -249,6 +249,7 @@ NS_IMPL_ISUPPORTS_CI(nsCSPContext, nsIContentSecurityPolicy, nsISerializable)
 
 nsCSPContext::nsCSPContext()
     : mInnerWindowID(0),
+      mSkipAllowInlineStyleCheck(false),
       mLoadingContext(nullptr),
       mLoadingPrincipal(nullptr),
       mQueueUpMessages(true) {
@@ -310,6 +311,8 @@ nsresult nsCSPContext::InitFromOther(nsCSPContext* aOtherContext) {
   }
   NS_ENSURE_SUCCESS(rv, rv);
 
+  mSkipAllowInlineStyleCheck = aOtherContext->mSkipAllowInlineStyleCheck;
+
   for (auto policy : aOtherContext->mPolicies) {
     nsAutoString policyStr;
     policy->toString(policyStr);
@@ -867,6 +870,15 @@ nsCSPContext::GetReferrer(nsAString& outReferrer) {
 
 uint64_t nsCSPContext::GetInnerWindowID() { return mInnerWindowID; }
 
+bool nsCSPContext::GetSkipAllowInlineStyleCheck() {
+  return mSkipAllowInlineStyleCheck;
+}
+
+void nsCSPContext::SetSkipAllowInlineStyleCheck(
+    bool aSkipAllowInlineStyleCheck) {
+  mSkipAllowInlineStyleCheck = aSkipAllowInlineStyleCheck;
+}
+
 NS_IMETHODIMP
 nsCSPContext::EnsureEventTarget(nsIEventTarget* aEventTarget) {
   NS_ENSURE_ARG(aEventTarget);

dom/security/nsCSPContext.h

@@ -162,7 +162,8 @@ class nsCSPContext : public nsIContentSecurityPolicy {
                              uint32_t aLineNumber, uint32_t aColumnNumber);
 
   nsString mReferrer;
-  uint64_t mInnerWindowID;  // used for web console logging
+  uint64_t mInnerWindowID;          // used for web console logging
+  bool mSkipAllowInlineStyleCheck;  // used to allow Devtools to edit styles
   // When deserializing an nsCSPContext instance, we initially just keep the
   // policies unparsed. We will only reconstruct actual CSP policy instances
   // when there's an attempt to use the CSP. Given a better way to serialize/

ipc/glue/BackgroundUtils.cpp

@@ -193,6 +193,7 @@ already_AddRefed<nsIContentSecurityPolicy> CSPInfoToCSP(
       return nullptr;
     }
   }
+  csp->SetSkipAllowInlineStyleCheck(aCSPInfo.skipAllowInlineStyleCheck());
 
   for (uint32_t i = 0; i < aCSPInfo.policyInfos().Length(); i++) {
     const PolicyInfo& policyInfo = aCSPInfo.policyInfos()[i];
@@ -239,6 +240,7 @@ nsresult CSPToCSPInfo(nsIContentSecurityPolicy* aCSP, CSPInfo* aCSPInfo) {
   aCSP->GetReferrer(referrer);
 
   uint64_t windowID = aCSP->GetInnerWindowID();
+  bool skipAllowInlineStyleCheck = aCSP->GetSkipAllowInlineStyleCheck();
 
   nsTArray<PolicyInfo> policyInfos;
   for (uint32_t i = 0; i < count; ++i) {
@@ -251,8 +253,9 @@ nsresult CSPToCSPInfo(nsIContentSecurityPolicy* aCSP, CSPInfo* aCSPInfo) {
                                          policy->getReportOnlyFlag(),
                                          policy->getDeliveredViaMetaTagFlag()));
   }
-  *aCSPInfo = CSPInfo(std::move(policyInfos), requestingPrincipalInfo,
-                      selfURISpec, referrer, windowID);
+  *aCSPInfo =
+      CSPInfo(std::move(policyInfos), requestingPrincipalInfo, selfURISpec,
+              referrer, windowID, skipAllowInlineStyleCheck);
   return NS_OK;
 }
 

ipc/glue/PBackgroundSharedTypes.ipdlh

@@ -73,6 +73,7 @@ struct CSPInfo
   nsCString selfURISpec;
   nsString referrer;
   uint64_t innerWindowID;
+  bool skipAllowInlineStyleCheck;
 };
 
 } // namespace ipc

layout/style/nsStyleUtil.cpp

@@ -324,6 +324,11 @@ bool nsStyleUtil::CSPAllowsInlineStyle(
     return true;
   }
 
+  // Hack to allow Devtools to edit inline styles
+  if (csp->GetSkipAllowInlineStyleCheck()) {
+    return true;
+  }
+
   // query the nonce
   nsAutoString nonce;
   if (aElement && aElement->NodeInfo()->NameAtom() == nsGkAtoms::style) {