| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2009 Apple Inc. All rights reserved. |
| 4 * Copyright (C) 2014 Opera Software ASA. All rights reserved. | 4 * Copyright (C) 2014 Opera Software ASA. All rights reserved. |
| 5 * | 5 * |
| 6 * Redistribution and use in source and binary forms, with or without | 6 * Redistribution and use in source and binary forms, with or without |
| 7 * modification, are permitted provided that the following conditions are | 7 * modification, are permitted provided that the following conditions are |
| 8 * met: | 8 * met: |
| 9 * | 9 * |
| 10 * * Redistributions of source code must retain the above copyright | 10 * * Redistributions of source code must retain the above copyright |
| (...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 | 245 |
| 246 void ScriptController::updateDocument() { | 246 void ScriptController::updateDocument() { |
| 247 m_windowProxyManager->mainWorldProxy()->updateDocument(); | 247 m_windowProxyManager->mainWorldProxy()->updateDocument(); |
| 248 } | 248 } |
| 249 | 249 |
| 250 bool ScriptController::executeScriptIfJavaScriptURL(const KURL& url, | 250 bool ScriptController::executeScriptIfJavaScriptURL(const KURL& url, |
| 251 Element* element) { | 251 Element* element) { |
| 252 if (!url.protocolIsJavaScript()) | 252 if (!url.protocolIsJavaScript()) |
| 253 return false; | 253 return false; |
| 254 | 254 |
| 255 const int javascriptSchemeLength = sizeof("javascript:") - 1; |
| 256 String scriptSource = decodeURLEscapeSequences(url.getString()) |
| 257 .substring(javascriptSchemeLength); |
| 258 |
| 255 bool shouldBypassMainWorldContentSecurityPolicy = | 259 bool shouldBypassMainWorldContentSecurityPolicy = |
| 256 ContentSecurityPolicy::shouldBypassMainWorld(frame()->document()); | 260 ContentSecurityPolicy::shouldBypassMainWorld(frame()->document()); |
| 257 if (!frame()->page() || | 261 if (!frame()->page() || |
| 258 (!shouldBypassMainWorldContentSecurityPolicy && | 262 (!shouldBypassMainWorldContentSecurityPolicy && |
| 259 !frame()->document()->contentSecurityPolicy()->allowJavaScriptURLs( | 263 !frame()->document()->contentSecurityPolicy()->allowJavaScriptURLs( |
| 260 element, frame()->document()->url(), | 264 element, scriptSource, frame()->document()->url(), |
| 261 eventHandlerPosition().m_line))) { | 265 eventHandlerPosition().m_line))) { |
| 262 return true; | 266 return true; |
| 263 } | 267 } |
| 264 | 268 |
| 265 bool progressNotificationsNeeded = | 269 bool progressNotificationsNeeded = |
| 266 frame()->loader().stateMachine()->isDisplayingInitialEmptyDocument() && | 270 frame()->loader().stateMachine()->isDisplayingInitialEmptyDocument() && |
| 267 !frame()->isLoading(); | 271 !frame()->isLoading(); |
| 268 if (progressNotificationsNeeded) | 272 if (progressNotificationsNeeded) |
| 269 frame()->loader().progress().progressStarted(FrameLoadTypeStandard); | 273 frame()->loader().progress().progressStarted(FrameLoadTypeStandard); |
| 270 | 274 |
| 271 Document* ownerDocument = frame()->document(); | 275 Document* ownerDocument = frame()->document(); |
| 272 | 276 |
| 273 const int javascriptSchemeLength = sizeof("javascript:") - 1; | |
| 274 | |
| 275 bool locationChangeBefore = | 277 bool locationChangeBefore = |
| 276 frame()->navigationScheduler().locationChangePending(); | 278 frame()->navigationScheduler().locationChangePending(); |
| 277 | 279 |
| 278 String decodedURL = decodeURLEscapeSequences(url.getString()); | |
| 279 v8::HandleScope handleScope(isolate()); | 280 v8::HandleScope handleScope(isolate()); |
| 280 v8::Local<v8::Value> result = evaluateScriptInMainWorld( | 281 v8::Local<v8::Value> result = evaluateScriptInMainWorld( |
| 281 ScriptSourceCode(decodedURL.substring(javascriptSchemeLength)), | 282 ScriptSourceCode(scriptSource), NotSharableCrossOrigin, |
| 282 NotSharableCrossOrigin, DoNotExecuteScriptWhenScriptsDisabled); | 283 DoNotExecuteScriptWhenScriptsDisabled); |
| 283 | 284 |
| 284 // If executing script caused this frame to be removed from the page, we | 285 // If executing script caused this frame to be removed from the page, we |
| 285 // don't want to try to replace its document! | 286 // don't want to try to replace its document! |
| 286 if (!frame()->page()) | 287 if (!frame()->page()) |
| 287 return true; | 288 return true; |
| 288 | 289 |
| 289 if (result.IsEmpty() || !result->IsString()) { | 290 if (result.IsEmpty() || !result->IsString()) { |
| 290 if (progressNotificationsNeeded) | 291 if (progressNotificationsNeeded) |
| 291 frame()->loader().progress().progressCompleted(); | 292 frame()->loader().progress().progressCompleted(); |
| 292 return true; | 293 return true; |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 381 for (size_t i = 0; i < resultArray->Length(); ++i) { | 382 for (size_t i = 0; i < resultArray->Length(); ++i) { |
| 382 v8::Local<v8::Value> value; | 383 v8::Local<v8::Value> value; |
| 383 if (!resultArray->Get(scriptState->context(), i).ToLocal(&value)) | 384 if (!resultArray->Get(scriptState->context(), i).ToLocal(&value)) |
| 384 return; | 385 return; |
| 385 results->push_back(value); | 386 results->push_back(value); |
| 386 } | 387 } |
| 387 } | 388 } |
| 388 } | 389 } |
| 389 | 390 |
| 390 } // namespace blink | 391 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2436003002:
CSP: Add 'script-sample' to violation reports. (Closed)
