diff options
| author | Steve Block <steveblock@google.com> | 2011-05-06 11:45:16 +0100 |
|---|---|---|
| committer | Steve Block <steveblock@google.com> | 2011-05-12 13:44:10 +0100 |
| commit | cad810f21b803229eb11403f9209855525a25d57 (patch) | |
| tree | 29a6fd0279be608e0fe9ffe9841f722f0f4e4269 /Source/WebCore/bindings/ScriptControllerBase.cpp | |
| parent | 121b0cf4517156d0ac5111caf9830c51b69bae8f (diff) | |
| download | external_webkit-cad810f21b803229eb11403f9209855525a25d57.zip external_webkit-cad810f21b803229eb11403f9209855525a25d57.tar.gz external_webkit-cad810f21b803229eb11403f9209855525a25d57.tar.bz2 | |
Merge WebKit at r75315: Initial merge by git.
Change-Id: I570314b346ce101c935ed22a626b48c2af266b84
Diffstat (limited to 'Source/WebCore/bindings/ScriptControllerBase.cpp')
| -rw-r--r-- | Source/WebCore/bindings/ScriptControllerBase.cpp | 120 |
1 files changed, 120 insertions, 0 deletions
diff --git a/Source/WebCore/bindings/ScriptControllerBase.cpp b/Source/WebCore/bindings/ScriptControllerBase.cpp new file mode 100644 index 0000000..a77ff9c --- /dev/null +++ b/Source/WebCore/bindings/ScriptControllerBase.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) + * Copyright (C) 2001 Peter Kelly (pmk@post.com) + * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "config.h" +#include "ScriptController.h" + +#include "Frame.h" +#include "FrameLoaderClient.h" +#include "Page.h" +#include "ScriptSourceCode.h" +#include "ScriptValue.h" +#include "Settings.h" +#include "XSSAuditor.h" + +namespace WebCore { + +bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason) +{ + // FIXME: We should get this information from the document instead of the frame. + if (m_frame->loader()->isSandboxed(SandboxScripts)) + return false; + + Settings* settings = m_frame->settings(); + const bool allowed = m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled()); + if (!allowed && reason == AboutToExecuteScript) + m_frame->loader()->client()->didNotAllowScript(); + return allowed; +} + +ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture, ShouldAllowXSS shouldAllowXSS) +{ + return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->document()->url()), shouldAllowXSS); +} + +ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode, ShouldAllowXSS shouldAllowXSS) +{ + if (!canExecuteScripts(AboutToExecuteScript) || isPaused()) + return ScriptValue(); + + bool wasInExecuteScript = m_inExecuteScript; + m_inExecuteScript = true; + + ScriptValue result = evaluate(sourceCode, shouldAllowXSS); + + if (!wasInExecuteScript) { + m_inExecuteScript = false; + Document::updateStyleForAllDocuments(); + } + + return result; +} + +bool ScriptController::executeIfJavaScriptURL(const KURL& url, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL) +{ + if (!protocolIsJavaScript(url)) + return false; + + if (!m_frame->page()) + return true; + + if (!m_frame->page()->javaScriptURLsAreAllowed()) + return true; + + if (m_frame->inViewSourceMode()) + return true; + + // We need to hold onto the Frame here because executing script can + // destroy the frame. + RefPtr<Frame> protector(m_frame); + + const int javascriptSchemeLength = sizeof("javascript:") - 1; + + String decodedURL = decodeURLEscapeSequences(url.string()); + ScriptValue result; + if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL)) + result = executeScript(decodedURL.substring(javascriptSchemeLength), processingUserGesture(), AllowXSS); + + // If executing script caused this frame to be removed from the page, we + // don't want to try to replace its document! + if (!m_frame->page()) + return true; + + String scriptResult; +#if USE(JSC) + JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld()); + JSC::ExecState* exec = shell->window()->globalExec(); + if (!result.getString(exec, scriptResult)) + return true; +#else + if (!result.getString(scriptResult)) + return true; +#endif + + // FIXME: We should always replace the document, but doing so + // synchronously can cause crashes: + // http://bugs.webkit.org/show_bug.cgi?id=16782 + if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) + m_frame->loader()->writer()->replaceDocument(scriptResult); + + return true; +} + +} // namespace WebCore |