diff options
| author | Steve Block <steveblock@google.com> | 2011-05-13 06:44:40 -0700 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2011-05-13 06:44:40 -0700 |
| commit | 08014c20784f3db5df3a89b73cce46037b77eb59 (patch) | |
| tree | 47749210d31e19e6e2f64036fa8fae2ad693476f /Source/WebCore/bindings/ScriptControllerBase.cpp | |
| parent | 860220379e56aeb66424861ad602b07ee22b4055 (diff) | |
| parent | 4c3661f7918f8b3f139f824efb7855bedccb4c94 (diff) | |
| download | external_webkit-08014c20784f3db5df3a89b73cce46037b77eb59.zip external_webkit-08014c20784f3db5df3a89b73cce46037b77eb59.tar.gz external_webkit-08014c20784f3db5df3a89b73cce46037b77eb59.tar.bz2 | |
Merge changes Ide388898,Ic49f367c,I1158a808,Iacb6ca5d,I2100dd3a,I5c1abe54,Ib0ef9902,I31dbc523,I570314b3
* changes:
Merge WebKit at r75315: Update WebKit version
Merge WebKit at r75315: Add FrameLoaderClient PageCache stubs
Merge WebKit at r75315: Stub out AXObjectCache::remove()
Merge WebKit at r75315: Fix ImageBuffer
Merge WebKit at r75315: Fix PluginData::initPlugins()
Merge WebKit at r75315: Fix conflicts
Merge WebKit at r75315: Fix Makefiles
Merge WebKit at r75315: Move Android-specific WebCore files to Source
Merge WebKit at r75315: Initial merge by git.
Diffstat (limited to 'Source/WebCore/bindings/ScriptControllerBase.cpp')
| -rw-r--r-- | Source/WebCore/bindings/ScriptControllerBase.cpp | 120 |
1 files changed, 120 insertions, 0 deletions
diff --git a/Source/WebCore/bindings/ScriptControllerBase.cpp b/Source/WebCore/bindings/ScriptControllerBase.cpp new file mode 100644 index 0000000..a77ff9c --- /dev/null +++ b/Source/WebCore/bindings/ScriptControllerBase.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) + * Copyright (C) 2001 Peter Kelly (pmk@post.com) + * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "config.h" +#include "ScriptController.h" + +#include "Frame.h" +#include "FrameLoaderClient.h" +#include "Page.h" +#include "ScriptSourceCode.h" +#include "ScriptValue.h" +#include "Settings.h" +#include "XSSAuditor.h" + +namespace WebCore { + +bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason) +{ + // FIXME: We should get this information from the document instead of the frame. + if (m_frame->loader()->isSandboxed(SandboxScripts)) + return false; + + Settings* settings = m_frame->settings(); + const bool allowed = m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled()); + if (!allowed && reason == AboutToExecuteScript) + m_frame->loader()->client()->didNotAllowScript(); + return allowed; +} + +ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture, ShouldAllowXSS shouldAllowXSS) +{ + return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->document()->url()), shouldAllowXSS); +} + +ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode, ShouldAllowXSS shouldAllowXSS) +{ + if (!canExecuteScripts(AboutToExecuteScript) || isPaused()) + return ScriptValue(); + + bool wasInExecuteScript = m_inExecuteScript; + m_inExecuteScript = true; + + ScriptValue result = evaluate(sourceCode, shouldAllowXSS); + + if (!wasInExecuteScript) { + m_inExecuteScript = false; + Document::updateStyleForAllDocuments(); + } + + return result; +} + +bool ScriptController::executeIfJavaScriptURL(const KURL& url, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL) +{ + if (!protocolIsJavaScript(url)) + return false; + + if (!m_frame->page()) + return true; + + if (!m_frame->page()->javaScriptURLsAreAllowed()) + return true; + + if (m_frame->inViewSourceMode()) + return true; + + // We need to hold onto the Frame here because executing script can + // destroy the frame. + RefPtr<Frame> protector(m_frame); + + const int javascriptSchemeLength = sizeof("javascript:") - 1; + + String decodedURL = decodeURLEscapeSequences(url.string()); + ScriptValue result; + if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL)) + result = executeScript(decodedURL.substring(javascriptSchemeLength), processingUserGesture(), AllowXSS); + + // If executing script caused this frame to be removed from the page, we + // don't want to try to replace its document! + if (!m_frame->page()) + return true; + + String scriptResult; +#if USE(JSC) + JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld()); + JSC::ExecState* exec = shell->window()->globalExec(); + if (!result.getString(exec, scriptResult)) + return true; +#else + if (!result.getString(scriptResult)) + return true; +#endif + + // FIXME: We should always replace the document, but doing so + // synchronously can cause crashes: + // http://bugs.webkit.org/show_bug.cgi?id=16782 + if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) + m_frame->loader()->writer()->replaceDocument(scriptResult); + + return true; +} + +} // namespace WebCore |