diff options
| author | Steve Block <steveblock@google.com> | 2011-05-18 13:36:51 +0100 |
|---|---|---|
| committer | Steve Block <steveblock@google.com> | 2011-05-24 15:38:28 +0100 |
| commit | 2fc2651226baac27029e38c9d6ef883fa32084db (patch) | |
| tree | e396d4bf89dcce6ed02071be66212495b1df1dec /Source/WebCore/bindings/js/ScriptController.cpp | |
| parent | b3725cedeb43722b3b175aaeff70552e562d2c94 (diff) | |
| download | external_webkit-2fc2651226baac27029e38c9d6ef883fa32084db.zip external_webkit-2fc2651226baac27029e38c9d6ef883fa32084db.tar.gz external_webkit-2fc2651226baac27029e38c9d6ef883fa32084db.tar.bz2 | |
Merge WebKit at r78450: Initial merge by git.
Change-Id: I6d3e5f1f868ec266a0aafdef66182ddc3f265dc1
Diffstat (limited to 'Source/WebCore/bindings/js/ScriptController.cpp')
| -rw-r--r-- | Source/WebCore/bindings/js/ScriptController.cpp | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/Source/WebCore/bindings/js/ScriptController.cpp b/Source/WebCore/bindings/js/ScriptController.cpp index cf55080..e7eafd0 100644 --- a/Source/WebCore/bindings/js/ScriptController.cpp +++ b/Source/WebCore/bindings/js/ScriptController.cpp @@ -40,7 +40,6 @@ #include "StorageNamespace.h" #include "UserGestureIndicator.h" #include "WebCoreJSClientData.h" -#include "XSSAuditor.h" #include "npruntime_impl.h" #include "runtime_root.h" #include <debugger/Debugger.h> @@ -72,7 +71,6 @@ ScriptController::ScriptController(Frame* frame) #if PLATFORM(MAC) , m_windowScriptObject(0) #endif - , m_XSSAuditor(new XSSAuditor(frame)) { #if PLATFORM(MAC) && ENABLE(JAVA_BRIDGE) static bool initializedJavaJSBindings; @@ -116,16 +114,11 @@ JSDOMWindowShell* ScriptController::createWindowShell(DOMWrapperWorld* world) return windowShell; } -ScriptValue ScriptController::evaluateInWorld(const ScriptSourceCode& sourceCode, DOMWrapperWorld* world, ShouldAllowXSS shouldAllowXSS) +ScriptValue ScriptController::evaluateInWorld(const ScriptSourceCode& sourceCode, DOMWrapperWorld* world) { const SourceCode& jsSourceCode = sourceCode.jsSourceCode(); String sourceURL = ustringToString(jsSourceCode.provider()->url()); - if (shouldAllowXSS == DoNotAllowXSS && !m_XSSAuditor->canEvaluate(sourceCode.source())) { - // This script is not safe to be evaluated. - return JSValue(); - } - // evaluate code. Returns the JS return value or 0 // if there was none, an error occurred or the type couldn't be converted. @@ -166,9 +159,9 @@ ScriptValue ScriptController::evaluateInWorld(const ScriptSourceCode& sourceCode return JSValue(); } -ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode, ShouldAllowXSS shouldAllowXSS) +ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode) { - return evaluateInWorld(sourceCode, mainThreadNormalWorld(), shouldAllowXSS); + return evaluateInWorld(sourceCode, mainThreadNormalWorld()); } PassRefPtr<DOMWrapperWorld> ScriptController::createWorld() @@ -497,7 +490,7 @@ void ScriptController::clearScriptObjects() #endif } -ScriptValue ScriptController::executeScriptInWorld(DOMWrapperWorld* world, const String& script, bool forceUserGesture, ShouldAllowXSS shouldAllowXSS) +ScriptValue ScriptController::executeScriptInWorld(DOMWrapperWorld* world, const String& script, bool forceUserGesture) { ScriptSourceCode sourceCode(script, forceUserGesture ? KURL() : m_frame->document()->url()); @@ -507,7 +500,7 @@ ScriptValue ScriptController::executeScriptInWorld(DOMWrapperWorld* world, const bool wasInExecuteScript = m_inExecuteScript; m_inExecuteScript = true; - ScriptValue result = evaluateInWorld(sourceCode, world, shouldAllowXSS); + ScriptValue result = evaluateInWorld(sourceCode, world); if (!wasInExecuteScript) { m_inExecuteScript = false; |