diff options
Diffstat (limited to 'Source/WebCore/bindings/js/JSLazyEventListener.cpp')
-rw-r--r-- | Source/WebCore/bindings/js/JSLazyEventListener.cpp | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/Source/WebCore/bindings/js/JSLazyEventListener.cpp b/Source/WebCore/bindings/js/JSLazyEventListener.cpp index 98db97a..5b17727 100644 --- a/Source/WebCore/bindings/js/JSLazyEventListener.cpp +++ b/Source/WebCore/bindings/js/JSLazyEventListener.cpp @@ -20,6 +20,7 @@ #include "config.h" #include "JSLazyEventListener.h" +#include "ContentSecurityPolicy.h" #include "Frame.h" #include "JSNode.h" #include <runtime/FunctionConstructor.h> @@ -74,36 +75,29 @@ JSObject* JSLazyEventListener::initializeJSFunction(ScriptExecutionContext* exec if (!executionContext) return 0; - Frame* frame = static_cast<Document*>(executionContext)->frame(); - if (!frame) + Document* document = static_cast<Document*>(executionContext); + + if (!document->frame()) + return 0; + + if (!document->contentSecurityPolicy()->allowInlineEventHandlers()) return 0; - ScriptController* scriptController = frame->script(); - if (!scriptController->canExecuteScripts(AboutToExecuteScript)) + ScriptController* script = document->frame()->script(); + if (!script->canExecuteScripts(AboutToExecuteScript) || script->isPaused()) return 0; JSDOMGlobalObject* globalObject = toJSDOMGlobalObject(executionContext, isolatedWorld()); if (!globalObject) return 0; - if (executionContext->isDocument()) { - JSDOMWindow* window = static_cast<JSDOMWindow*>(globalObject); - Frame* frame = window->impl()->frame(); - if (!frame) - return 0; - // FIXME: Is this check needed for non-Document contexts? - ScriptController* script = frame->script(); - if (!script->canExecuteScripts(AboutToExecuteScript) || script->isPaused()) - return 0; - } - ExecState* exec = globalObject->globalExec(); MarkedArgumentBuffer args; args.append(jsNontrivialString(exec, stringToUString(m_eventParameterName))); args.append(jsString(exec, m_code)); - JSObject* jsFunction = constructFunction(exec, args, Identifier(exec, stringToUString(m_functionName)), stringToUString(m_sourceURL), m_lineNumber); // FIXME: is globalExec ok? + JSObject* jsFunction = constructFunction(exec, exec->lexicalGlobalObject(), args, Identifier(exec, stringToUString(m_functionName)), stringToUString(m_sourceURL), m_lineNumber); // FIXME: is globalExec ok? if (exec->hadException()) { exec->clearException(); return 0; |