summaryrefslogtreecommitdiffstats
path: root/Source/WebCore/loader/SubframeLoader.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'Source/WebCore/loader/SubframeLoader.cpp')
-rw-r--r--Source/WebCore/loader/SubframeLoader.cpp9
1 files changed, 7 insertions, 2 deletions
diff --git a/Source/WebCore/loader/SubframeLoader.cpp b/Source/WebCore/loader/SubframeLoader.cpp
index e7f851f..d290765 100644
--- a/Source/WebCore/loader/SubframeLoader.cpp
+++ b/Source/WebCore/loader/SubframeLoader.cpp
@@ -33,6 +33,7 @@
#include "config.h"
#include "SubframeLoader.h"
+#include "ContentSecurityPolicy.h"
#include "Frame.h"
#include "FrameLoaderClient.h"
#include "HTMLAppletElement.h"
@@ -109,8 +110,12 @@ bool SubframeLoader::requestPlugin(HTMLPlugInImageElement* ownerElement, const K
|| (!settings->isJavaEnabled() && MIMETypeRegistry::isJavaAppletMIMEType(mimeType)))
return false;
- if (m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(SandboxPlugins))
- return false;
+ if (m_frame->document()) {
+ if (m_frame->document()->securityOrigin()->isSandboxed(SandboxPlugins))
+ return false;
+ if (!m_frame->document()->contentSecurityPolicy()->allowObjectFromSource(url))
+ return false;
+ }
ASSERT(ownerElement->hasTagName(objectTag) || ownerElement->hasTagName(embedTag));
return loadPlugin(ownerElement, url, mimeType, paramNames, paramValues, useFallback);
generated by cgit v1.1 at 2024-05-23 05:02:14 +0000