diff options
Diffstat (limited to 'WebCore/bindings/ScriptControllerBase.cpp')
| -rw-r--r-- | WebCore/bindings/ScriptControllerBase.cpp | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/WebCore/bindings/ScriptControllerBase.cpp b/WebCore/bindings/ScriptControllerBase.cpp index cbd4214..9bea8ae 100644 --- a/WebCore/bindings/ScriptControllerBase.cpp +++ b/WebCore/bindings/ScriptControllerBase.cpp @@ -44,12 +44,12 @@ bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reaso return allowed; } -ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture) +ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture, ShouldAllowXSS shouldAllowXSS) { - return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->loader()->url())); + return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->loader()->url()), shouldAllowXSS); } -ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode) +ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode, ShouldAllowXSS shouldAllowXSS) { if (!canExecuteScripts(AboutToExecuteScript) || isPaused()) return ScriptValue(); @@ -57,7 +57,7 @@ ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode) bool wasInExecuteScript = m_inExecuteScript; m_inExecuteScript = true; - ScriptValue result = evaluate(sourceCode); + ScriptValue result = evaluate(sourceCode, shouldAllowXSS); if (!wasInExecuteScript) { m_inExecuteScript = false; @@ -80,10 +80,10 @@ bool ScriptController::executeIfJavaScriptURL(const KURL& url, bool userGesture, const int javascriptSchemeLength = sizeof("javascript:") - 1; - String script = decodeURLEscapeSequences(url.string().substring(javascriptSchemeLength)); + String decodedURL = decodeURLEscapeSequences(url.string()); ScriptValue result; - if (xssAuditor()->canEvaluateJavaScriptURL(script)) - result = executeScript(script, userGesture); + if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL)) + result = executeScript(decodedURL.substring(javascriptSchemeLength), userGesture, AllowXSS); String scriptResult; #if USE(JSC) |