diff options
Diffstat (limited to 'WebCore/bindings/js/ScriptController.h')
| -rw-r--r-- | WebCore/bindings/js/ScriptController.h | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/WebCore/bindings/js/ScriptController.h b/WebCore/bindings/js/ScriptController.h index ed6c0a0..877eb9f 100644 --- a/WebCore/bindings/js/ScriptController.h +++ b/WebCore/bindings/js/ScriptController.h @@ -67,6 +67,12 @@ enum ReasonForCallingCanExecuteScripts { NotAboutToExecuteScript }; +// Whether to call the XSSAuditor to audit a script before passing it to the JavaScript engine. +enum ShouldAllowXSS { + AllowXSS, + DoNotAllowXSS +}; + class ScriptController { friend class ScriptCachedFrameData; typedef WTF::HashMap< RefPtr<DOMWrapperWorld>, JSC::ProtectedPtr<JSDOMWindowShell> > ShellMap; @@ -97,9 +103,9 @@ public: static void getAllWorlds(Vector<DOMWrapperWorld*>&); - ScriptValue executeScript(const ScriptSourceCode&); - ScriptValue executeScript(const String& script, bool forceUserGesture = false); - ScriptValue executeScriptInWorld(DOMWrapperWorld* world, const String& script, bool forceUserGesture = false); + ScriptValue executeScript(const ScriptSourceCode&, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); + ScriptValue executeScript(const String& script, bool forceUserGesture = false, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); + ScriptValue executeScriptInWorld(DOMWrapperWorld* world, const String& script, bool forceUserGesture = false, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); // Returns true if argument is a JavaScript URL. bool executeIfJavaScriptURL(const KURL&, bool userGesture = false, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL = ReplaceDocumentIfJavaScriptURL); @@ -108,8 +114,8 @@ public: // Darwin is an exception to this rule: it is OK to call this function from any thread, even reentrantly. static void initializeThreading(); - ScriptValue evaluate(const ScriptSourceCode&); - ScriptValue evaluateInWorld(const ScriptSourceCode&, DOMWrapperWorld*); + ScriptValue evaluate(const ScriptSourceCode&, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); + ScriptValue evaluateInWorld(const ScriptSourceCode&, DOMWrapperWorld*, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); void setEventHandlerLineNumber(int lineno) { m_handlerLineNumber = lineno; } int eventHandlerLineNumber() { return m_handlerLineNumber; } @@ -118,6 +124,7 @@ public: bool processingUserGesture(DOMWrapperWorld*) const; bool anyPageIsProcessingUserGesture() const; + static bool canAccessFromCurrentOrigin(Frame*); bool canExecuteScripts(ReasonForCallingCanExecuteScripts); // Debugger can be 0 to detach any existing Debugger. @@ -132,7 +139,7 @@ public: const String* sourceURL() const { return m_sourceURL; } // 0 if we are not evaluating any script - void clearWindowShell(); + void clearWindowShell(bool goingIntoPageCache = false); void updateDocument(); // Notifies the ScriptController that the securityOrigin of the current |