summaryrefslogtreecommitdiffstats
path: root/WebCore/bindings/v8/ScriptController.h
diff options
context:
space:
mode:
Diffstat (limited to 'WebCore/bindings/v8/ScriptController.h')
-rw-r--r--WebCore/bindings/v8/ScriptController.h16
1 files changed, 12 insertions, 4 deletions
diff --git a/WebCore/bindings/v8/ScriptController.h b/WebCore/bindings/v8/ScriptController.h
index 1400134..ee39e9a 100644
--- a/WebCore/bindings/v8/ScriptController.h
+++ b/WebCore/bindings/v8/ScriptController.h
@@ -60,6 +60,12 @@ enum ReasonForCallingCanExecuteScripts {
NotAboutToExecuteScript
};
+// Whether to call the XSSAuditor to audit a script before passing it to the JavaScript engine.
+enum ShouldAllowXSS {
+ AllowXSS,
+ DoNotAllowXSS
+};
+
class ScriptController {
public:
ScriptController(Frame*);
@@ -69,8 +75,8 @@ public:
// or this accessor should be made JSProxy*
V8Proxy* proxy() { return m_proxy.get(); }
- ScriptValue executeScript(const ScriptSourceCode&);
- ScriptValue executeScript(const String& script, bool forceUserGesture = false);
+ ScriptValue executeScript(const ScriptSourceCode&, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS);
+ ScriptValue executeScript(const String& script, bool forceUserGesture = false, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS);
// Returns true if argument is a JavaScript URL.
bool executeIfJavaScriptURL(const KURL&, bool userGesture = false, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL = ReplaceDocumentIfJavaScriptURL);
@@ -81,7 +87,7 @@ public:
// Evaluate a script file in the environment of this proxy.
// If succeeded, 'succ' is set to true and result is returned
// as a string.
- ScriptValue evaluate(const ScriptSourceCode&);
+ ScriptValue evaluate(const ScriptSourceCode&, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS);
void evaluateInIsolatedWorld(unsigned worldID, const Vector<ScriptSourceCode>&);
@@ -118,6 +124,8 @@ public:
// Check if the javascript engine has been initialized.
bool haveInterpreter() const;
+ static bool canAccessFromCurrentOrigin(Frame*);
+
bool canExecuteScripts(ReasonForCallingCanExecuteScripts);
// FIXME: void* is a compile hack.
@@ -158,7 +166,7 @@ public:
const String* sourceURL() const { return m_sourceURL; } // 0 if we are not evaluating any script.
- void clearWindowShell();
+ void clearWindowShell(bool = false);
void updateDocument();
void updateSecurityOrigin();
generated by cgit v1.1 at 2024-06-07 21:47:49 +0000