diff options
Diffstat (limited to 'WebCore/bindings/v8/ScriptController.h')
-rw-r--r-- | WebCore/bindings/v8/ScriptController.h | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/WebCore/bindings/v8/ScriptController.h b/WebCore/bindings/v8/ScriptController.h index 1400134..ee39e9a 100644 --- a/WebCore/bindings/v8/ScriptController.h +++ b/WebCore/bindings/v8/ScriptController.h @@ -60,6 +60,12 @@ enum ReasonForCallingCanExecuteScripts { NotAboutToExecuteScript }; +// Whether to call the XSSAuditor to audit a script before passing it to the JavaScript engine. +enum ShouldAllowXSS { + AllowXSS, + DoNotAllowXSS +}; + class ScriptController { public: ScriptController(Frame*); @@ -69,8 +75,8 @@ public: // or this accessor should be made JSProxy* V8Proxy* proxy() { return m_proxy.get(); } - ScriptValue executeScript(const ScriptSourceCode&); - ScriptValue executeScript(const String& script, bool forceUserGesture = false); + ScriptValue executeScript(const ScriptSourceCode&, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); + ScriptValue executeScript(const String& script, bool forceUserGesture = false, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); // Returns true if argument is a JavaScript URL. bool executeIfJavaScriptURL(const KURL&, bool userGesture = false, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL = ReplaceDocumentIfJavaScriptURL); @@ -81,7 +87,7 @@ public: // Evaluate a script file in the environment of this proxy. // If succeeded, 'succ' is set to true and result is returned // as a string. - ScriptValue evaluate(const ScriptSourceCode&); + ScriptValue evaluate(const ScriptSourceCode&, ShouldAllowXSS shouldAllowXSS = DoNotAllowXSS); void evaluateInIsolatedWorld(unsigned worldID, const Vector<ScriptSourceCode>&); @@ -118,6 +124,8 @@ public: // Check if the javascript engine has been initialized. bool haveInterpreter() const; + static bool canAccessFromCurrentOrigin(Frame*); + bool canExecuteScripts(ReasonForCallingCanExecuteScripts); // FIXME: void* is a compile hack. @@ -158,7 +166,7 @@ public: const String* sourceURL() const { return m_sourceURL; } // 0 if we are not evaluating any script. - void clearWindowShell(); + void clearWindowShell(bool = false); void updateDocument(); void updateSecurityOrigin(); |