diff options
Diffstat (limited to 'WebCore/bindings/v8/custom/V8CustomBinding.cpp')
| -rw-r--r-- | WebCore/bindings/v8/custom/V8CustomBinding.cpp | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/WebCore/bindings/v8/custom/V8CustomBinding.cpp b/WebCore/bindings/v8/custom/V8CustomBinding.cpp new file mode 100644 index 0000000..841382b --- /dev/null +++ b/WebCore/bindings/v8/custom/V8CustomBinding.cpp @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2007-2009 Google Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "V8CustomBinding.h" + +#include "Element.h" +#include "Document.h" +#include "HTMLNames.h" +#include "HTMLFrameElementBase.h" +#include "CSSHelper.h" + +namespace WebCore { + +bool allowSettingFrameSrcToJavascriptUrl(HTMLFrameElementBase* frame, String value) +{ + if (protocolIs(parseURL(value), "javascript")) { + Node* contentDoc = frame->contentDocument(); + if (contentDoc && !V8Proxy::CheckNodeSecurity(contentDoc)) + return false; + } + return true; +} + +bool allowSettingSrcToJavascriptURL(Element* element, String name, String value) +{ + if ((element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src")) + return allowSettingFrameSrcToJavascriptUrl(static_cast<HTMLFrameElementBase*>(element), value); + return true; +} + +} // namespace WebCore |