diff options
Diffstat (limited to 'WebCore/bindings/v8/custom/V8NodeCustom.cpp')
| -rw-r--r-- | WebCore/bindings/v8/custom/V8NodeCustom.cpp | 80 |
1 files changed, 55 insertions, 25 deletions
diff --git a/WebCore/bindings/v8/custom/V8NodeCustom.cpp b/WebCore/bindings/v8/custom/V8NodeCustom.cpp index 7907283..0a7198a 100644 --- a/WebCore/bindings/v8/custom/V8NodeCustom.cpp +++ b/WebCore/bindings/v8/custom/V8NodeCustom.cpp @@ -37,6 +37,7 @@ #include "V8AbstractEventListener.h" #include "V8Attr.h" #include "V8Binding.h" +#include "V8BindingState.h" #include "V8CDATASection.h" #include "V8Comment.h" #include "V8CustomEventListener.h" @@ -56,38 +57,43 @@ namespace WebCore { -v8::Handle<v8::Value> V8Node::addEventListenerCallback(const v8::Arguments& args) +static inline bool isFrameSrc(Element *element, const String& name) { - INC_STATS("DOM.Node.addEventListener()"); - Node* node = V8Node::toNative(args.Holder()); - - RefPtr<EventListener> listener = V8DOMWrapper::getEventListener(node, args[1], false, ListenerFindOrCreate); - if (listener) { - String type = toWebCoreString(args[0]); - bool useCapture = args[2]->BooleanValue(); - node->addEventListener(type, listener, useCapture); - createHiddenDependency(args.Holder(), args[1], cacheIndex); + return element && (element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src"); +} + +void V8Node::textContentAccessorSetter(v8::Local<v8::String> name, v8::Local<v8::Value> value, const v8::AccessorInfo& info) +{ + Node* imp = V8Node::toNative(info.Holder()); + String nodeValue = toWebCoreStringWithNullCheck(value); + + if (imp->nodeType() == Node::ATTRIBUTE_NODE) { + Element * ownerElement = V8Attr::toNative(info.Holder())->ownerElement(); + if (ownerElement && !V8BindingSecurity::allowSettingSrcToJavascriptURL(V8BindingState::Only(), ownerElement, imp->nodeName(), nodeValue)) + return; } - return v8::Undefined(); + + ExceptionCode ec = 0; + imp->setTextContent(nodeValue, ec); + if (ec) + throwError(ec); } -v8::Handle<v8::Value> V8Node::removeEventListenerCallback(const v8::Arguments& args) +void V8Node::nodeValueAccessorSetter(v8::Local<v8::String> name, v8::Local<v8::Value> value, const v8::AccessorInfo& info) { - INC_STATS("DOM.Node.removeEventListener()"); - Node* node = V8Node::toNative(args.Holder()); - - // It is possbile that the owner document of the node is detached - // from the frame. - // See issue http://b/878909 - RefPtr<EventListener> listener = V8DOMWrapper::getEventListener(node, args[1], false, ListenerFindOnly); - if (listener) { - AtomicString type = v8ValueToAtomicWebCoreString(args[0]); - bool useCapture = args[2]->BooleanValue(); - node->removeEventListener(type, listener.get(), useCapture); - removeHiddenDependency(args.Holder(), args[1], cacheIndex); + Node* imp = V8Node::toNative(info.Holder()); + String nodeValue = toWebCoreStringWithNullCheck(value); + + if (imp->nodeType() == Node::ATTRIBUTE_NODE) { + Element * ownerElement = V8Attr::toNative(info.Holder())->ownerElement(); + if (ownerElement && !V8BindingSecurity::allowSettingSrcToJavascriptURL(V8BindingState::Only(), ownerElement, imp->nodeName(), nodeValue)) + return; } - return v8::Undefined(); + ExceptionCode ec = 0; + imp->setNodeValue(nodeValue, ec); + if (ec) + throwError(ec); } // This function is customized to take advantage of the optional 4th argument: shouldLazyAttach @@ -96,6 +102,12 @@ v8::Handle<v8::Value> V8Node::insertBeforeCallback(const v8::Arguments& args) INC_STATS("DOM.Node.insertBefore"); v8::Handle<v8::Object> holder = args.Holder(); Node* imp = V8Node::toNative(holder); + + if (imp->nodeType() == Node::ATTRIBUTE_NODE && isFrameSrc(V8Attr::toNative(holder)->ownerElement(), imp->nodeName())) { + V8Proxy::setDOMException(NOT_SUPPORTED_ERR); + return v8::Handle<v8::Value>(); + } + ExceptionCode ec = 0; Node* newChild = V8Node::HasInstance(args[0]) ? V8Node::toNative(v8::Handle<v8::Object>::Cast(args[0])) : 0; Node* refChild = V8Node::HasInstance(args[1]) ? V8Node::toNative(v8::Handle<v8::Object>::Cast(args[1])) : 0; @@ -115,6 +127,12 @@ v8::Handle<v8::Value> V8Node::replaceChildCallback(const v8::Arguments& args) INC_STATS("DOM.Node.replaceChild"); v8::Handle<v8::Object> holder = args.Holder(); Node* imp = V8Node::toNative(holder); + + if (imp->nodeType() == Node::ATTRIBUTE_NODE && isFrameSrc(V8Attr::toNative(holder)->ownerElement(), imp->nodeName())) { + V8Proxy::setDOMException(NOT_SUPPORTED_ERR); + return v8::Handle<v8::Value>(); + } + ExceptionCode ec = 0; Node* newChild = V8Node::HasInstance(args[0]) ? V8Node::toNative(v8::Handle<v8::Object>::Cast(args[0])) : 0; Node* oldChild = V8Node::HasInstance(args[1]) ? V8Node::toNative(v8::Handle<v8::Object>::Cast(args[1])) : 0; @@ -133,6 +151,12 @@ v8::Handle<v8::Value> V8Node::removeChildCallback(const v8::Arguments& args) INC_STATS("DOM.Node.removeChild"); v8::Handle<v8::Object> holder = args.Holder(); Node* imp = V8Node::toNative(holder); + + if (imp->nodeType() == Node::ATTRIBUTE_NODE && isFrameSrc(V8Attr::toNative(holder)->ownerElement(), imp->nodeName())) { + V8Proxy::setDOMException(NOT_SUPPORTED_ERR); + return v8::Handle<v8::Value>(); + } + ExceptionCode ec = 0; Node* oldChild = V8Node::HasInstance(args[0]) ? V8Node::toNative(v8::Handle<v8::Object>::Cast(args[0])) : 0; bool success = imp->removeChild(oldChild, ec); @@ -151,6 +175,12 @@ v8::Handle<v8::Value> V8Node::appendChildCallback(const v8::Arguments& args) INC_STATS("DOM.Node.appendChild"); v8::Handle<v8::Object> holder = args.Holder(); Node* imp = V8Node::toNative(holder); + + if (imp->nodeType() == Node::ATTRIBUTE_NODE && isFrameSrc(V8Attr::toNative(holder)->ownerElement(), imp->nodeName())) { + V8Proxy::setDOMException(NOT_SUPPORTED_ERR); + return v8::Handle<v8::Value>(); + } + ExceptionCode ec = 0; Node* newChild = V8Node::HasInstance(args[0]) ? V8Node::toNative(v8::Handle<v8::Object>::Cast(args[0])) : 0; bool success = imp->appendChild(newChild, ec, true ); |