diff options
Diffstat (limited to 'WebCore/html/HTMLIFrameElement.cpp')
-rw-r--r-- | WebCore/html/HTMLIFrameElement.cpp | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/WebCore/html/HTMLIFrameElement.cpp b/WebCore/html/HTMLIFrameElement.cpp index cae9b8d..a2f287e 100644 --- a/WebCore/html/HTMLIFrameElement.cpp +++ b/WebCore/html/HTMLIFrameElement.cpp @@ -4,6 +4,7 @@ * (C) 2000 Simon Hausmann (hausmann@kde.org) * (C) 2001 Dirk Mueller (mueller@kde.org) * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. + * Copyright (C) 2009 Ericsson AB. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public @@ -66,6 +67,40 @@ bool HTMLIFrameElement::mapToEntry(const QualifiedName& attrName, MappedAttribut return HTMLFrameElementBase::mapToEntry(attrName, result); } +static SandboxFlags parseSandboxAttribute(MappedAttribute* attribute) +{ + if (attribute->isNull()) + return SandboxNone; + + // Parse the unordered set of unique space-separated tokens. + SandboxFlags flags = SandboxAll; + const UChar* characters = attribute->value().characters(); + unsigned length = attribute->value().length(); + unsigned start = 0; + while (true) { + while (start < length && isASCIISpace(characters[start])) + ++start; + if (start >= length) + break; + unsigned end = start + 1; + while (end < length && !isASCIISpace(characters[end])) + ++end; + + // Turn off the corresponding sandbox flag if it's set as "allowed". + String sandboxToken = String(characters + start, end - start); + if (equalIgnoringCase(sandboxToken, "allow-same-origin")) + flags &= ~SandboxOrigin; + else if (equalIgnoringCase(sandboxToken, "allow-forms")) + flags &= ~SandboxForms; + else if (equalIgnoringCase(sandboxToken, "allow-scripts")) + flags &= ~SandboxScripts; + + start = end + 1; + } + + return flags; +} + void HTMLIFrameElement::parseMappedAttribute(MappedAttribute* attr) { if (attr->name() == widthAttr) @@ -88,7 +123,9 @@ void HTMLIFrameElement::parseMappedAttribute(MappedAttribute* attr) if (!attr->isNull() && !attr->value().toInt()) // Add a rule that nulls out our border width. addCSSLength(attr, CSSPropertyBorderWidth, "0"); - } else + } else if (attr->name() == sandboxAttr) + setSandboxFlags(parseSandboxAttribute(attr)); + else HTMLFrameElementBase::parseMappedAttribute(attr); } |